dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2211

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

jaykaykay

MVM

A plea from a friend

Does anyone have any specific ideas for this person who wrote me a plea for help? I asked them what they were using for Security, and their reply is present in the 2nd paragraph. I could ask this person to go through the steps that we have here for figuring out what's going on on a computer, but I would rather not, as it would only confuse them.

"I have had someone in my computer moving my cursor around while I’m sitting here watching. When it occurs it is usually when I’m writing something derogatory about a non-friend via email.

The Microsoft scan says I’m clear and the Geek Squad can’t find anything. I once accused the Geek Squad of fooling within my computer and was convinced by their reaction that they were not. Whoever it is must be quite advanced. My husband has seen it once. Usually when it happens and I call him to come look, they’ve gone by the time he gets here. I’ve even had whoever it is substitute similar words within my emails to change the meaning. I didn’t use to spell check because it slows me down but now I have to."
Expand your moderator at work
jaykaykay

jaykaykay

MVM

Re: A plea from a friend

That's clearly not the answer! I didn't ask for a flame re: Microsoft.

WillRegSoon
@optonline.net

2 recommendations

WillRegSoon to jaykaykay

Anon

to jaykaykay
I'm a Mac guy myself but you might ask her if it happens when her PC is disconnected from the Internet. Then at least she'd know whether it's something infecting the HDD or happening by remote (most likely).
XXXXXXXXXXX1
Premium Member
join:2006-01-11
Beverly Hills, CA

2 recommendations

XXXXXXXXXXX1 to jaykaykay

Premium Member

to jaykaykay
Sorry... bad attempt at humor. Didn't mean to offend. Hope it works out for your friend.

My advice would be to put a piece of tape over the computer's camera... your friend could very well be the star of someone's reality series. Scary thought, but possibly true. Tape it up.

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

3 recommendations

jaykaykay

MVM

I have sent them a search that I did on the subject and perhaps, there will be enough questions on the links in the search page for them to figure out what to do. I know this was a problem in the past, but this is not back when I first knew about it.

And SwedishRider, I wasn't offended. I was merely posting what I felt and that writing what you did isn't helpful for anyone coming to this site, new or old. I am a very old member, but this is still the last kind of response a newer member would want or benefit by. I knew you were trying to be funny, but with a question such as this, humor didn't seem appropriate to me.

Now that I have given my ration of motherly love, I will await more responses.
BlitzenZeus
Burnt Out Cynic
Premium Member
join:2000-01-13

2 recommendations

BlitzenZeus to jaykaykay

Premium Member

to jaykaykay
Could this be a combination of the mouse cursor moving to a focus point, and autocorrect? If not since people have already tried 3rd party tools I'd just nuke, and pave, it's not worth my time to dig out malware.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

2 edits

4 recommendations

Blackbird to jaykaykay

Premium Member

to jaykaykay
It sounds as if you're dealing with folks whose computer "literacy" is not high (no offense is intended), and that really limits what you can constructively say to them or determine from them. From the description on the whole, someone's remoting in to the computer, and given that the remoting is not being currently requested by them, that makes it unauthorized. Unauthorized access, in turn, means the system is, and has been, compromised... at a minimum, in terms of visibly leaking whatever has been done on it (keyboard entries, mousing, etc) by your friends since this began; at a maximum, in terms of whatever malware might have been planted on it remotely and what that might have "exported".

A question that ought to be answered is whether the computer has ever been knowingly set up to allow remote operation, and whether that doorway has been somehow "propped open" (repair or new-machine setup scenarios come to mind, particularly if the humans involved were less than competent or ethical). Find out the story of where/when they obtained the computer, who set it up, who has repaired it (and how many times), and whether they've ever done any "over-the-phone (or Internet)" repair/helps/troubleshooting that involved letting the party at the other end of the phone (or chat-line) 'run' the computer.

Depending on what they use the computer for and what (if any) genuinely sensitive data they have routed over it, there's a pretty wide range of possible risks involved, all the way from nil up to extremely serious.

