I've encountered a malware, unfortunately.

Discussion in 'Security' started by EthereaLs, May 23, 2014.

  1. EthereaLs

    EthereaLs

    Joined:
    May 23, 2014
    Messages:
    22
    Likes Received:
    0
    Greetings!

    On a recent events I caught up a virus in my computer. It's been a week and 2 days ago I rolled back from windows 8 to windows 7.
    The virus was gone not for long, it just appeared today after the rollback. I only had my C drive formatted, my others contain important for me information.

    Sum of the virus: When I type or move my mouse it constantly clicks my middle(scroll) button.
    It's not "alive" all the time, it disappears and reappears whenever it feels to.
    Sometimes it locks my programs, i.e. whenever I alt+tab on something and I try to click anything on it I am losing focus on the program, being unable to regain it and do anything with it until I alt+tab it again and navigate using the tab and space keys.
    I do not visit suspicious websites, nor I have downloaded suspicious software. I feel like it's coming from Chrome, because it appeared again just when I synced in my chrome settings, personalization and extensions.


    I had and still have malwarebytes pro running, I've done all possible scans with it before and now, and it couldn't find anything.
    Any advice would be greatly appreciated. Should I try with another anti-malware? Which one?

    Regards,
    George.
     
    EthereaLs, May 23, 2014
    #1
    1. Advertisements

  2. EthereaLs

    TrainableMan ^ The World's First ^ Moderator

    Joined:
    May 10, 2010
    Messages:
    9,132
    Likes Received:
    1,592
    Location:
    PA, USA
    Are you absolutely sure its malware and not just a faulty spring in your mouse?

    Assuming it is malware,

    1) you can create a bootable CD and run an offline scan of Windows Defender Offline. Since you have multiple drives, make sure all drives are scanned.

    2) Download TDSSKiller and RKill from our Freeware DB. Then reboot your system into safe mode "without networking" (Reboot and, when it says "Starting Windows," Press F8; If you get a message asking continue in safe mode or perform a system restore, choose continue in safe mode). Now run TDSSKiller and after that run RKill and after that run a full virus scan. The first two will take maybe 5 minutes each but a full virus scan can take anywhere from 30 minutes to several hours depending on your hard drive size and number of files.Again scan all drives.

    Booting in safe mode makes sure only minimal services/programs are started. TDSSKiller is designed specifically to look for rootkits. RKill is designed to stop the stealthing programs that hide/protect/regenerate some nasty viruses. Running these first will help ensure your A/V has the absolute best chance of cleaning up infected files.

    3)Control panel > Programs and Features, uninstall any recent software, especially toolbars, CONDUIT, etc.

    4)RESET your browser(s).

    5)reset your hosts file. Microsoft HOSTS file Fix-it.

    The malware may have set up your browser homepage or used your hosts file to redirect you back to a webpage of their choosing. Doing 4 and 5 should help prevent that.

    No anti-virus software can stop everything so you must be vigilant. Scan every couple days. You may end up having to format and reinstall W7 again if it keeps coming back. If you do reinstall, immediately scan all drives for viruses before you reboot the machine.
     
    TrainableMan, May 23, 2014
    #2
    1. Advertisements

  3. EthereaLs

    EthereaLs

    Joined:
    May 23, 2014
    Messages:
    22
    Likes Received:
    0
    Did all you suggested, the virus persists still. It even runs in safe mode.
    Neither TDSSKiller, RKill nor Windows defender could find anything.
    No toolbars have ever been installed on this machine.

    Currently apart from Chrome and Opera I only have Photoshop, CorelDraw and Visual studio 2012 installed so I can do my work.
     
    EthereaLs, May 23, 2014
    #3
  4. EthereaLs

    TrainableMan ^ The World's First ^ Moderator

    Joined:
    May 10, 2010
    Messages:
    9,132
    Likes Received:
    1,592
    Location:
    PA, USA
    I'm not convinced you are infected. Honestly if all the scans find nothing then there is a good possibility it is a hardware issue.

    Is this a laptop or a desktop? If it is a laptop, please disable the touchpad buttons. Plug in a different USB mouse and see if the problem persists.
     
    TrainableMan, May 23, 2014
    #4
  5. EthereaLs

    EthereaLs

    Joined:
    May 23, 2014
    Messages:
    22
    Likes Received:
    0
    It's a desktop, I've tried plugging in another mouse and the problem persists. I will make a video tomorrow, sorry for your inconvenience.
     
