Computer Controlling Itself


Recommended Posts

My computer randomly every so often is controlling itself! The mouse starts doing things, opening the start menu, and all sorts of annoyinh things. It keeps doing it for around 30 seconds and then goes completely back to normal

Virus and spyware scans are not showing up, but in the Startup section of S:S+D it is showing up the Doomjuice.B virus, using the name regedit.exe, which I will stop, does anyone know what virus (or is it Doomjuice?) that is causing my computer to do this?

Nothing is showing remember, here are the products I am using:

McAfee Online

AVG 7.0

Microsoft AntiSpyware

S:S+D

Link to comment
https://www.neowin.net/forum/topic/310096-computer-controlling-itself/
Share on other sites

The computer operates the start menu on its own? At first reaction, i was thinking maybe you have a logitech optical mouse (as they are known to move on their own), but opening the start menu, thats just odd. I would if nothing else, reformat and install windows again. That way you can be sure of a clean slate and if it continues to happen, you can isolate from there.

  TimRogers said:
I'm gonna try a mouse i have in the draw - I haven't used it yet!

How would I go about disabling Remote Desktop, just to be safe?

btw, the information in Spybot mentions RPC, what would that mean?

585792797[/snapback]

Problems with a mouse would provoque a random movement/click... nothing like opening specific programs/menus...

You probably have a remote control software... something like Remote Administrator, Remote Anything, etc...

Remote Desktop Connection would send you into the logon page while the other person was connected... you wouldn't see anything happen....

Do you have your firewall activated??? if so, do you have anything in the exceptions list? Is you pc up-to-date?

http://www.microsoft.com/downloads/details...&displaylang=en

Microsoft? Windows? Malicious Software Removal Tool (KB890830)

run that and also run a scan here

http://housecall.trendmicro.com/

you could also try

start, run, sfc /scannow (assuming you have your original XP CD-ROM or one with SP2 slipstreamed if you're running SP2)

Disconnect from the network/internet if you are gonna work on it, that way if it is someone else controlling it they will lose connection. An RPC is a remote procedure call, which is another computer requesting your computer to perform some command. Programs that use such a protocal are VNC, sub7, netbus, remote assistance and remote desktop, all of which open your comp up completely to the user I would backup and format, im always paranoid that i did not get rid of it completely. I used to have issues similiar at my work when they used mcafee, but now that we are solely Nod32 we have no such occurences anymore.

  ljames28 said:
You dont have to format your disk you know, i dont see why everyone has fascinations with doing this, you just need to reinstall windows!

585792787[/snapback]

Urm, no, this would keep any virus etc on the machine.

  Loppdawg69 said:
Disconnect from the network/internet if you are gonna work on it, that way if it is someone else controlling it they will lose connection.  An RPC is a remote procedure call, which is another computer requesting your computer to perform some command.  Programs that use such a protocal are VNC, sub7, netbus, remote assistance and remote desktop, all of which open your comp up completely to the user  I would backup and format, im always paranoid that i did not get rid of it completely.  I used to have issues similiar at my work when they used mcafee, but now that we are solely Nod32 we have no such occurences anymore.

585792865[/snapback]

Nearly correct. RPC (Remote Procedure Call) is also used by Windows internal components as far as i was aware, to call other system resources. If the RPC is terminated during a Windows session the machine would close down. Windows relies on RPC in order to perform a lot of functions.

Unfortunatly the RPC does cause a lot of viruses.

  TimRogers said:
There is something weird - when I download the Malicious Software Remover it never comes up, just downloaded and installs.

I'll disconnect from the net and do a full virus scan, how can I get a slipstreamed SP2?

585796067[/snapback]

The Software removal tool just checks for dodgy programs and then removes itself. If there were dodgy programs on your pc that it picked up, they will have gone now

  Rich said:
Urm, no, this would keep any virus etc on the machine.

Nearly correct. RPC (Remote Procedure Call) is also used by Windows internal components as far as i was aware, to call other system resources. If the RPC is terminated during a Windows session the machine would close down. Windows relies on RPC in order to perform a lot of functions.

Unfortunatly the RPC does cause a lot of viruses.

585796119[/snapback]

yah but spybot doesn't pick those up and display those as threats....

but yah you have 2 choices:

1) format and re-install

or

2) have fun with it. stuff like this i like cause it challenges me to figure out what the problem is. just download eval versions of NOD32 and Kaspersky anti-virus programs. disconnect the computer from the internet and run them. if nothing pops up, try out http://www.pandasoftware.com/activescan/ and http://housecall.trendmicro.com/

although to me, it sounds more like a trojan horse than a virus or worm. unfortunately i don't know many trojan removers. although i do remember Trojan Hunter mentioned http://www.misec.net/trojanhunter/ on neowin a whlie ago, so try that too.

and when you finally find out what it is, research it. find out how it works so you can prevent it from happening again

Edited by PermaSt0ne
  PermaSt0ne said:
yah but spybot doesn't pick those up and display those as threats....

but yah you have 2 choices:

1) format and re-install

I never said it did. I also suggested formating and reinstalling and not simply reinstalling over the top :huh:

I honestly dont think this is any kind of virus though as my machine at work has the same issue.

