Strange glitches in W7- a Virus?!

CJH2012 · 02 Jul 2012

Hi,
I recently purchased Windows 7 and for a few months it was great. Then I did a repair install because I kept getting the 'busy' blue circle around the mouse pointer which was very distracting when trying to do my accountancy tests from the CD ROM.
After the repair install W7 seemed to be working okay for a while.
The next week or so I found programs (i.e. Excel) would suddenly shut down after a single click on the 'Office' symbol (top left). Also controlling files became problematic because a single click would mysteriously open a file, instead of e.g. merely selecting it. This and other erratic behaviour, the latest installment of which is the mouse wanders randomly around the screen, led me to believe I was the innocent victim of a nasty "malware" attack.
I was surprised because I use Kaspersky antivirus and Malwarebytes and use them regularly; I also have Driver Manager installed.
I back up regularly to an external USB hard drive, both manually copying files I use/modify often (mainly in Excel), and doing a weekly back up using Windows 7 proprietory back up program.
Apart from re-installing it please can anyone recommend/suggest another option that might fix my issues with Windows 7? I could try System Restore but since I am not sure exactly when the erratic behaviour emerged this is problematic.
Thanks in advance! (Written on my older XP System.)

F5ing · 02 Jul 2012

You could try a supplemental online malware scan here: ESET :: Get a FREE Online Virus Scan

And then check out: Troubleshoot Application Conflicts by Performing a Clean Startup

CJH2012 · 04 Jul 2012

Okay thanks, will try that additional malware scan.

Might I also mention that when the busy 'blue circle' problem came back again after the repair install, I tried the following:

sfc /scannow

...in the 'cmd' console. The first scan produced a result of some corrupted Windows OS files that could not be fixed. Despite all my attempts I could not locate the affected files on my HD to e.g. deleted them. When I subsequently ran sfc /scannow it twice came back "clean".

I will report back result(s) of ESET scanner you suggested.

Edit: By the way I am running Excel Microsoft Office (Student) 2007, where the most serious symptoms occurred.

Results of scan as follows:

F:\CHRISJHUDSON-PC\Backup Set 2012-02-23 174559\Backup Files 2012-02-27 155302\Backup files 1.zip Win32/DownloadAdmin.A.Gen application deleted - quarantined
F:\CHRISJHUDSON-PC\Backup Set 2012-02-23 174559\Backup Files 2012-02-27 155302\Backup files 2.zip Win32/DownloadAdmin.A.Gen application deleted - quarantined
F:\CHRISJHUDSON-PC\Backup Set 2012-02-23 174559\Backup Files 2012-03-05 223108\Backup files 2.zip multiple threats deleted - quarantined
F:\CHRISJHUDSON-PC\Backup Set 2012-02-23 174559\Backup Files 2012-03-05 223108\Backup files 4.zip multiple threats deleted - quarantined
F:\CHRISJHUDSON-PC\Backup Set 2012-03-19 160757\Backup Files 2012-03-19 160757\Backup files 10.zip multiple threats deleted - quarantined
F:\CHRISJHUDSON-PC\Backup Set 2012-03-19 160757\Backup Files 2012-03-21 225709\Backup files 10.zip multiple threats deleted - quarantined
F:\CHRISJHUDSON-PC\Backup Set 2012-03-27 151040\Backup Files 2012-03-27 151040\Backup files 9.zip multiple threats deleted - quarantined

I hope that solves the problem! Thanks for the advice F5ing! :)

F5ing · 04 Jul 2012

You're welcome!

On the assumption that your data is stored on C: along with your OS/apps and that F: is your external drive containing your backups, it looks like Eset found nothing that would interfere with the operation of the OS. It found stuff that was apparently on your machine back in the Feb/March timeframe and are contained in those backup zip files.

Eset results should also identify the type/strain of the threat it found with each file. It may be helpful to post/research that info. If the "uninstall Eset when closed" (or however it's phrased) checkbox wasn't ticked when you closed it out, you should be able to find the logfile in C:\Program Files (x86)\ESET\ESET Online Scanner.

Do you routinely have the external connected and powered? If that's your only backup you should be aware that it's not an advisable practice; best that it is only connected when performing a backup/restore. However I don't use w7 backup app and am not familiar with its requirements. If you have it disconnected and then reboot your machine, the malware that was on there would have no effect on the operation of your machine. That's assuming that none of that malware had already affected your boot drive.

Do you have a real need for Driver Manager? w7 handles drivers pretty well on its own. I would be hesitant installing or relying on it.

n2gc · 04 Jul 2012

Might try Kaspersky TDSSKILLER or on the extreme, Combofix

CJH2012 · 05 Jul 2012

Thanks F5ing for the additional advice. My W7 installation seems to be behaving itself now after the ESET scan, but annoying 'busy' blue circle is flashing on and off twice a second still.
Will try second part of the link in your initial reply.

P.S. Yes external drive is currently plugged in all the time.

F5ing · 05 Jul 2012

You might also want to take a look at Task Manager and Resource Monitor to see if either can be used to spot the activity taking place that's responsible for it.

gregrocker · 06 Jul 2012

What is this Driver Manager you have installed? These cause problems because Win7 is not XP or early Vista but a driver-complete OS in the installer and via optional Windows Updates. You should only import drivers still missing in Device Manager after all updates are completed, or if performance problems are traced to any driver(s).

If performance problems aren't resolved then I would try again to Clean Reinstall Windows 7 following these same steps for factory OEM which incorporate the Best Practices for setting up and maintaining Win7.

CJH2012 · 07 Jul 2012

Thanks gregrocker, n2gc and F5ing.
Annoying constantly flashing blue 'busy' circle seems to have gone now.
Will try uninstalling Driver Manager from W7 and re-install it on my XP machine so I don't waste the license!

EDIT:
Hard drive is making bzzp noise evry second now i.e. working. Blue circle still stopped showing every second however.

Off topic, not being paranoid but there must be some pretty nasty stuff out there at the moment, if it bought Natwest's internet banking down (although they didn't say if it was internally caused error or external threat.) Also read story on COMP TIA newlsetter thingy about malware and one the American security services (?) which had been keeping service going to hacked computers but will be 'pullin gthe plug' on Sunday (tomorrow).

F5ing · 07 Jul 2012

CJH2012 said:

Hard drive is making bzzp noise evry second now i.e. working.

This might not be a good sign as far as your hard drive health is concerned. Is it a new noise you're hearing from it? Or has it always sounded like that when it's accessed? How old is it? Might be worth booting into the BIOS to see what it has to say about the drive...

CJH2012 said:

Also read story on COMP TIA newlsetter thingy about malware and one the American security services (?) which had been keeping service going to hacked computers but will be 'pullin gthe plug' on Sunday (tomorrow).

Sounds like you're speaking of the DNS Changer malware: DCWG | DNS Changer Working Group