Details leading up to problem:
- I have about 3 year old second hand laptop.
- I experience two hard drive realted bluescreens, BBCode 7a, within the last month.
- I ran Chkdsk and found I have 4 unreadable file record segments.
- The unreadable hard drive section may be due to the laptop being dropped before I owned it. There is a physical section of the case missing from the corner of the laptop, so I assume that it was dropped (physically dropped and hit the ground) at some point before I owned it.
- I recently ran across two websites that had some nasty popups that would not close. One website I just ctrl + alt + del and ended my browser process to avoid closely pop-ups. The other time I was lazy and actually closed off the pop-ups.
The problem:
Recently my computer was on for about two days. I was playing an online flash based video game and I had the image manipulation program G.I.M.P. opened in the background. All of a sudden my cursor started clicking and moving in random place on it's own. A few windows were being minimized or resized as well. It all seemed to stem from random cursor movement and clicks and not keystrokes. Sometimes the windows would resize without the cursor appearing to move. The cursor still moved at random even after I unplugged my usb mouse.
Has my computer been remotely accessed? Was this a virus? Was this due to the computer being on too long? The damaged hard drive? Or something else?
I have never experienced anything like this before and I'm worried. Any help would be appreciated.
Additional Information:
- I ran a malwarebytes scan after the incident. In normal mode the scan would start, but then it would fail and say "scan not running". In safe mode the scan finished and showed zero (malware) results detected.
- Upon reboot, the computer seemed fine, no moving cursor or random clicking, even while being connected to the internet. However, this could simply mean that if someone was accessing my computer prior that they have just taken a break for the moment.
(Running Windows 7)
Answer
If you are accurately describing what happened, it very much sounds like you may have been accessed remotely and messed with. Unfortunately, Malware Bytes, and in truth, most scanners, target specific classes of malware, and few try to detect everything, plus the fact that new variations of malware come out all the time which are not immediately detectable.
There are several things you can do to make sure, although I recommend you take it in to be professionally checked.
First, unplug it from any network connections to isolate it. Remove the WiFi card if you have to make sure it cannot connect.
Once you're isolated, start checking the system for anything abnormal. Check your system event logs, network activity (even if you're not on a network, malware might still be trying blindly to "call home"), running services and drivers, startup items and processes, etc. There are several tools on the internet designed to assist in all these tasks (download them from another computer, and burn them to a CD to put in the suspected computer--Being on CD makes them read-only so malware cannot infect the tools and give false results.) You might want to download additional malware detection tools; Common/popular ones include Spybot, Malware Bytes, AdAware, Clam AV, and so on. You don't need to install them all, since many virus scan suites will fight each other for which one dominates your computer--but most do have a "scan only" mode you can scan once then move on.
Some of the hardest ones to detect and remove are boot sector/MBR viruses and rootkits, which can hide from even well-known and trusted scanners like McAfee and Norton. You might want to try Kaspersky's specialized tool, TDSSKiller, to try to detect any of the more common ones. Running SysInternal's Rookit Revealer used to be high on my list of tools to use, but it's not what it once was since another certain Big, Well-known Company acquired SysInternals and all the tools they offer. NirSoft.com is another site that offers some good tools to probe and check your system.
Generally speaking, though, don't place all your trust and faith in any one tool or company. Use a diverse set of tools, and even then, don't assume "no threat detected/found" means "no threat exists." It just means they couldn't find anything they know for certain, but what they don't know can still bite you.
No comments:
Post a Comment