I ahve installed a fresh copy of 2003 and not had the machine connected to the network, then the mouse just goes mental.

Not sure if it is the mouse or the port it is connected to.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Because Win7 was beautiful, much faster and more functional. Win10 (glossing over 8 as many do) was slightly faster in some cases, more functional in some cases, but some people such as myself hated how it looked and decided it wasn't worth the upgrade. Some people liked (or were ok with) the look, and thus it is a good upgrade. Win11 is like 10, but is less functional. It literally has nothing going for it, and I use it every day at work so I'm quite familiar with it.
    • I switched my mom from Chrome to Firefox and she had a serious meltdown. She even managed to figure out how to reinstall Chrome, which really surprised me. What finally got her to switch was Chrome no longer being supported on Win7 and me putting a Chrome skin on FF, and setting it up identically.
    • Feels very much like most other gnome based Linux distros. There is minimal amounts that are influenced by Windows 11, maybe just enough to make people who are switching comfortable enough with the idea. As far as I can tell its mainly just turning the 'taskbar' panel as a 100% sized static panel, rather than the default dynamic sized. Turning it from the Mac OS Dock into the Windows taskbar. The Arc Menu - that I assume you're taking not with from the screenshots, is indeed the Windows 11 style one, but it has lots of other options too, from the more traditional gnome, Windows 7 etc. Still free to install what ever Window Manager you want once you're comfortable enough with Linux though.
    • Wow, and here I'm still happily using 1080p...
    • Added an extra filter to Fail2Ban.  I thought about just adding this to my existing aibots filter, but for the time being I'm keeping it separate because it's "possible" real humans may trigger this one so as long as it doesn't start filling my inbox I'd like to get notified about these so I can adjust it as necessary in the future. I'm still holding close to 10k unique IP addresses at any given time that have been banned via the "aibots" filter that looks for certain user agent strings of known AI scrapers.  However, I've been getting an increasing amount of traffic trying to scrape the site with sanitized user agent strings that just look like normal web browsers, however... Because I enabled authentication I can now see that they're racking up lots of 401 (unauthorized) responses in the Apache "access.log" file, but they're not triggering anything in the Apache "error.log" file, which is where failed attempts to log in would appear.  Basically, if an actual human tried to log in with an invalid username and password they don't immediately go into "access.log" as a 401, they go into "error.log" with a status message such as "user FOO not found".  The only way to trigger a 401 simply by visiting the site, as far as I'm aware, is to hit "Cancel" on the login prompt, or otherwise try to access files directly without properly authenticating. So, given the fact I'm getting a few thousand 401 errors a day from sanitized user agent strings that don't show up in "error.log", which means no attempt at logging in properly, I added another jail/filter set to Fail2Ban to immediately ban anybody who triggers a 401.  This feels a bit nuclear so I may need to adjust it in the future, but as far as I'm aware so far no real humans are being inconvenienced so all I'm doing is wasting the time of some AI scraper bots. Example log entry 61.170.149.70 - - [25/Jun/2025:20:01:04 -0400] "GET /content/mdwiki_en_all_maxi_2024-06/A/Neuroregeneration HTTP/1.1" 401 3287 "https://kiwix.marcusadams.me/content/mdwiki_en_all_maxi_2024-06/A/Neuroregeneration" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43" Contents of /etc/fail2ban/filter.d/apache-401repeat.conf #Fail2Ban filter for bots and scrapers that try to access #files directly without entering credentials for apache2-auth #and therefore trigger lots of 401 errors without triggering #the apache-auth jail. # #Marcus Dean Adams [Definition] failregex = ^<HOST> .+\" 401 \d+ .*$ Contents of /etc/fail2ban/jail.d/apache-401repeat.local [apache-401repeat] enabled = true ignoreip = 10.1.1.1 port = 80,443 filter = apache-401repeat maxretry = 1 bantime = 672h findtime = 10m logpath = /var/log/apache2/access.log Oh, and all this traffic is AFTER I explicitly banned Alibaba's IP ranges that were absolutely blowing me up day and night. Observation; two of the IP addresses that have triggered this jail in the 30 or so minutes since I turned it on were owned by Microsoft.  Wonder if they're doing their own AI scraping/probing, or if that's just an Azure VM owned by somebody else.
  • Recent Achievements

    • Rising Star
      Phillip0web went up a rank
      Rising Star
    • One Month Later
      Epaminombas earned a badge
      One Month Later
    • One Year In
      Bert Fershner earned a badge
      One Year In
    • Reacting Well
      ChrisOdinUK earned a badge
      Reacting Well
    • One Year In
      Steviant earned a badge
      One Year In
  • Popular Contributors

    1. 1
      +primortal
      552
    2. 2
      ATLien_0
      208
    3. 3
      +FloatingFatMan
      175
    4. 4
      Michael Scrip
      152
    5. 5
      Som
      139
  • Tell a friend

    Love Neowin? Tell a friend!