How do I remove a remote access trojan?

Every night around the same time, usually between 7 - 9 pm for the last 2 days, the cursor on my screen (Windows XP) begins moving on its own.  It does not open up any files, it just darts around the screen randomonly in all directions.  Sometimes it will open the menu which is done by right clicking in the destop space.  One time I opened notepad and typed "Please stop this", immediately the cursor right-clicked and clicked undo.  But most of the time it darts around the screen randomly without a sense of purpose.  Many times it will select icons and deselect them.  It acts more aggresively when I attempt to open up applications and especially when I try to click on something or type, it will move aggresively in another direction.   I have an optical mouse that has a wired USB connection to my desktop computer.  I have cleaned the laser, and I have even lifted the mouse off the counter and still the cursor darts around by itself.  I have run spyware doctor and anti-virus software and disinfected quite a few viruses and spyware but still to no avail.  

How do I get rid of this trojan.  I feel as though someone is actually logged into my computer and monitoring what I do and maybe has keyloggin software that they're using.  How do I get rid of this spyware without having to re-install windows or format the hard drive?  I could do a low-level format after backing up my information and then re-install windows and all my software with their various serial numbers, but I REALLY want to avoid that.  

Any help would be greatly appreciated.  Thanks in advance :)
depechesingeAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
gobanConnect With a Mentor Commented:
You mentioned that you cleaned the mouse, but did you try swapping the mouse out for another mouse that is known to be good? If you don't have another mouse to test with, you could try plugging the mouse in to another computer and see if the strange activities appear on the other machine.
0
 
debuggerauCommented:
hijackthis is quite good, but there are rootkits everyone need to be aware exist nowadays.

sfc /scannow

http://www.invisiblethings.org/tools.html

Cant you system restore back to before you had it either?


0
 
debuggerauConnect With a Mentor Commented:
I use tcpview to see all my active internet connections, how about ripping out the ethernet cable and see what happens?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
depechesingeAuthor Commented:
goban, i will try that.  this does happen between 7-9 pm, however it happens intermittently and so i'll have to plug another mouse in when it occurs.  i don't think it's the mouse though, i've had this mouse for a long time, i don't see how all of a sudden one night at a certain time it would start behaving like this.  

i'll see if the cursor moves when the ethernet cable is unplugged AND when the mouse is unplugged.
i should probably do a system restore aswell, didn't think about that one :) there are so many things to consider.
0
 
depechesingeAuthor Commented:
I don't want to do system restore because I don't want to re-install some of the programs.
It's not doing anything right now, but it could act up again later, if it acts up again tomorrow, I'll probably have to do a system restore.
0
 
IndiGenusCommented:
It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.

>"""i've had this mouse for a long time, i don't see how all of a sudden one night at a certain time it would start behaving like this. """<

Simple answer to that is things fail...
0
 
depechesingeAuthor Commented:
Okay, I have attached the hijackthis log file, please let me know if you see anything supsicious or malicious.  Also, I thought I would let you know my computer is running abnormally slow right now despite the large amount of ram I have and freespace on my hard drive.  The CPU usage is constantly up at 80% to 100%.
HIJACKLOGFILE.txt
0
 
IndiGenusConnect With a Mentor Commented:
Hi,
Not seeing anything malicious there which is good news. But you appear to have 2 Antivirus programs running there, Norton and Threatfire. This can cause various issues including conflicts, errors, false positives, and yes system slowdown. I recommend you remove one of them and see if that helps the poor performance.

You can also take a look at Task Manager to see what process(es) are taking your system resources up.
0
 
depechesingeAuthor Commented:
I am going to check later on tonight if that strange behaviour with the cursor occurs again.  If it does not happen tonight and tomorrow night than I can be assured that the problem is fixed. Thank IndiGenus.

Any other ideas?
0
 
depechesingeAuthor Commented:
I will also run Highjackthis again tonight if the strange behaviour occurs and try unplugging the mouse and the ethernet cable after aswell.
0
 
IndiGenusConnect With a Mentor Commented:
Didn't remember seeing if you mentioned this but have you simply tried a different mouse?
0
 
depechesingeAuthor Commented:
Thanks very much for your solution.  I didn't think it would be something as simple as unplugging the mouse or using a different mouse.   First I unplugged the ethernet cable, but the cursor continued to move, then after that, as soon as I removed the USB connection for the mouse the cursor stopped moving.  It's a dysfunctional, I'm sure I just need to replace it.  I didn't realize a dysfunctional mouse could cause that much havoc.
0
All Courses

From novice to tech pro — start learning today.