Unknown malware

Hi everyone,

So I had a problem recently while I was writing my university notes, it seemed as though someone took control of the computer and began writing legible sentences (phrases like ‘do u even,’ ‘u suck’ and whatnot). I believed this to be a hacker so I disconnected my internet and decided to reformat immediately, but while disconnected it happened again which led me to believe it was a virus.

Upon virus scan with AVAST Internet Security (both while system was running and on boot-time) there were no malicious files other than PUP’s identified (PUP’s were removed and problem happened again). I’ve also used SpyBot search and destroy for Adware and Spyware and removed some junk, but the problem still happened again.

I have no idea what’s causing this, i’ve searched the web and cannot find a shred of information on why this would be happening. The weirdest thing is that some of the things the computer writes on its own might have been things i’ve written in the past (and others are completely left-field). I’ve attached the required logs and a picture (highlighted is what was written by the computer and not me).

Any help would be appreciated,
Thank you

This is the image of what was written during the ‘attack’ (note internet was offline when this happened)

I can see nothing apparent is this still happening ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\bin\ssv.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\bin\jp2ssv.dll No File Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> D:\Program Files\Java\bin\dtplugin\npDeployJava1.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> D:\Program Files\Java\bin\plugin2\npjp2.dll No File RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Yeah it’s happening very sporadically (couple times a day for 20 minutes or so before it stops)… the only thing I can narrow down is I have had word open when it happens. Could it be something to do with that?

I’ll try run that fix when I get home from work

No wireless keyboards in the house or wireless USB adaptor attached to the computer, and the strange thing is it writes the same pattern of things each time it happens… either starting with ‘do u even’ or ‘u suck’ followed by all that stuff I posted.

This is the fixlog.txt essexboy, thanks for your help so far.

I’ll update the thread next time this happens again

After running the fix I could not install/uninstall/save word documents on my computer so I did a system restore and these functions work now, would that mean anything?

Intriguing I deleted nothing related to word… Are you still experiencing the same problem

Nah the restore corrected it, I couldn’t save anything but in extension I couldn’t install or uninstall anything (I thought something was wrong with word and tried to uninstall it, then I tried to install an open source text editor, then I tried to uninstall random things on the computer to no avail).

It feels like I had lost administrator access or something? I didn’t try deleting anything

I think that is probably a gremlin as no malware was evident