But just because a "Microsoft scan" and the Geek Squad boys "can't find anything" certainly doesn't mean there's nothing there. If your friends are indeed not sufficiently computer literate to follow the steps needed in a security cleanup forum like here at DSLR, then they seriously need to find somebody they can trust (also meaning someone not previously involved hands-on with the system) who is also computer literate to come along side and help them, both by making sure all the remote access doorways into Windows have been slammed shut and by doing a serious security cleanup (or nuke/re-pave) if needed.
tobicat
Premium Member
join:2005-04-18
Tombstone, AZ

tobicat to jaykaykay

Premium Member

to jaykaykay
This really sounds like computer illiterates being confused by auto correct and some sort of auto mouse centering (what ever it is called).

You need to walk them thru turning off auto correct on whatever email they are using and I bet the problem goes away.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to BlitzenZeus

Premium Member

to BlitzenZeus
said by BlitzenZeus:

Could this be a combination of the mouse cursor moving to a focus point, and autocorrect?

That's what I thought of this too.
A remote access situation where only the mouse movement is seen by other sessions is not something I've ever seen or heard of.

dib22
join:2002-01-27
Kansas City, MO

2 recommendations

dib22 to jaykaykay

Member

to jaykaykay
Could also be a giant fuzz ball in the mouse (if optical)... or a failing mouse in general.

If it stops moving when not connected to the internet then I would have them grab EMSIsoft antimalware, or MalwareBytes antimalware and give it a good scan in case their av has been hijacked.
PX Eliezer1
Premium Member
join:2013-03-10
Zubrowka USA

PX Eliezer1 to jaykaykay

Premium Member

to jaykaykay
said by jaykaykay:

Quoting the friend:

[When it occurs it is usually when I’m writing something derogatory about a non-friend via email.]

She says "usually" but not always so it happens other times too.

Seriously, not being flippant, maybe she should not be writing derogatory things about non-friends (especially in an e-mail which is a security issue all by itself)....

....Because this could be a harmless glitch but her anxiety or guilt about what she's doing is making her paranoid about it. I do not mean to cause offense.

(She also says she once accused the Geek Squad of fooling with her computer....)

-----

Security, what does she mean by a Microsoft scan? Is she using MSSE (which is far from a complete tool) and the Geek Squad (same description applies).

Can she download the free version of Malwarebytes and run a scan?
»www.malwarebytes.org/downloads/

Another simple tool to download and run is McAfee Stinger.
»www.mcafee.com/us/downlo ··· ger.aspx

[Trying to stick to simple, basic tools.]

------

The issue could be the mouse, too, as others have said.

I would also:

1) Clean the mouse especially if it is an old trackball....or even an optical mouse.

2) Consider replacing the mouse if very old.

3) Use a good mousepad, especially important if it's an optical mouse (to get the contrast).

4) [Control Panel]---> [Mouse Properties]---> [Pointer Options]:
Slow down the pointer speed, AND Uncheck the box for "enhanced pointer precision". Also Uncheck the box for "Automatically move pointer...."

-----

Those would be my thoughts.
PX Eliezer1

PX Eliezer1

Premium Member

And---is she at least running Windows firewall or another firewall?

Does she have remote access turned off?
»www.ehow.com/how_6597246 ··· ess.html

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

1 edit

jaykaykay

MVM

I don't have the answer to any of the questions that were asked here, or the literacy, per se of all the users. I got this response when I sent »windowssecrets.com/newsl ··· ecurity/ to a number of people whom I know are active on the Internet. I thought there might be something that could be of help to them from here. And no, the person is not illiterate and has done business on a computer Internationally for years. The response was a bit alarming/suspicious to me, and this is what you see, albeit cleaned up by me for personal reasons. I will send your responses to them, and anything more I get that might be helpful, and I will let them do with it as they see fit.

Hank
Searching for a new Frontier
Premium Member
join:2002-05-21
Burlington, WV

Hank

Premium Member

Didn't mention if laptop or desktop, but I have an holder laptop that has a flaky mouse pad driver and it will move by itself. I disable it and use a USB mouse with it.

