Cursor Problem Adware

Discussion in 'Malware Help (A Specialist Will Reply)' started by Rangerover, Jun 6, 2008.

  1. Rangerover

    Rangerover Private E-2

    I was directed here from the software thread by Dyamond here's what happened, what I've done including problems along the way! I also have the log sheet from SuperAntiSpyware.

    Since March 2008, I've been fighting a problem with my cursor, someone suggested it was a cursor comet virus. I apparently picked it up at a website I was visiting.

    I first notice a line about an inch long on my screen next to the cursor and pink in color then it grows to a one inch square box with pink stripes. The frame freezes, you cannot move to exit the page. ctrl, alt, delete doesn't work, as well as escape. You have to turn the computer off at the tower. When you reboot it, it seems to grow. Each time you reboot it, it gets worse to a point where you can't get on the startup page. You cannot turn off the machine other than by turning off at the tower. This thing also turns off your keyboard and monitor as well.

    I tried to get into safe mode with some success, but could not resolve the problem even with running my virus protection or SpyBot programs. I tried safe mode with networking and came to Microsoft site and scanned from the sites scanner with no threat or virus results found by any of the runs I made.

    I finally gave up and reloaded my XP program and upgraded all files, with the help of Mircosoft techs and ran virus and spyware programs, found no problems, and thought the problem solved, good for about 10 days and I had it back. It got so bad from turning off at the machine, I eventually corrupted the start up program and it would not start. I tried using the repair mode from the original XP disc and that too failed. I reinstalled the XP program a second time, upgrade everthing. IE 7, SP3 and installed Kaspersky Internet Security, it found and removed over 200 entry's, still had the problem far worse than ever. I called Microsot tech support, and as suggested downloaded Super Anti Spyware. NO luck! By now it was so bad I again could not get to the startup page. I finally went to HiJack This as a last resort using the Safe Mode with networking and downloaded their program and ran a scan. It listed most of the program entries about 35, I figured the computer was toast anyway and went ahead and deleted the entire search find, and the problem went away. I was lucky enough to be able to start up and get to the startup page and spent the next 18 hrs repairing and or reinstalling the programs.

    The problem came back with a vengeance, I couldn't get on line, and when I did it wouldn't let me type in search or use favorites menu. I wound up in Safe Mode to download the programs suggested by Major Geeks and was able to run some scans and neutralize or delete the results found with the scans. The pink stripes finally went away and then was to do the scans in normal mode starting today. So here I am!

    Today I am able to do the Majors program step by step and have done the SuperAntiSpyware and posted the results on the software thread and I have reinstalled SpyBot search and destroy, ran it and immunized with 0 detection. I just ran the Malwarebytes AntiMalware with 0 detection. I will first give you the results of the SuperAntiSpyware log. And follow your directions from there! Thanks for any help you can give me, Jim Bresett
     
    Rangerover, Jun 6, 2008
    #1
  2. Rangerover

    Rangerover Private E-2

    Here's the log from Super Anti.....
     

    Attached Files:

    Rangerover, Jun 6, 2008
    #2
  3. Rangerover

    Rangerover Private E-2

    Here's the log from Malware......
     

    Attached Files:

    Rangerover, Jun 6, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    We need to see the other logs from ComboFix and MGtools. What you have given thus far shows no problems. If the other scans also show no problems, either your malware is already gone or it is not malware and is potentially a hardware or driver issue.

    Note 1: when you reinstalled Windows, did you install from a clean a original CD or a copy someone made. Did you install any other software from backups? Did you ever just try reinstalling only Windows and not reinstalling any backups for awhile just to see if it ran without any problems? It is possibly that what you are reinstalling if the cause of your problems.

    Note 2: HijackThis does not list malware. It lists running procesess, startups,...and more items from from the registry. You should not just be deleting what it lists as most of what it lists (if not all) is valid.
     
    chaslang, Jun 7, 2008
    #4
  5. Rangerover

    Rangerover Private E-2

    Note 1: when you reinstalled Windows, did you install from a clean a
    original CD or a copy someone made. Did you install any other software
    from backups? Did you ever just try reinstalling only Windows and not
    reinstalling any backups for awhile just to see if it ran without any
    problems? It is possibly that what you are reinstalling if the cause of
    your problems.

