depechesinge
asked on
How do I remove a remote access trojan?
Every night around the same time, usually between 7 - 9 pm for the last 2 days, the cursor on my screen (Windows XP) begins moving on its own. It does not open up any files, it just darts around the screen randomonly in all directions. Sometimes it will open the menu which is done by right clicking in the destop space. One time I opened notepad and typed "Please stop this", immediately the cursor right-clicked and clicked undo. But most of the time it darts around the screen randomly without a sense of purpose. Many times it will select icons and deselect them. It acts more aggresively when I attempt to open up applications and especially when I try to click on something or type, it will move aggresively in another direction. I have an optical mouse that has a wired USB connection to my desktop computer. I have cleaned the laser, and I have even lifted the mouse off the counter and still the cursor darts around by itself. I have run spyware doctor and anti-virus software and disinfected quite a few viruses and spyware but still to no avail.
How do I get rid of this trojan. I feel as though someone is actually logged into my computer and monitoring what I do and maybe has keyloggin software that they're using. How do I get rid of this spyware without having to re-install windows or format the hard drive? I could do a low-level format after backing up my information and then re-install windows and all my software with their various serial numbers, but I REALLY want to avoid that.
Any help would be greatly appreciated. Thanks in advance :)
How do I get rid of this trojan. I feel as though someone is actually logged into my computer and monitoring what I do and maybe has keyloggin software that they're using. How do I get rid of this spyware without having to re-install windows or format the hard drive? I could do a low-level format after backing up my information and then re-install windows and all my software with their various serial numbers, but I REALLY want to avoid that.
Any help would be greatly appreciated. Thanks in advance :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
goban, i will try that. this does happen between 7-9 pm, however it happens intermittently and so i'll have to plug another mouse in when it occurs. i don't think it's the mouse though, i've had this mouse for a long time, i don't see how all of a sudden one night at a certain time it would start behaving like this.
i'll see if the cursor moves when the ethernet cable is unplugged AND when the mouse is unplugged.
i should probably do a system restore aswell, didn't think about that one :) there are so many things to consider.
i'll see if the cursor moves when the ethernet cable is unplugged AND when the mouse is unplugged.
i should probably do a system restore aswell, didn't think about that one :) there are so many things to consider.
ASKER
I don't want to do system restore because I don't want to re-install some of the programs.
It's not doing anything right now, but it could act up again later, if it acts up again tomorrow, I'll probably have to do a system restore.
It's not doing anything right now, but it could act up again later, if it acts up again tomorrow, I'll probably have to do a system restore.
It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php
Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.
Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
>"""i've had this mouse for a long time, i don't see how all of a sudden one night at a certain time it would start behaving like this. """<
Simple answer to that is things fail...
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php
Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.
Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
>"""i've had this mouse for a long time, i don't see how all of a sudden one night at a certain time it would start behaving like this. """<
Simple answer to that is things fail...
ASKER
Okay, I have attached the hijackthis log file, please let me know if you see anything supsicious or malicious. Also, I thought I would let you know my computer is running abnormally slow right now despite the large amount of ram I have and freespace on my hard drive. The CPU usage is constantly up at 80% to 100%.
HIJACKLOGFILE.txt
HIJACKLOGFILE.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am going to check later on tonight if that strange behaviour with the cursor occurs again. If it does not happen tonight and tomorrow night than I can be assured that the problem is fixed. Thank IndiGenus.
Any other ideas?
Any other ideas?
ASKER
I will also run Highjackthis again tonight if the strange behaviour occurs and try unplugging the mouse and the ethernet cable after aswell.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks very much for your solution. I didn't think it would be something as simple as unplugging the mouse or using a different mouse. First I unplugged the ethernet cable, but the cursor continued to move, then after that, as soon as I removed the USB connection for the mouse the cursor stopped moving. It's a dysfunctional, I'm sure I just need to replace it. I didn't realize a dysfunctional mouse could cause that much havoc.
sfc /scannow
http://www.invisiblethings.org/tools.html
Cant you system restore back to before you had it either?