DownTheShore
Pray for Ukraine
Premium Member
join:2003-12-02
Beautiful NJ

1 recommendation

DownTheShore to jaykaykay

Premium Member

to jaykaykay
Your friend should get a new mouse, new mousepad and an air canister to blow out any dust and gunk from under the keys to prevent them from screwing up, if it is a laptop. If it's a desktop computer, he/she should get a new keyboard. I had some similar odd problems once with my desktop computer that ended when I got a new keyboard.

She/he should check that Remote Access isn't enabled.

What flavor of Windows is being used?

What is the security software on the computer?

Wired or wireless internet connection?

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

jaykaykay

MVM

In response from my friend, to whom I gave the link to this thread. Their RDP is disabled, btw. I also suggested she clean her mouse if possible.

If anyone has anything else they can share, I am most grateful as is my friend, living many miles away from me.
=========================================

This is interesting as I too am working on a Dell with Windows XP. However, my mouse pointer (as they call it) tries to point to something I don’t want it to point to as opposed to just moving across the screen. When I try to force it to do something else I usually win but it’s a battle. For example, when I want to email something derogatory about xxxxxxx, I often have to use keystrokes to do what I want because my mouse pointer has disappeared from the screen. That happens when I take my hand off of the mouse. I’ll try working with these people though since we’re all running the same kind of computer and the same Windows program. Thanks again.

Thanks a million for this. I was able to get onto the site and this caught my eye “A question that ought to be answered is whether the computer has ever been knowingly set up to allow remote operation, and whether that doorway has been somehow "propped open" (repair or new-machine setup scenarios come to mind, particularly if the humans involved were less than competent or ethical). Find out the story of where/when they obtained the computer, who set it up, who has repaired it (and how many times), and whether they've ever done any "over-the-phone (or Internet)" repair/helps/troubleshooting that involved letting the party at the other end of the phone (or chat-line) 'run' the computer.”

I have allowed over-the-phone fixers into my computer but they were always from Microsoft. I checked to see if perhaps that “door” is open and it is turned off. Getting a new mouse could be an option so I’ll try that tomorrow. Nobody has moved my cursor today. I think I will give Microsoft a call too and see what they think. I haven’t discussed this with them, only with the Geek Squad.

jimkyle
Btrieve Guy
Premium Member
join:2002-10-20
Oklahoma City, OK

5 recommendations

jimkyle to jaykaykay

Premium Member

to jaykaykay
said by jaykaykay:

I have allowed over-the-phone fixers into my computer but they were always from Microsoft. I checked to see if perhaps that "door" is open and it is turned off. Getting a new mouse could be an option so I’ll try that tomorrow. Nobody has moved my cursor today. I think I will give Microsoft a call too and see what they think. I haven’t discussed this with them, only with the Geek Squad.

This paragraph raises a very red flag with me. My understanding is that Microsoft never does such things, but quite a few scammers do claim to be Microsoft when trying to gain access to your system. A moderately-computer-literate friend got infected with ransomware a few months ago, thanks to a phone call "from Microsoft" on which he acted and let them in. Fortunately he was able to recover his data without paying the ransom, but it cost him a couple of hundred dollars to a disk recovery service to get it back!
OZO
Premium Member
join:2003-01-17

OZO to jaykaykay

Premium Member

to jaykaykay

Usually when it happens and I call him to come look, they’ve gone by the time he gets here.

Is it her husband, watching what she's dong with RDP?

jaykaykay See Profile, I know you've mention that RDP it turned off now. But it's easy to turn it on and off while having physical access to computer... And, in this case, anti-... programs will not find anything. It could also explain why this happens: "substitute similar words within my emails to change the meaning.".

It's just a guess, of course

buckingham
Doylstown Pa
Premium Member
join:2005-07-17
Buckingham, PA

buckingham to jaykaykay

Premium Member

to jaykaykay
said by jaykaykay:

I have allowed over-the-phone fixers into my computer but they were always from Microsoft.

Rutt-roh!

Just seeing that screams "trouble in River City"...I sure hope that this person doesn't use their computer for any financial dealings or store any financial date on it...