    EthereaLs, May 23, 2014
    #5
  6. EthereaLs

    TrainableMan ^ The World's First ^ Moderator

    Joined:
    May 10, 2010
    Messages:
    9,132
    Likes Received:
    1,592
    Location:
    PA, USA
    New malware comes out all the time so it's not impossible but, if Windows Defender Offline and MBAM can't find it ... we have a list of online sites that could scan your computer for viruses in our Freeware DB ... but I also think it's a good idea to keep looking for something else ...

    Hardware change has no effect, we keep looking ...

    How about the mouse settings themselves? Maybe look over Control Panel > Mouse and search through the tabs. Screenshot anything you aren't sure about so we can take a look.

    Could also be some feature to improve Ease of Access. Check over the many settings in Control Panel > Ease of Access. Especially the Mouse options.

    Maybe it's a program you installed. When you reinstalled W7 what software did you install? Could you print a screenshot of the programs listed in Control Panel > Programs and Features?

    What browser(s) do you use? What toolbars and add-ons are installed?

    And sure, a video might help. You would need to post it to an online storage facility such as mediafire or youtube etc and then post the link here.

    FYI: You are not an inconvenience, you are a fellow human being requesting assistance. And we volunteer here to help if we can.
     
    TrainableMan, May 23, 2014
    #6
  7. EthereaLs

    EthereaLs

    Joined:
    May 23, 2014
    Messages:
    22
    Likes Received:
    0
    No mouse settings have been changed other than the mouse pointer speed(high DPI) and disabling computer wake-up from the mouse, Ease of Access center hasn't been touched at all.
    I am using latest Opera(secondary) and Google Chrome as default browser. Current extensions are Google Docs and adblock plus. No toolbars whatsoever.

    Screenshot

    I'm completely sure It's not the hardware. I'm just as aghast as you are, knowing my history with computers.
     
    Last edited: May 24, 2014
    EthereaLs, May 24, 2014
    #7
  8. EthereaLs

    TrainableMan ^ The World's First ^ Moderator

    Joined:
    May 10, 2010
    Messages:
    9,132
    Likes Received:
    1,592
    Location:
    PA, USA
    I'm not familiar with most of the software you have installed so I have to wonder if one of them might affect how the mouse works.

    First hunch would be the screen capture software: Faststone.

    All that Topaz Labs photo software ... does it have any special mouse controls?

    And so on down the list of installed programs. ... It is quite possible you reintroduced the odd mouse behavior when you reinstalled one of your many programs. Since you say it was fine for a short while. I would suggest you start uninstalling software in LIFO order until the problem goes away.
     
    TrainableMan, May 24, 2014
    #8
  9. EthereaLs

    Shintaro Moderator

    Joined:
    Mar 1, 2012
    Messages:
    2,137
    Likes Received:
    252
    Location:
    Brisbane, Australia
    What kind of mouse (Brand and Model No, USB or PS2) do you have. I have seen that kind of problem with the wrong driver installed.
     
    Shintaro, May 24, 2014
    #9
  10. EthereaLs

    EthereaLs

    Joined:
    May 23, 2014
    Messages:
    22
    Likes Received:
    0
    I've been using this software for the past 3+ years. Topaz Labs is a plugin for photoshop.
    The fast stone just capture takes screenshots upon key being clicked and uploads them to ftp.

    Mouse is a4tech x7, it's plug and play. But as I said, I tried with different mouse and the problem persists.
    I've been using this mouse for the past 2 years without any problems.

    Another thing. The virus shows up when I wake the computer from sleep or boot it up. Give or take 2 hours and it vanishes.
    It does different things at different times. Currently it only closes my tabs on my browser. Sometimes it locks my programs, being unable to click anything on them. Sometimes constantly clicks my scroll button when I type. I've had occasions where it locks everything. The taskbar, desktop and windows applications.
     
    Last edited: May 24, 2014
    EthereaLs, May 24, 2014
    #10
  11. EthereaLs

    EthereaLs

    Joined:
    May 23, 2014
    Messages:
    22
    Likes Received:
    0
    Here's the video, I hope it helps.



    Edit: A minute later and the virus is gone.



    I will try to film when it locks my computer. It's only for like 10-15 minutes but it's really frustrating.
    Sorry for the quality, phone isn't good @ filming displays.
     
    EthereaLs, May 24, 2014
    #11
  12. EthereaLs

    TrainableMan ^ The World's First ^ Moderator

    Joined:
    May 10, 2010
    Messages:
    9,132
    Likes Received:
    1,592
    Location:
    PA, USA
    The middle click does not have to be assigned to anything. Could you go to mouse settings and disable the center mouse (set it to nothing). I realize you don't want to use it that way forever but I'm wondering if you could try it just to see if the problem still reoccurs.
     