    Note 2: HijackThis does not list malware. It lists running procesess,
    startups,...and more items from from the registry. You should not
    just be deleting what it lists as most of what it lists (if not all) is
    valid.

    Here's the logs from combo fix.

    (ans#1) What I did was insall the os xp over top the installed version with the original disk. OK, I heard the name you called me and it's ok, I'm honest and would like a pro to look and see if I missed anything. I'm learning!
    No other software was installed either bought new or from other computers or from my own OS. I did not try installing any backups with the exception of trying to use the original disc to just repair the program, but I did accomplish a system retore in safe mode to the beginning of that month when I first had the problem or lets say when it got worse. I need to tell you that between the Antispy programs and kaspersky, I would say they found at least 500 cookies, adware spyware, etc.
    I did not clean it or remove the installed version first. I had no other option but to reinstall the xp program, I couldn't even get to my startup page. When the system started after pushing the startup button, the blue screen was covered with pink stripes, the keyboard would crash and turn off, the screen would start flashing and crash off. I figured reinstall or just quit. But I got this EGO problem, "you ain't gonna beat me". So I reinstalled.

    LOL, HiJackThis, well only thing I can say is if you could have seen the very first log, LOL, well lets just say it was full of the BHO logs at lesst 15 of them,that actually said "send me", "bundle here", wwwprefixes and default kind of stuff. When I was reading the log, the thing started, it was on me with the pink line and I just said fudge it, and checked all and hit fix all and that was it. I knew in a mattter of 10 seconds everything would have froze. I'll try to locate the log, but I did delete the program after I caught the blazes here on your site, still LOL. I promise I won't send it , I'll just send the entries that I know were bad. I will send the MG files, I just loaded them because I didn't think I would need the info for myself. Gawd please stay with me on this to make sure it's gone! Thanks, Jim Bresett
     

    Attached Files:

    Rangerover, Jun 7, 2008
    #5
  6. Rangerover

    Rangerover Private E-2

    One more thing I need to tell you is the Anti Virus program I was running was Norton and the Cleansweep program. The only spyware I ran was SpyBot, the new version. also I need to tell you that I have kept up to date with upateing the programs and ran them at least once a week, same applies to Microsoft updates, all on automatic. I now have Kaspersky and I can't believe the stuff it stops and neutralizes, definitely spyware and adware. the Norton didn'd do these things.
     
    Rangerover, Jun 7, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you had real malware, this would not remove. It may mask it from bothering you but it could be still there ready to bite you. The proper method to start over again is to delete partitions, recreate partitions, format, then reinstall from scratch.

    To repair what?

    If you use System Restore and had infected restore points, you are restoring the malware too. However thus far you have not shown me any malware problems.

    Cookies are not problems.

    Still does not sound like malware. Sounds like hardware or driver issues.

    I'm still waiting for the requested MGlogs.zip file but I'm not really expecting to find any malware issues.
     
    chaslang, Jun 7, 2008
    #7
  8. Rangerover

    Rangerover Private E-2

    Ok, here's the zip files!
     

    Attached Files:

    Rangerover, Jun 7, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your problems are not due to malware. I suggest you uninstall the below old Sun Java versions and they post your problems in the Hardware Forum.

    Uninstall these:
    J2SE Runtime Environment 5.0 Update 10
    Java(TM) 6 Update 5
    Java(TM) SE Runtime Environment 6 Update 1


    Now let's clean up from running the READ & RUN ME.


    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now it is time to do our final steps:
    1. You can uninstall SUPERAntiSpyware now.
    2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
    4. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\cf" /u
        • Notes: The space between the cf" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\cf folder from combofix.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    10. After doing the above, you should work thru the below link:
     
    chaslang, Jun 8, 2008
    #9
  10. Rangerover

    Rangerover Private E-2

    Thank You All, everything cleaned up and I got the OK message and it's running great.:wave
     
    Rangerover, Jun 8, 2008
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Jun 9, 2008
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds