Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple virus problems?


  • This topic is locked This topic is locked
14 replies to this topic

#1 jseaton2311

jseaton2311

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 05 November 2017 - 07:53 PM

I have a 64 bit HP Pavilion laptop using Windows 10. I started having problems with the cursor not only jumping uncontrollably but also opening, minimizing and closing programs on my desktop. Tried rolling back and updating the driver with no help. Then when I tried to run virus scans, it often wouldn't allow that. I tried downloading various virus programs and often it would not let me do that. I tried resetting my computer, but it said it could not remove all of my files. I tried scanning in safe mode with networking, but it wouldn't allow networking. I put various virus scanning programs on a flash drive, but it wouldn't allow me to change boot order. I bought a FixMeStick which found a few trojans and miners, but I still had the same problems. I used the stick almost everyday until the 30 day trial expired with no real luck. I can use my computer normally about 80% of the time, but it will still go berserk with the cursor from time to time. Restarting works less than 50% of the time, but if I just let the computer alone for a while, it will often start working normally--at least temporarily. 

 

Things seem to be getting worse, but I'm beginning to believe it's a lost cause and eventually I will lose total control. If anyone thinks they can help me, I would appreciate that help immensely. I am perhaps a little better than the average user as I used to do IT work for Gateway back before laptops came out. I understand computers well enough to make it easy for anyone trying to help me. Thanks for listening and await any reply. James S. 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:16 PM

Posted 06 November 2017 - 01:49 PM

Welcome to BC...

 

Run these three programs first and then attempt to run a scan using Malwarebytes.

 

Use AVCertClean that will scan the Disallowed registry key for legitimate blocked keys and remove them. To use the tool, simply download and execute it. The program will then automatically remove blocked certificates. When the program has finished, it will display a log that lists the certificates that were cleaned by AVCertClean. Let me know if any certificates were cleaned.

DO NOT REBOOT

 

download Rkill (courtesy of BleepingComputer.com) to your desktop.
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • DO NOT REBOOT UNTIL MALWAREBYTES ASK YOU TO TO REMOVE WHAT IT FINDS USING THE INSTRUCTIONS BELOW.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/


Edited by buddy215, 06 November 2017 - 01:52 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 jseaton2311

jseaton2311
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 06 November 2017 - 06:02 PM

Okay, give me 20-30 minutes to complete this. I have some of the programs you are suggesting I use. Thanks, be right back. James

#4 jseaton2311

jseaton2311
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 06 November 2017 - 06:12 PM

Well, I didn't get very far. When I ran AVcert, this was generated:


== Scan for security software untrusted certificates | Support:
== This software will look for known security vendor certificate in the Windows Untrusted Store and remove the legit ones. This should allow your security software to launch again properly.

[+] Writing logfile


AND THEN THIS ONE:


---------------------------
No certificate found!
---------------------------
If you think it's a bug, please host the generated logfile named AVCertClean.log on https://up2sha.re and share the generated link at to get some help.
---------------------------
OK
---------------------------


What should I do next buddy?

Edited by jseaton2311, 06 November 2017 - 07:11 PM.


#5 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:16 PM

Posted 06 November 2017 - 07:55 PM

Eliminated one possible problem. Now go ahead with the remainder of instructions.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 jseaton2311

jseaton2311
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 06 November 2017 - 09:10 PM

Okay I did that earlier, but what does "No certificate found" mean and what problem did we eliminate? Can AVcert scan my computer in what had to have been 1/100 of a sec--it came out instantly. I clicked "Yes" to allow AVcert to make changes to my computer and those files popped up in virtually no time at all. Is it a stand-alone program because it wasn't installed to my computer? (Hope I don't sound too naive).


Rkill report:

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/06/2017 04:07:39 PM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/06/2017 04:07:56 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)


I ran CCleaner but saw no report...hope that's ok.


MBAM Report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/6/17
Scan Time: 4:27 PM
Log File: 3c092514-c339-11e7-a4b7-dc4a3edecab0.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3191
License: Free

-System Information-
OS: Windows 10 (Build 15063.674)
CPU: x64
File System: NTFS
User: DESKTOP-8D8FHO8\jseaton2311

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367125
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 min, 54 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)
(end)


My cursor is still leaping around occasionally, but not too bad right now. When it really gets going, it is impossible to use the cursor. I can navigate with keyboard shortcuts, but the cursor is often opening and closing programs at a pace that makes it very difficult to get anything done. I get slowdowns of my computer, but not as often and it clears up more quickly. I want to get this to you right away and then check to see if I can get into safe mode with networking or change the boot order etc. I have not been asked to restart, so I won't do so right now. Btw, what is your opinion of the FixMeStick?

(Just want to add that indeed we are made of bits of stardust and star energy, and to stardust we shall return...in about 5 billion years. Of course, these simple facts diminish the need to invoke a god of any sort, but we'll save that little tidbit for a rainy day).


TTYS, James S.

Edited by jseaton2311, 06 November 2017 - 09:25 PM.


#7 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:16 PM

Posted 07 November 2017 - 04:37 AM

Like it says....This software will look for known security vendor certificate in the Windows Untrusted Store and remove the legit ones....

More info at CertLock Trojan Blocks Security Programs by Disallowing Their Certificates

 

You had no problem running Malwarebytes so try running some more programs. The Eset scan will take more than an hour to

run so plan accordingly.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 jseaton2311

jseaton2311
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 07 November 2017 - 04:41 PM

Sorry it took so long, but here are the results.


Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
main: v2017.11.07.06
rootkit: v2017.10.14.01

Windows 10 x64 NTFS
Internet Explorer 11.674.15063.0
jseaton2311 :: DESKTOP-8D8FHO8 [administrator]

11/7/2017 10:55:59 AM
mbar-log-2017-11-07 (10-55-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 275305
Time elapsed: 22 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


AdwCleaner Report:

# AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 07 21:19:09 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-07-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.FreeMakeConverter, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | ProductUpdater
PUP.Optional.ProductUpdater, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs | C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
PUP.Optional.ProductUpdater, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs | C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\FMUpdater.dll
PUP.Optional.ProductUpdater, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs | C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\Toggling.dll
PUP.Optional.ProductUpdater, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs | C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\Newtonsoft.Json.dll
PUP.Optional.ProductUpdater, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs | C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\GAnalytics.dll
PUP.Optional.ProductUpdater, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs | C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\GoCartMonad.dll


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1269 B] - [2017/10/2 20:36:59]
C:/AdwCleaner/AdwCleaner[C1].txt - [1279 B] - [2017/10/11 21:29:59]
C:/AdwCleaner/AdwCleaner[C2].txt - [1506 B] - [2017/11/2 3:23:23]
C:/AdwCleaner/AdwCleaner[S0].txt - [1120 B] - [2017/10/2 20:35:29]
C:/AdwCleaner/AdwCleaner[S1].txt - [1265 B] - [2017/10/11 20:51:22]
C:/AdwCleaner/AdwCleaner[S2].txt - [1219 B] - [2017/10/16 2:12:13]
C:/AdwCleaner/AdwCleaner[S3].txt - [1334 B] - [2017/11/2 2:56:47]
C:/AdwCleaner/AdwCleaner[S4].txt - [1421 B] - [2017/11/5 22:39:15]


########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt ##########



ESET Report:

C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe a variant of Win32/Freemake.A potentially unwanted application cleaned by deleting
C:\Users\jseaton2311\Downloads\ccsetup536.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\jseaton2311\Downloads\clipgrab-3.6.6-cgorg.exe a variant of Win32/FusionCore.Q potentially unwanted application cleaned by deleting

I rebooted and all seems well for the moment. I will need to check a few things to see if I have complete control of my computer. What do you make of the results thus far? James S.

Edited by jseaton2311, 07 November 2017 - 04:42 PM.


#9 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:16 PM

Posted 07 November 2017 - 05:38 PM

You downloaded some freeware that was bundled with adware.

 

  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 jseaton2311

jseaton2311
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 07 November 2017 - 07:55 PM

Here it is:


SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 07.11.2017 19:50:25
Path starting: C:\Users\jseaton2311\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: jseaton2311
VersionXML: 4.74is-05.11.2017
___________________________________________________________________________

Windows 10(6.3.15063) (x64) Core Release: 1703 Lang: English(0409)
Installation date OS: 12.10.2017 18:50:38
LicenseStatus: Windows®, Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_SubTrial5 edition Timebased activation will expire :18642 minutes
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [903.8 Gb] Used: [202.7 Gb] Free: [701.1 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.674.15063.0
User Account Control enabled
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Avast Antivirus (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
Avast Antivirus (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Free Antivirus v.17.7.2314
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.3.1.2183 v.3.3.1.2183
Secunia PSI (3.0.0.11005) v.3.0.0.11005
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player v.2.2.6
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.5.0.44090 Warning! P2P-client.
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Shockwave Player 12.2 v.12.2.9.199
Adobe Acrobat Reader DC v.17.012.20098
------------------------------- [ Browser ] -------------------------------
Google Chrome v.62.0.3202.89 [+]
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.62.0.3202.89
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.17.7.3660.0
aswbIDSAgent (aswbIDSAgent) - The service is running
C:\Program Files\AVAST Software\Avast\avastui.exe v.17.7.3660.244
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1247
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.595
C:\Program Files\Windows Defender\MsMpEng.exe v.4.11.15063.447
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.11.15063.0
Windows Defender Antivirus Service (WinDefend) - The service is running
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------


#11 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:16 PM

Posted 07 November 2017 - 08:01 PM

Looks good...except for uTorrent. I suggest you uninstall it. Using it to get free stuff is a major source of malware and adware. More than half of

the downloads will be bundled with one or both.

 

How is the computer performing? You can give it some time before responding...day or two should do it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 jseaton2311

jseaton2311
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 07 November 2017 - 09:28 PM

I will give it time and get rid of Utorrent. I'm very careful when I do use it and scan everything at least twice. I only use it to download a movie now and then. The torrent sites used to be a minefield, but I haven't had any trouble from them in the last few years...at least I don't think so. I never want to have this much trouble again, so I'll dump it for sure. Take care, James S.

Edited by jseaton2311, 07 November 2017 - 09:29 PM.


#13 jseaton2311

jseaton2311
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 11 November 2017 - 12:51 PM

I apologize for the long delay, but I was just able to regain control of my computer. For a couple of days I thought we had this fixed, but it is just as bad as ever. The cursor jumps around the screen opening and closing random programs thus making it impossible to use the computer. Sometimes it will settle down for a while before suddenly going berserk again. There seems to be nothing I can do to stop it and I don't know what sets it off. Is there anything else we can try or am I just stuck with this problem? I've read that some computers can become so infected that nothing can be done. Can a virus avoid detection from all malware scanners by making itself seem harmless to scan programs? I am at wits end about this, but I'm willing to keep trying. I still can't get safe mode with networking or change the boot order. I can put the USB port first, but it just goes back to the default order when I reboot. I'm starting to lose control so tell me what's next...if anything.



#14 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:16 PM

Posted 11 November 2017 - 02:20 PM

It is best that you start a new topic in the malware removal forum by following instructions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:10:16 AM

Posted 12 November 2017 - 03:34 PM

Hello,

Now that you have posted a log here: https://www.bleepingcomputer.com/forums/t/662604/unknown-malware-takes-control-of-the-cursor/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users