    TrainableMan, May 24, 2014
    #12
  13. EthereaLs

    EthereaLs

    Joined:
    May 23, 2014
    Messages:
    22
    Likes Received:
    0
    Will do that next time the virus "activates". Thanks for the tip.
     
    EthereaLs, May 24, 2014
    #13
  14. EthereaLs

    TrainableMan ^ The World's First ^ Moderator

    Joined:
    May 10, 2010
    Messages:
    9,132
    Likes Received:
    1,592
    Location:
    PA, USA
    Well you probably won't be able to get to the settings AFTER it starts happening. I was hoping you could survive a day without the center mouse at all and see if it prevents the problem from even happening.

    Also, is your mouse plugged directly into the computer? No extensions, no hubs? Try plugging it directly into the back of the computer,
     
    TrainableMan, May 24, 2014
    #14
  15. EthereaLs

    EthereaLs

    Joined:
    May 23, 2014
    Messages:
    22
    Likes Received:
    0
    It is directly plugged in the back of my computer's case. I can operate my computer with just my keyboard. It'll be fine.
     
    EthereaLs, May 24, 2014
    #15
  16. EthereaLs

    TrainableMan ^ The World's First ^ Moderator

    Joined:
    May 10, 2010
    Messages:
    9,132
    Likes Received:
    1,592
    Location:
    PA, USA
    The next time this happens, unplug your mouse AND your keyboard. Plug the keyboard in the mouse slot and plug a different mouse in. Does the issue stop? This could answer to my satisfaction whether it is hardware or software (including possible malware).
     
    TrainableMan, May 24, 2014
    #16
  17. EthereaLs

    EthereaLs

    Joined:
    May 23, 2014
    Messages:
    22
    Likes Received:
    0
    Just booted the computer up. First stage of the virus is complete lockup, here's a video of it.


    Next stage is the annoying middle-click spam, this is about an hour after the lockup, and after another hour it's gone.

    PS: I hope you understand what I'm saying in the videos, I'm fluent in English but I need a lot of work on my accent.
     
    EthereaLs, May 25, 2014
    #17
  18. EthereaLs

    EthereaLs

    Joined:
    May 23, 2014
    Messages:
    22
    Likes Received:
    0
    Footage of disabling the middle button on the next stage of the virus.



    After disabling the middle button the virus got mad and went to stage one, where it locks my computer up.

    It is not a hardware problem, nor a misused setting.
     
    EthereaLs, May 25, 2014
    #18
  19. EthereaLs

    TrainableMan ^ The World's First ^ Moderator

    Joined:
    May 10, 2010
    Messages:
    9,132
    Likes Received:
    1,592
    Location:
    PA, USA
    We can't watch the video two posts up, it says it is marked private. Your English is fine in the other three.

    Almost every search I run for "double click virus" leads me to pages to uninstall something designed to control the middle click or to people that think it is a virus when others are trying to tell them it is hardware or mouse software/settings.

    I found one page that mentioned Virus.Win32.Parite so it wouldn't hurt to look at your registry "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" and see if there is an entry for PINF. If so, take a screenshot and post it here, then delete the PINF entry.

    You have run at least 2 different A/V programs with no results, so I am highly skeptical that you have a virus. Malware is just "software whose main purpose is to do bad things"; well good software can also screw things up too.

    What mouse software/version are you using? What is the make/model of your favorite mouse?

    Check the manufacturers website for newer mouse software than you have installed? Uninstall your current mouse software and then reinstall the latest. (So if you have the latest you are simply uninstalling and reinstalling what you have).

    Also, there is a setting Control Panel > Mouse, Buttons Tab ... Make sure Double-click speed is not set all the way down on slow, it should be at least to the middle of the slider.
     
    TrainableMan, May 25, 2014
    #19
  20. EthereaLs

    EthereaLs

    Joined:
    May 23, 2014
    Messages:
    22
    Likes Received:
    0
    Hey again. I've fixed the video so it is no-longer private. Sowwyy.

    As I said here mouse is a4tech x7, the mouse is plug&play device. But still, watch the second video that was private to convince you.

    When I got the TDSSKiller I downloaded the Kaspersky and scanned with it as well. Guess no need to tell there were no results, since I'm still here...

    In my humble opinion, if it was either a driver/setting issue it would be the same all the time, while it disappears after an hour or 2 after I boot up the machine.

    Here's the pic of the registry, no PINF or anything close that.
    [​IMG]
     
    Last edited: May 25, 2014
    EthereaLs, May 25, 2014
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.