|
Extremely weird computer problem/virus
|
View this Thread in Original format
| SYSTEM-J |
I don't realistically think the COR can help with this one, I'm just throwing it out there because it's such a bizarre problem.
I'm visiting my parents for the weekend, and they have what appears to be a virus on their main PC. After some investigation, here is what the virus appears to do:
- It only affects web browsers
- It alters what symbols are produced by keys on the keyboard while typing.
- It only does this on forms. Search engines, forums and Facebook are unaffected.
- When you shift+[key], it logs what is below [key] onto the A key.
- For example, typing @ will now make the A key type '
- It continues this process alphabetically, so if you then type ? it will make the B key type /
- Switching to any other program, even momentarily, cancels it.
- It is intermittent. It will do this on some parts of a form, but not others.
My parents have Norton anti-virus software installed on there, but although the piece of is regularly detecting non-existent threats, it hasn't found anything for this one. The computer is also rife with bloatware, because my Dad will basically install anything he's told to. IE has three toolbars, for example. This makes it very difficult to spot any suspicious processes. The computer is about 7 years old now and still running XP. It's incredibly slow and my recommendation is they simply throw it out the window and start again.
This probably is a virus, but I've never encountered a virus so small, specific, easily cancelled and so systematic in its method. I've seen viruses that alter your keystrokes before, but they tend to be much less discriminating, and much more functionally catastrophic.
Any takers? At all? |
|
|
| srussell0018 |
| Try running the AV in safe mode. If that doesn't work you could try combing through the reg edit for anything looking suspicious, but if your dad indiscriminately downloads things, that could be quite a tedious and futile process. Also try googling the general effect of the virus, and you might get a name of that specific trojan. Then it'd be a lot easier to find it in reg edit and delete it. |
|
|
| SYSTEM-J |
| In the nicest sense possible, how the can I Google that general effect? |
|
|
| ziptnf |
1. Uninstall the toolbars.
2. Does it have the same effect in different browsers?
3. Try it in Windows Safe Mode with networking. Does it also occur then?
4. Try using Spybot - Search and Destroy on the computer. What does it find?
5. Clear history, cache, cookies, etc.
Let me know if these tips help. |
|
|
| SYSTEM-J |
| It does it on IE and FF, which should rule out the toolbars, as FF doesn't have them. |
|
|
| srussell0018 |
That's a good question. Maybe just look up key-shifting trojans. Although the fact that it only happens on forms kind of makes me think it might be a key-logger. Credit card info is usually what's typed into forms, so I wouldn't be surprised if it's a keystroke logger disguised as something that's just a minor annoyance.
The problem is that if your AV doesn't detect it, the only way of deleting it is finding the actual file(s) that contains the trojan. To do that you need to find it in your registry, and to do that, you need to know the name of it. You could try to find an AV program that is designed specifically for trojans to supplement the Norton they already have. Trojan Hunter, Ewido, and TDS-3 are all good ones. I don't think any of those are free, but you should be able to get a 14 day free trial or something. |
|
|
| ziptnf |
| quote: | Originally posted by srussell0018
You could try to find an AV program that is designed specifically for trojans to supplement the Norton they already have. Trojan Hunter, Ewido, and TDS-3 are all good ones. I don't think any of those are free, but you should be able to get a 14 day free trial or something. |
I think Spybot Search and Destroy or Lavasoft's Ad-Aware should do the trick. Perhaps use a Registry Cleaner to find any unnecessary registry entries injected by those toolbars into the system. And those are all free. |
|
|
| nepenthe |
| Do you have an XP boot disc handy? |
|
|
| netroM |
| Hijack This! to check for suspicious startups. |
|
|
| KilldaDJ |
| you need to run the anti-virus before windows gets to boot, maybe some sort of boot-disc or something that the norton has supplied? |
|
|
| WittyHandle |
| Loading the disc drive with peanut butter usually works for me. |
|
|
| Lunar Phase 7 |
To be honest it sounds more like some weird sort of accessibility setting ing up.
Maybe your dad installed some "useful" utility and it's just gone Harvey Price.
You seem switched on, just check there isn't anything useful on the piece of and then do a clean install.
Sounds like it needs it. |
|
|
|
|
