Mouse moves on it's own; something scrapping my recent activity data

When I browse websites either on FF or IE, once in a while the mouse moves slowly to top-left of the screen and try to go beyond there. It blinks and nudges. If I click the mouse it stops; but starts again in a while.

I regularly visit a site for work leads; strange thing is, if I create or browse a file in my pc; say xyz; next day or in few hours I get a lead that title has xyz or similar. I browse the site dialogic for telephony cards and see their developer site has kit called ‘Diva SDK’; I get a promotional email from msn something about ‘Diva girls’; All the ads I get browsing websites has some or other keywords that matches the files I browse in my pc or the websites I browsed. Whatever it is there, it finds the recent activities in all the networked pc.

I run Avast pro 60 days trial at boot time and others like norton, process explorer, security task manager etc etc. Avast found win32 gen Trojan (others) in two volume restore point files; I choose to delete them; nothing else. Avast is running now with all the components on at sensitivity ‘high’.

I can’t trace what is going on; I run HiJackThis; nothing suspicions. I even replaced userinit.exe.
Except for MSN messenger and Skype there is nothing runs all the time.

When I browse websites either on FF or IE, once in a while the mouse moves slowly to top-left of the screen and try to go beyond there. It blinks and nudges. If I click the mouse it stops; but starts again in a while.

Is this a wireless mouse? try replacing batteries

No, it’s a wired mouse and just for a test, I took off the mouse; scrapping is still on.

hmmm…driver update?

It’s not a mouse problem.

Doesn’t really sound like malware.

Try these free scanners just to be sure.

SUPERAntiSpyware Free
a-Squared Free
Malwarebytes’ Anti-Malware

Download, install and update the programs.
Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.

Scan with Malwarebytes’ Anti-Malware, nothing found.
Am I hit by one of it’s kind virus.


Welcome to the forums, mousemoves. :slight_smile:

By chance, do you use comet cursors or any other such cursor program?


No nothing, it’s a petty simple mouse!

Hi mousemoves,

On what surface do you roll your mouse? Is it too smooth?
Have you cleansed the interior?
If a mouse driver problem go here: http://www.nodevice.com/driver/category/Mouse.html

polonus

I do not think it is mouse problem anyway; would a mouse problem scrap my recent activity data to web or wherever it’s going out.

I installed a program called security task manager, now I get ads about Task Managers.
Seems nobody believes this is a virus.


It is not that we do not believe. It is that we are eliminating the usual culprits.
Perhaps HijackThis can give us a clue.

Please download HijackThis from the link below. Do not download HJT to the desktop but instead download it into it’s own folder on the hard drive.

Run the program but do not make any fixes and then post the log results using the “copy & paste” method. It will probably take more than one post to be able to get the complete log posted.

OR, you can post it as an attachment to your post by clicking on “Additional Options…” below left of the posting box.

When you post the log, be sure to include the complete log … header and ending.
Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/


Here is Logfile of HijackThis v2.0.2

Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\avast\aswUpdSv.exe
D:\avast\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Installed PC Tools Firewall Plus\FWService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\ThreatFire\TFService.exe
D:\avast\ashMaiSv.exe
D:\avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ThreatFire\TFTray.exe
D:\avast\ashDisp.exe
F:\Installed PC Tools Firewall Plus\FirewallGUI.exe
F:\Installed Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Skype\Phone\Skype.exe
F:\My Completed Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM..\Run: [00PCTFW] “F:\Installed PC Tools Firewall Plus\FirewallGUI.exe” -s
O4 - HKLM..\Run: [avast!] D:\avast\ashDisp.exe
O4 - HKCU..\Run: [ccleaner] “F:\Installed CCleaner\CCleaner.exe” /AUTO
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip..{DEA2825F-B725-434B-805A-0138D8E72B5A}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip..{DF878732-FAC3-4CF9-9BC9-C10DB48B5044}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip..{9C6804E4-B779-4540-882F-A3B7FF016924}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\avast\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - F:\Installed PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: wampapache - Apache Software Foundation - F:\Installed wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - F:\Installed wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe


End of file - 3145 bytes

HJT doesn’t show anything serious, just update IE6 to IE8 via windows update. By the way, avast seems to be installed on a weird location or was it just customly installed?

I don’t have much space in C: so…

Not sure updating IE would do anything because the bug is scrapping data from across the network; my vista laptop has IE 8, it scraps from there too. whoo :o Anything you type or browse in pc or browse websites, it just compiles all of that.


In addition to the above -

F:\My Completed Downloads\HiJackThis.exe

Remember that Hijackthis must be run in an own folder. It is OK that it is on F drive but it is not in it’s own folder.

I don’t know that the results would change but they might.


I don’t know if this was posted previously in this topic…

looks silly but it has worked sometimes :the surface you use to place the mouse on- use a plane paper, fold it twice and place on the surface and try.

check if the mouse is working by connecting it to other computer. if its okay then try connecting different mouse to your computer and see if same thing happens.

Thanks to everyone trying to help.

This is not a mouse problem but a bug seems no anti-virus could detect.

may we know what it is, please