My mouse clicking all over,MSN returning messages

You see,as I said in the post title,my mouse clicks on things I haven't clicked:confused it is opening new windows etc.I did everything mentioned in the XP cleaning guide,so I have the attachments here.The funny thing is that I couldn't run AVG anti-spyware,my computer just freeze when it was about half done.I tried 3 times.I recall that problem earlier too,that's why I haven't got it in my computer.Isn't it strange?
When I try to run spybot my cpu usage is 100 %.Strange too..
My MSN is returning messages too.I haven't encountered that kind of problem before.My contacts are online,and I am online,but it keeps returning the messages one in a while.It annoys me a lot.
I will appreciate your help a lot.Thanks in advance.
Is this all I should upload?rolleyes

 

Hi Tamarce!
Welcome to Major Geeks!

Is Aladdin's Revenge a game?

1) Your computer had some bad infections, but at this point your logs look clean. I would like to ask you to run some rootkit scans as you may have hidden files that we can't see. Also, is your mouse a wireless mouse? If so, please get a mouse with a cable (you might be able to borrow one from someone) and use that for awhile and see if the mouse clicking independently on programs and starting them stops. It's possible if you have a wireless mouse, that someone (nearby to you) is able to run their mouse on your screen via the wireless connection.

2) I don't see that you have a firewall. If not, please go to How to Protect Yourself from Malware and look for the section listing firewalls and install ZoneAlarm free. It will ask you if some things can connect to the internet. Allow those things to connect which are needed to use the internet which will include your browser, a generic host process, your antivirus (for updates). If you are not sure, say deny, then if you cannot get the internet to continue, you may have to reboot and then say allow. For those which you do not need to connect to the internet, click on deny, but don't put to remember this setting until you are sure. Do not allow MSN Messenger to connect for the time-being until we can find out what's happening there.

3) Also, please check to see if the remote access to your computer is turned off. To do this, right-click on My Computer and then click on Properties. Go to the tab which says Remote and make sure the option for remote access is not checked. If it is checked, uncheck it, click on accept and then ok.

4) There are several rootkit scans at Alternate Scans

If you scroll about halfway down that page, you will see a set of rootkit scans. Please run several of them including the one by Sophos. Also, be sure to try the AVG Antirootkit Scan since you've been having trouble with AVG. Do one or two others as well. Then attach the logs to your next post and let me know the results of my other instructions as well.
abri

 

1.My mouse is not wireless,and I have never used one.
2.I installed Zone Alarm but I can't figure out the right settings.Could you help me?
3.I unchecked the Remote Access.
4.i scanned with AVG and it showed nothing,and with the Sophos one,and that log I attached.

I installed many programs on my computer in order to complete the malware removal.Could you advise me which to uninstall and which to keep?See,my computer has low memory capacity.

What about MSN?I showed few anomalies today...
Thank you very much for your time.

 

That is good to know. It gives me more information to work with.

When you open Zone Alarm, you'll see buttons on the left side. Click on firewall and on the Main tab, set the Internet Security Zone to high. Do the same for the trusted zone. You may have trouble accessing the internet at this level and you may have to put it back to middle, but try it.
As for your programs, when you open Zone Alarm, there is a button called Program Control over on the left side. When you click on that you will get a window with two tabs (Main and Programs). If you click on Programs, you will see the list of programs which has requested access to the internet. They will have a red X next to them if you denied them access, a green checkmark if you gave them access or a ? if you want them to ask you for permission each time. Some programs will need access to the internet, but most will not. Windows Explorer does not need access to the internet, however, Internet Explorer does. Most of the time, Word or Office or Open Office or any programs like this that you may use, do not need access to the internet. There are a few times when they will need access and then you can change their status by left clicking on the red X or the ? or the green checkmark in the programs column and the left click will give you a small menu where you can change the option.

If you go to your Alerts and Logs button on the left side, you can set the Alerts to on and look at what is trying to get into your computer. If there are too many Alerts, you can shut them off, but it would be good to know if there is some pattern to the Alerts.

If AVG Antispyware is a trial version, uninstall it. It takes up quite a bit of room.

I think your main concern (because of the mouse's cursor clicking on and opening programs by itself) is that someone may be using your computer remotely, and I think this is justified. That you could not run Sophos is interesting. I would like for you to go to the Alternate Scans link I gave you before and run as many of the rootkit scans as you can to see if we can find out if you have a rootkit. Try running the one from BitDefender and Rootkit Revealer and the Gromozon Rootkit scan. I may also ask you to run some normal online scans as well to see if there is a trojan we are missing with the other tools.

abri

 

Hi Tamarce!

I would like to add a note to my last post. One of my colleagues said that problems like you describe with your mouse are often related to defects that the mouse is suffering. Please try borrowing or buying a mouse and see if this particular part of your problem is resolved. It may be that the problems you've been experiencing all started at the same time but are still unrelated. That's always a hard one to judge.

abri

 

Well my mouse is fine i tried it on another computer.
After installing Zone Alarm my computer seems calm.I haven't tried MSN yet.
The alerts are all incoming and they are coming from the same ip address or from a similar one.Is that important?Some of they were marked high.And they are all from my country.I don't know if I am right for this...Here is a part of the log.


Description Packet sent from 89.205.30.108 (TCP Port 8276) to 89.205.4.20 (NetBIOS Session) was blocked
Rating High
Date / Time 2007/12/13 01:50:20+1:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 89.205.30.108:8276
Destination IP 89.205.4.20:139
Direction Incoming
Action Taken Blocked
Count 1
Source DNS 89.205.30.108.robi.com.mk
Destination DNS WINDOWSX-F97A00

What is this?:confused
I will start the rootkit searches now and some online scans too.

 

Ok.I did Bit defender scan,but it showed nothing.But Gromozon showed something so I attached the log.

 

Hi Tamarce,

The log you posted was the GMER log, not Gromozon. Is that the one you meant to post? The gmer log is clean, but I wondered if the first ADS line means anything to you? If you set the format for the log to not wrap, then you will see a list of ADS lines. The first one contains adresses and it would be good for you to know if they are familiar to you.

abri

 

Well Abri that is my boyfriends address.It is some kind of sharing data,I guess.My computer I must say,thanks to you seems pretty fine now.Is there anything I can do more?

 

Well, he's probably not a virus. LOL

Please follow our standard finish up instructions to take all the logs and tools back out of your computer.

abri