Jump to content

Computer Doing Random Things But Probably Not Malware


Rorroh

Recommended Posts

I got a new computer about 4 months ago and it's had some really weird problems. One of the most obvious things is that whenever the mouse is supposed to be in the top-left corner, it freezes to where it was a frame before. If I move it to the right or down one pixel, it ends up where it's supposed to be, one pixel from the corner. Safe mode does not have this problem.

Another thing, sometimes it randomly does things. I've seen it type randomly, move the mouse randomly, disable my wireless card (WNDA3100v2; possibly unrelated), switch windows, open random programs and shut down/sleep. When it shuts down it's a hard shutdown, but it may be due to something else.

It's been acting weird since the beginning but I haven't been too bothered with it until very recently. My computer is an iBuyPower custom that was sold by Walmart, but I don't remember which one it was exactly since it's out of my browsing history. The only programs, from what I remember, that were installed when I got it and before I did anything else were avast! Antivirus, Sandboxie, Google Chrome and the Netgear WNDA3100v2 drivers.

Today I woke up to find my computer not responding to either my keyboard or mouse; the monitor was on but black like it usually is when it's idle and the computer was running but the mouse's light wasn't turning on as if it was disconnected. I pressed the power button and it came up to the about:air page on Chrome that I left it on, but the JavaScript console was up and the number 4 was in it and neither my keyboard nor my mouse would do anything at all. After a few minutes it seemed that I could get the keyboard to type things into the console — but then the screen when black again and shut off. Boot asked me if I wanted to go into safe mode so I did so. Everything seemed fine in there. After a little while I ended up going into MSConfig and disabling the AMD External Events Utility, AMD FUEL Service and FLEXnet (some people on forums said FLEXnet can cause issues) from the Services, and rebooted.

After rebooting, things seem to be a little more normal. The top-left pixel thing seems to still persist, though, and it's probably way too early to truly tell if the problem is gone. I was hoping that someone might be able to shed some light on what's going on while I wait to see.

What I have:

  • Operating System: Windows 7 64 bit
  • Processor: AMD Athlon II X3 440 Processor (3 CPUs), ~3.0GHz
  • Memory: 4096MB RAM
  • Hard Drive: 1 TB
  • Video Card: ATI Radeon HD 5450
  • Antivirus: avast! Antivirus
  • Antimalware: MalwareBytes (for a week last week to see what would happen, uninstalled today; it was doing more harm than good)

Thanks for any input.

Link to post
Share on other sites

Sounds like you got ripped off. I'd suggest taking it back to Walmart as it seems like someone tampered with the computer and returned it. The symptoms indicate possible backdoor(a program installed to allow access from a remote computer) activity and someone is remotely controlling it. This isn't unheard of ether. Although I've never heard of Avast or Sandboxie being preinstalled, but it's possible.

Link to post
Share on other sites

Ooh, this got responses faster than I thought it would.

Buttons: Sorry, to clarify: I didn't mean they were preinstalled, I meant I installed them first before I did anything else. I did it from a flash drive.

MountainTree16: I don't think Walmart has iBuyPower computers on display. It was a ship-to-store thing.

Ever since disabling those three things everything seems to be running fine. Usually it messes up at least a little bit by this point. Also, I HAVE noticed a few.. I'll just link this: [Another forum thread]. I installed Microsoft Network Monitor to see what I could dig up but I have no idea how to use it fully and ended up with nothing useful.

Link to post
Share on other sites

You have at least 1 outgoing connection to a risky site.

67.205.77.202

PhishTank Report for that ip range.

1261777 hxxp://t.ymlp89.com/manauujuatajhsaoaesub/click.ph... PhishReporter

1261776 hxxps://livechat.boldchat.com/aid/2307475884/bc.ch... MagicDude4Eva

1261775 hxxp://2sempre-juntos.com/templates/default/Cadast... buaya

1261774 hxxp://bouchonsdamourgso.fr/modules/mod_mainmenu/m... buaya

1261771 hxxp://secure.runescape.com.m-weblogin-rsforums.co... dkarl1212

1261770 hxxp://pyapal.com/ PhishReporter

1261769 hxxp://soassist.pt/ext/halifax.co.uk/online.htm cleanmx

1261767 hxxp://www.paypaltrl.com/ PhishReporter

1261766 hxxp://freemoney.nazuka.net/ mitphishing

1261765 hxxp://paypal.com.cgi-bin.webscrcmd.dispatch-5885d... PhishReporter

1261764 hxxp://www.99310905.com/www.paypal.co.au/default.a... PhishReporter

1261763 hxxp://sites-commerciaux.com/media/splitpdf/180312... PhishReporter

1261762 hxxp://paypal.com.cpjs.fr/verify/update/correlatio... PhishReporter

1261761 hxxp://paypal.hostwing.net/www.paypal.fr/fr.html PhishReporter

1261760 hxxp://deckonengineering.com/paypal/Verify/logo/lo...

Listed under Malwarebytes' recently purchased hpHosts by MysteryFCM ;)

http://hosts-file.net/default.asp?s=67.205.77.202+

I highly recommend getting your pc checked out and change all your passwords from a known clean pc and let your financial services aware of suspicious charges.

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1


  • As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.
  • Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  • After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  • One of the expert helpers there will give you one-on-one assistance when one becomes available.
  • Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
    NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.
    Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.
    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here.

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our Malwarebytes Premium Services support site.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the "ADD REPLY" Add-Reply.png button instead of other ones when you start replying. :)

Link to post
Share on other sites

hmmm ...

a google of "bitcoin" turns up a lot of stuff that makes it look like a real scam-o-rama .

google : "bitcoin malware" ... how about that , the scamers are getting scammed with the user out the real money .

over all , it looks like a very risky deal ... especially since you may have been infected when you installed the program .

Link to post
Share on other sites

Thanks for taking the time to investigate.

Bitcoin is an open-source P2P virtual currency system. Anyone can look at the source code at any time to see if there's anything malicious or exploitable so the chances of something sneaking into the code are very slim.

Ah, I see what you're talking about with that Google search. Bitcoin uses processing power (either CPU or GPU; it's up to the user to decide) to generate Bitcoins to trade. That processing power goes right into authentication of Bitcoin transactions, if you were wondering. Since Bitcoins have real-world value, being a currency and all, there are many instances where people try to use other's processing power to generate Bitcoins for them, as pointed out in results 1 and 3 of the Google search. The Bitcoin count is stored in a virtual wallet on the person's computer as a single file. The other Google search results are to discussions and articles discussing the existence of malware that steals that file from the infected computer's hard drive, effectively stealing the Bitcoins from them.

Although, looking back at what you said, I think you understood that last bit. I'm rather tired tonight and may have misinterpreted.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.