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

jaykaykay to OZO

MVM

to OZO
No. It is not her husband! And I know full well why my friend is using similar words to change meaning, and it has nothing whatever to do with her husband. But, thanks for the guess. This one was way off, but I appreciate your thought any way.
jaykaykay

jaykaykay to jimkyle

MVM

to jimkyle
Not knowing if MS does this, I could not respond to my friend at all on that basis. I will say what raises my hackles is the Geek Squad, but I cannot tell anyone not to use them after buying from them. I just wouldn't let them do anything over the phone, but that's just me. I realize scammers do claim to be from MS. I've hung up on too many of them to count! With your doubt about MS, I will make sure that my friend reads as this thread goes on with people making suggestions. Thank you.
jaykaykay

jaykaykay to buckingham

MVM

to buckingham
Me too!

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

1 recommendation

Blackbird to jaykaykay

Premium Member

to jaykaykay
I've yet to find anything 'official' in writing that states that Microsoft never supplies support over a remote assistance connection, although they have stated in several places that they never "cold-call" users to offer such assistance. If the 'support' call is unsolicited and purportedly "free", it's never originating from Microsoft.

As far as the Geek Squad support for this user, it will only be as ethical as the particular techs involved... and I'll say no more about that, other than to state that this is the key reason I recommended earlier getting an independent, competent, and trustworthy 3rd party involved in the analysis/repair. Trust in a situation like this is crucial, and should be independently established.

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

1 edit

jaykaykay

MVM

I cannot find anything that says that they don't offer it either, but I don't know of anywhere where they say they do either. As to a cold call........my phone slams down immediately, and if the Geek Squad asks me to connect with them that way, no way either. It's taken me 3 years working with my independent 'computer guru' before ! would do it myself.

Just checked again, using your words for my search, and I found out that they do. Big surprise to me!

»startpage.com/do/search? ··· =english

and

»www.google.com/search?q= ··· &ie=&oe=

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird to jaykaykay

Premium Member

to jaykaykay
My opinion (which is all it is) is that there may perhaps be a few situations where a MS support tech might need and obtain permission to remote into a computer to help resolve a problem. But that would only ever occur within the context of an already ongoing problem resolution procedure with the user, and only after all manner of other attempts at directing the user to do various things had been exhausted... and I can only imagine any such genuine MS remote assistance would occur rarely, if at all. If MS legitimate remote assistance did not exist at all, I'd imagine there would be categorical MS statements to that effect in light of all the frauds floating around involving purported offers for an "MS" tech to remote in to fix something. Instead, all I've seen are MS statements that they don't "cold call" users with such offers.

Voxxjin
Made of Hamburger
Premium Member
join:2010-01-13
Dupont, WA

1 recommendation

Voxxjin to jaykaykay

Premium Member

to jaykaykay
When you say the mouse (curser) moves, is it moving like someone is controlling it---moves in non-straight lines? Or does it drift off to a side and then maybe disappears? As others have mentioned, it could just be a dirty mouse. Has you friend tried using a different mouse?

Maybe I missed it but is this a leptop or a desktop? I have had laptops where the pad has gone bad and causes the curser to drift. And I have to 'fight' it to get the curser to where I want.

Now does it happen on multiple webpages? Does it happen on things like Word? Does it happen whether or not you are connected to the net?

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

jaykaykay

MVM

Your questions are good ones for which I don't have the answer. The first thing I suggested this AM was for my friend to clean the mouse or get a new one. I don't believe that it happens in Word or when they are not connected to the Net. And I don't think it happens on a web page, but will have them read your questions.

DownTheShore
Pray for Ukraine
Premium Member
join:2003-12-02
Beautiful NJ

DownTheShore to jaykaykay

Premium Member

to jaykaykay
What email program is she using?

She may have spell check turned off, but does she have any parental controls enabled on her computer? Does she have any young children using her computer for which she might have installed some kind of nanny software which would prevent her from using "bad language" and replace it with more acceptable language automatically?

Is she the only person who uses that computer?
rfnut
Premium Member
join:2002-04-27
Fisher, IL

rfnut to jaykaykay

Premium Member

to jaykaykay
Possible programming issue on a custom keyboard? One of them fancy ones with macro buttons for email web etc going wonky. Maybe something in the keyboard driver with a one click button for spellcheck email?