Unfortunate situation

[Aulirophile]

All those windows patches with the innocuous wording "could allow someone to take over your computer if etc" is the "how" in most targeted cases. OSes have vulnerabilities.

Funny you should mention a ridiculous amount of trouble. The input loop that goes off is typed very slowly, including backspacing to delete mistakes, and here is the funny thing: in two cases the final typed input deviates from what I actually posted, minor typos that I didn't make. So unless it is randomly modifying the input, in the exact same way every time including making errors and then backspacing over them, someone manually retyped my posts to use them as an input loop.

If that isn't indicative of effort I don't know what is. So yeah, I'd really like to know for sure before I reformat. Which I am going to do tomorrow... just the primary partition, none of my files. If it doesn't work then... I'll think of something.

 

[Saeviomagy]

There's any number of applications which let you record and playback a set of keystrokes in windows. Hell, if you've got an old enough version, I think there's even a macro recorder built in.

1. Does the problem occur if you start the machine in safe mode? (while booting, repeatedly press f5 until it gives you a text-mode menu of options, then choose "safe mode" without any extra stuff).

2. Do you have any macro automation software on your computer? It sounds like a macro has been recorded and then is being replayed when you hit some common key. Microsoft office has macro automation stuff built in, as does visual studio. Alternately it could be a third party thing like AutoHotKey.

 

[Aulirophile]

It only happens after a few hours of being on, I've never been in safe mode longer then a scan took. I can leave my computer on in safe mode overnight with a notepad file open and see.

No, I have no macro software on my computer. I don't use MS Office or VisualStudio... I keep very few things installed on my computer because I have a relatively small SSD.

 

[jdrakeh]

FWIW, you may not have a virus at all. I've seen corrupt drivers and bad hardware cause many of the same issues that you're experiencing.

 

[Rel]

I was going to write a reply, but noticed Obryn already said 100% of everything I had in mind.

The virus is spreading!

 

[frankthedm]

Definitely reformat time.

 

[Dice4Hire]

That is an odd problem. Wish I knew enough about computers to help.

 

[Ulorian - Agent of Chaos]

Don't reformat yet!!!

A few questions:

1. Your text editor... is this the only application you've seen this ghost typing in?
2. Do you happen to type your ENWorld posts using this text editor, even occasionally?
3. Does this text editor have a macro feature... maybe one you accidentally toggled while typing up a post?
4. What is the shortcut key for replaying a macro?
5. Could you post the name of this text editor?

 

[bpauls]

It sounds like you are:

a) Concerned that reformatting the system is going to take too much more of your time.

b) Worried that you are not going to be able to trust your own data, once you move it over to the reformatted system.

Are these both fair statements?

I suggest taking the system to a computer repair company with good references. Tell them your symptoms, but let THEM diagnose the cause. Unless you are a computer repair professional yourself, they will have much more experience fighting malware--including a better idea of which tools to use, and how to use them.

If you have run dozens of scans with dozens of tools, then you can expect that additional scans will produce the same outcome. The problem would appear to be one of the following:

1) Your machine is infected, but the malware is hiding from scans by all tools. Perhaps the scans need to be run in another way--such as from a different computer.

2) Your machine is infected by malware which none of the antimalware tools can detect under any circumstances.

3) You are not infected, and the problem is being caused by something else.

A reliable computer repair service should be able to determine which it is, and take action appropriately.

Free advice on a forum is great, but sometimes there's no substitute for just taking it into an expert, and getting the job done.

Just make sure you get good references, if possible, in the area of antimalware detection and cleaning, as well as general computer troubleshooting.

My $0.02 worth...

Brian

 

[Ryujin]

I can't say that I've quite seen what you describe, and yet it's what I do for a living. I average between 6 and 10 virus/malware/spyware removals per week.

What version of Windows are you running? It sounds like you've likely used the software, that I would generally recommend, so a more aggressive method is obviously necessary.

Enable the ability to see hidden and system files, by changing the settings (in any folder listing) in Tools\Folder Options\View. After that look in Windows\Tasks and see if there are any tasks running, that shouldn't be.

If the behaviour that you mention occurs in Safe Mode, then that tends to point to a specific area or two of the Registry. You would find it under HKCR\exefile or HKLM\Software\Microsoft\WindowsNT\Winlogon\userinit.

Create a new Windows profile, then see if the same issue occurs in that. If it doesn't, then the issue is profile specific. You would be able to find it in the registry, then kill it. It would most likely be found in HKCU\Software\Microsoft\Windows\Run. It would be a good idea to use this new profile in order to delete temporary files, in your main profile, in case they're holding the offending programme.

If it only occurs in a normal Windows boot in any profile, but not Safe Mode, then the offending programme is likely in HKLM\Software\Microsoft\Windows\Run.