Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Virus or ???

  1. #1

    Virus or ???

    Hihi,

    My parents computer running XP has started acting strangely. Unfortunately I can't see it in action as they're in a different state, but they say every now and then the mouse will start moving of it's own accord and go over and launch things from the start menu. It'll open a few things and then shut them down.

    They've run a couple of different virus checkers and nothing came up. I've just sent them links to a couple of the free ones mentioned in these threads and I'll see if that turns anything up.

    It sounds to me though as if someone's installed a VPN client - definitely not my parents as they're not computer savy. If so, that might be why it's not picked up as a virus signature i.e VPN client was installed and then the virus removed after installation.

    Anyone familar with anything like this going on? and recommendations as to what they can look for - bearing in mind they're not computer savy (and I'm a Mac rather than PC person too which doesn't help matters).

    Cheers,
    Niggles

  2. #2
    Check if their firewall (urrmm, they ARE running a firewall, right?) is allowing port 3389--the port for remote assistance. Check if this firewall is also allowing port 5900 (vnc) or 5800 (vnc java). Although VNC (similar to remote desktop) could be configged to listen on other ports, this would be a nice place to start looking.

    Go to Control Panel, open up System, and click on the Remote tab. Uncheck both checkboxes, if checked.

  3. #3
    Junior Member greygnome's Avatar
    Join Date
    Oct 2004
    Location
    Watertown, Minnesota, USA
    Posts
    19
    Just curious, but what sort of apps are being opened and then closed? If somebody has set up something like vnc on their machine and is using it to control the box... what are they doing with it?
    Y Gwir Yn Erbyn Byd

  4. #4
    All good questions - I'll ask tonight when I give them a ring - Dad at least understands what I'm trying to talk to him about when it comes to computers :-)

    Cheers.

  5. #5
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    I dont think malware would phisically move the mouse.

    I would also go with VNC and that line of software. My IT teacher in High school used to mess with everyone using VNC.

    However if you have done the above requirements then run an activescan for me and post or pm me the logs.

    http://www.pandasecurity.com/activescan/index/
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmm,

    It sounds as if they have a RAT (Remote Access Trojan) behind their arras? This will not neccessarily be identified as malware as there are perfectly legitimate remote access and remote desktop (support utilities).

    POLONIUS [behind the arras]. What, ho! help, help, help!
    HAMLET [draws]. How now, a rat? dead, for a ducat, dead.
    He makes a pass through the arras

    POLONIUS [falls]. O, I am slain!
    QUEEN. Oh me,what hast thou done?
    HAMLET. Nay, I know not,
    Is it the king?
    He lifts up the arras and discovers Polonius, dead
    QUEEN. O what a rash and bloody deed is this!
    HAMLET. A bloody deed - almost as bad, good mother,
    As kill a king, and marry with his brother.
    QUEEN. As kill a king!
    HAMLET. Ay, lady, it was my word....
    [to Polonius] Thou wretched, rash, intruding fool, farewell!
    It would appear that this problem has been known since the days of William Shakespeare?

    @Cider:

    I dont think malware would phisically move the mouse
    Yes it will, SubSeven, BackOrifice? the important bit is:

    and go over and launch things from the start menu. It'll open a few things and then shut them down.
    What Nukevil said, which you can also get to from a right click on <My Computer> then select <Properties>.

    Also go into Windows Explorer: Right click on the hard drive(s)
    <Properties>
    <Sharing>

    Check: "Do not share this folder"
    <Apply>

    CHANGE THE USER ACCOUNT NAMES AND PASSWORDS!!!!!!!

    The only way to be certain is to reformat and reinstall everything

  7. #7
    Old ancient one vanman's Avatar
    Join Date
    Jul 2002
    Location
    Freestate,South Africa
    Posts
    570
    Hi there niggles,
    I tend to agree with Nihil on this one and you can find a free tool for malware and adware here:http://www.mwti.net/products/mwav/mwav.asp

    It is free to download by just giving a few details etc..I have used it numerous times and believe me it has saved me a bundle..

    It,s fairly simple to use and i hope it helps.

    cheers
    vanman
    Practise what you preach.

  8. #8
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    It sounds to me though as if someone's installed a VPN client
    Maybe a server ?

    ... recommendations as to what they can look for
    Start simple.
    Have them do a search with explorer ( using admin account, which I hope they don't use everyday! )
    for a folder or program
    cygwin

    I am guessing they have no use for it, and probably would not be picked up by virus scans, malware scans ( although it used to years ago. )

    Using cygwin is only one way to take over a box, but a classic way!
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  9. #9
    It turns out virtually all VNC and Remote Desktop options were on and the Firewall was allowing them through. They're all turned off now.

    They said when the mouse moved it moved really quickly and didn't appear to have any pattern when opening and closing windows from the start menu - so it sounds something more scripted or automated than someone controlling it manually.

    Will get them to use the other tools suggested since I replied yesterday and reset the user names and password.

    Oh yes, they bought the computer second hand. And no, I didn't even bother to ask if they reformatted it completely - I already know the answer to that one :-)

    Cheers,
    Niggles

  10. #10
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    Taking an entirely different stance of things;

    I have seen this exact problem before and it too puzzled me and the client. The problem resolved itself when the reception computer wireless mouse was replaced with a corded one.

    Are you parents' computer using wireless keyboard and mouse? If so, i would wager your neighbours are also using a wireless mouse, inadvertently controlling the cursor on your parents' machine. As the neighbour moves his mouse and opens programs etc so too does your parents' machine.

    Let me know if they are using a wireless technology of ANY kind to eliminate other possibilities. Otherwise, it may be a serious problem such as those already suggested.


    CTO
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

Similar Threads

  1. Abbr: history of the computer virus
    By E5C4P3 in forum AntiVirus Discussions
    Replies: 12
    Last Post: April 30th, 2013, 08:05 PM
  2. Virus Research Information: What Are The Different Kinds?
    By Spyder32 in forum The Security Tutorials Forum
    Replies: 18
    Last Post: September 3rd, 2004, 11:23 PM
  3. The Bulgarian and Soviet Virus Factories
    By foxdie in forum AntiVirus Discussions
    Replies: 11
    Last Post: April 4th, 2004, 02:52 AM
  4. Black Wolf's Guide to Memory Resident Viruses.
    By ahmedmamuda in forum AntiVirus Discussions
    Replies: 2
    Last Post: March 20th, 2002, 02:03 AM
  5. So you want to learn about Viruses.
    By 3ntropy in forum AntiOnline's General Chit Chat
    Replies: 10
    Last Post: March 4th, 2002, 11:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •