Forum Moderators: phranque
I've checked my Desktop computer for viruses, spyware, etc. and everything checks out OK. Every now and then my computer seems to act like someone is taking over remotely. The Start window will open, files I'm working on will close out and the mouse gets squirrely. I thought it may be a bad mouse but now I'm wondering if it is something more serious.
Thanks for any suggestions.
I'm connected to a high speed Internet connection and it seems to happen when I have the Internet open and multiple windows. I did disable Microsoft Messenger. This seems to happen most often when I move the mouse. What is kvm?
Thanks
You plug your (single) keyboard, mouse & montitor into a KVM switch to operate the half-dozen computers under your desk, instead of having a half dozen keyboards, mice & monitors hiding your desk...
I suggest you manually check your registry.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runand
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Also have a look in your running processes and see if there is anything suspicious. You can search for process names in your fav SE and see what comes up. Usually some sort of explanation on the process name comes up.
I am on windows xp and here is a list of my processes that I have on a clean start:
svchost.exe (multiple)
devldr32.exe
explorer.exe
winlogon.exe
spoolsv.exe
csrss.exe (multiple)
lsass.exe
smss.exe
System
System Idle Process
Of course, do not take this as an example, it would vary from system to system, but these are the basic ones.
You could do an experiment and kill processes one by one and see if glitches continue. Then you will be able to indetify the process that is causing the problem and have a further look into it.
I'm connected to a high speed Internet connection and it seems to happen when I have the Internet open and multiple windows.
When your on broadband your always on the internet unless your physically disconnecting your plug or disabling it via windows. If your on broadband I would definately suggest getting a hardware firewall. Usually they are built into routers or switches. If your using a hardware firewall the only way attackers can get in is if you invite them in (like vampires or something).
Attackers can get past firewalls through IE, Outlook, and pretty much most windows software that directly connects to the internet. Microsoft, in their infinate knowlegde, allowed most of their software to have the ability to have some level of control over the operating system itself. I assume they thought this would give them a advantage over competitors but what it did was leave a huge hole in their O/S. For instance, if you were to use Opera or Mozilla you wouldn't even have to worry about getting a virus through activeX. A lot of people also get trojans and viruses when installing questionable software; cracks, warez, and fly-by-night freeware.
If you have windows closing and your mouse is acting funky, whether or not it is a hacker, I suggest setting up some type of firewall first and then doing a re-install of windows.
I took a look at the processes running - what an education! After I disabled programs running upon startup I ended up with a handful that I could identify as windows related or from programs I have installed on my system. None look suspicious.
I still need to look at the registry - what would I look for there?
Actually I am behind a firewall but I'm still being cautious with this. Hopefull it is just a bad mouse.
Thanks
I still need to look at the registry - what would I look for there?
I recently got a virus that hijacked my home page. I got it through a malicious website that used a activeX control to exploit a flaw in IE6. It placed over 50+ references throughout my registry. I had to do a search(seek?) and destroy to finally get rid of it all. I had to turn off hidden folders so I could find the exec file that was causing all the havoc. It took hours to clean up even though I knew what it was and how to clean it up. After that I found a website that explained how to set up IE to not allow certain types of activeX controls.
I guess the point is, unless you know what you got and how you got it your going to have quite a time getting rid of it and even if you do get rid of it whats to say you wont get it right back again unless you learn where it first came from.
As others have said, try cleaning your mouse and maybe turning over your keyboard and dumping the crumbs out first.
Just be careful, some trojans have the ability to run keyloggers. Meaning that every key you press on your keyboard is written into a file and that file is sent out of your computer in any number of ways. They use this to get passwords and login information. Thats why if I get a mysterious virus that I can't figure out I just re-install the o/s rather than take a chance.
P.S. You can disable all start-up programs and your computer will run just fine. One way to see if a malicious program is running is to disable all start up items Start Menu -> Run -> msconfig. Then reboot your computer and see which ones come back on their own.
If you have only one hard drive, create partitions.
For example,
C:\windows (this partition is where I install windows)
D:\programs (i put all my programs on this partition)
E:\website (my website content and files go here)
F:\files (all other files go here)
I only put my o/s on the C partition, nothing else. When I have to do a re-install I just format C and re-install. I never touch the other partitions. In case you didn't know, most programs don't have to be installed to run. For example, none of the macromedia programs have to be installed to work. Just find their folder and create a link to the exe. Same for most games. There are a few exceptions like dvd and some audio software but thats about it.
I can usually have my system up and running in a little over 2 hours, which can be less time than it sometimes takes to get rid of a virus.
In case you didn't know, most programs don't have to be installed to run. For example, none of the macromedia programs have to be installed to work. Just find their folder and create a link to the exe. Same for most games.
This isn't true. Macromedia software and games tend to be the exception than the rule. Even the most robust software is going to struggle to reconcile missing swathes of registry and missing and mismatched system files.
In general, it doesn't hurt to keep your documents on a separate partition, for the reasons you state. But I'd make the Windows partition something other than C: -- it'll give you a small measure of extra protection against poorly written trojans.
If you reinstall frequently, it can't hurt to take a Ghost image of a clean installation that includes your most important software. You can then reimage a disk in 15-20 minutes from CD.
Finally, it might be worth stating the obvious that running IE (as Administrator, no less?) is just asking to be raped by any and every malicious website out there. Don't do it. Log on as a restricted user if you are running NTx, and try a browser that's got a better track record for security.
And the original problem? Doesn't sound like a hacker to me, either, but a firewall should close them out if it is. As others said, check your hardware.
All is well now. It did end up being just a bad mouse. I installed the mouse from my laptop and have been "critter-free" for two days. I did learn much from this discussion though. I currently have my operating system separate from my other drives for the reasons stated above.
I'm curious about what was mentioned about using IE as a browser. I do use IE and I am logged on as a restricted user. My website is hosted on a Apache server but I administer things from my local PC. Is there still a risk for malicious activity?
Thanks.
'safe internet explorer'
'internet explorer hacking'
'internet explorer security activex'
you'll find a whole bunch of websites describing issues with IE.
