Jump to content
Geronimo35

'Double' click virus from "checking your browser..." sites.

Recommended Posts

Posted (edited)

Hello all,

I have a repeating problem with a virus/malware that makes a single click on my mouse turn into a double click totally randomly. This is extremely annoying, for example when you tick a box, it automatically unticks it. Or when you try to drag a group of icons or files it stutters and you're selecting only partially or even nothing at all. Sometimes it happens rarely, sometimes all the time. And it has nothing to do with my wireless mouse, battery, or any other hardware issue. 

I'm quite certain that specific sites are somehow either causing this virus or making it worse. There are websites that gives a message like "Checking your browser before continuing..." A few examples are:

https://www.scidev.net/asia-pacific/disease/news/oral-polio-drops-linked-to-paralysis-in-india.html

https://torrentz2.eu

 

And I've seen it on many porn sites, sites related to downloading ebooks, but also regular sites that don't look suspicious at first hand. I'm quite convinced the "Checking your browser..." process installs a line of code somewhere on my pc and then activates itself after restarting the computer. 

I can remember from years ago that Malwarebytes DID catch this process as malware and removed them. But lately it doesn't and I keep hitting these sites even if I try to avoid porn sites! This situation is intolerable, and I would like to ask the community and Malwarebytes itself to investigate. 

To add to this: I was able to kill this virus for several years by just formatting my 😄 drive regularly and starting over with a fresh install. I had this problem both on Windows 7 and Windows 10, and since I switched to SSD and Windows 10 I had this trick of formatting the 3 partitions (one for recovery, and the others for boot info) and wiping it with zero's. This worked for a long time, but now it doesn't anymore. 

And furthermore, I have tried lots of anti-malwareprograms, including running them in Safe boots: Malwarebytes (Premium), Roguekiller, ZHPCleaner, Rkill, FRST64 and TDSSKiller. None of them showed a positive malware hit. 

I'm also wondering if viruses/malware can 'hide' themselves in the partitions that are created on the 😄 drive to for boot sections and recovery. Does Malwarebytes catch this? Or is this not a valid idea? 

Edited by AdvancedSetup
removed live hyperlinks

Share this post


Link to post
Share on other sites
Posted (edited)

Hi there, I'm never logged into my browser so I don't think it can be a synch issue. I also don't think it messes with the mouse but that this malware causes some kind of stutter which makes the mouse click twice when you click it once. 

I found another case of this: 

 

https://www.techspot.com/community/topics/resolved-double-click-virus.145074/

 

Edited by AdvancedSetup
removed live hyperlinks

Share this post


Link to post
Share on other sites

Okay, no problem. Let me have you run the following please.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Share this post


Link to post
Share on other sites

Malwarebytes.report.txt Here are my reports. I have Malwarebytes Premium so I'm running a scan daily. Also I performed a FRST scan earlier also in safe mode. As I said, none of the spyware and anti-malware programs I used found a hit. So I'm really, really curious what's going on and what those kind of websites do with their "Checking your browser before continuing..." process. 

AdwCleaner[S00].txt FRST.txt Addition.txt

Share this post


Link to post
Share on other sites

Your Event Logs are showing a few errors which may be manifesting itself in something you're seeing. Often many errors cause issues but often are not seen physically, perhaps in your case one of them is showing something you notice.

Please try the following

Open an elevated admin command prompt and type in the following or copy/paste and press the Enter key.

sfc /scannow

Then run the following

DISM.exe /Online /Cleanup-image /Restorehealth

Then run the following and press the Enter key after each line

NETSH winsock reset catalog
NETSH int ipv4 reset reset.log
NETSH int ipv6 reset reset.log
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns

Use Disk Cleanup

 

Then restart the computer and see if you're still experiencing this issue.

 

Share this post


Link to post
Share on other sites

Hello thanks for your help, it's a bit early to say because sometimes it just pops up randomly all of a sudden but I believe it 'feels' better already. My mouse is behaving more naturally and going over places smoothly instead of stuttering here and there. I included the logs from scannow. 

What was that part about ip4 and ip6 reset about and are there potentially any problems not resetting your IP from time to time? 

I know the report from scannow is long, but do you perhaps see anything that I should pay attention to? 

I also have to admit that I'm using a Windows 10 debloater from Reddit: https://www.reddit.com/r/usefulscripts/comments/9s5zqn/powershell_windows_10_debloater_scripts_and_gui/. Maybe that caused some issues too. 

Malwarebytes.report.txt

Share this post


Link to post
Share on other sites

I don't see the report for SFC but normally at the end it either has a success or an error message.

Keep me posted. I'll leave the topic open a while longer

Cheers

 

Share this post


Link to post
Share on other sites

2020-06-03 21:04:59, Info                  CSI    000001f4 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired

 

Share this post


Link to post
Share on other sites

I don't believe the computer is infected, but you can run a secondary scanner to double-check and ensure nothing found.

Please download and run the following Kaspersky antivirus scanner to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything or not

Share this post


Link to post
Share on other sites

I ran that scan several times prior to posting my problem here, no positive results. 

I'm sorry to inform that the problem still exist :(  I'm really convinced that the sites that I mentioned in my OP are causing this issue and I can't stress enough how I would like Malwarebytes to investigate these sites.

https://www.scidev.net/asia-pacific/disease/news/oral-polio-drops-linked-to-paralysis-in-india.html

https://torrentz2.eu

I think they install some code and that you can only delete this by formatting the 😄 drive in a specific way. And that it is some really smart process since none of the anti-malware programs are able to pick up on this. 

Share this post


Link to post
Share on other sites

Well I'm sorry but there is no way for us to assist you further with this. The computer is not infected. If you don't like the behavior of those sites I'd recommend not visiting them.

I do not experience any issues in visiting either link. CloudFlare is simply verifying that you're not a bot or known threat actor trying to access the site.

0/80 on VT
https://www.virustotal.com/gui/url/fdc75fa84dc0cabfebbb04a2cb29126f5f9b186cd5275052e168fd316bc6523d/detection

0/80 on VT
https://www.virustotal.com/gui/url/953ec84f172d3dc2dd70046c82b0c150b501608d5381ba53517354e980fe919f/detection

Unless there is something else we should be done here

 

Share this post


Link to post
Share on other sites

They don't have this process for nothing. No normal site has this process, so I'm very sure this process is trying to infect computers with something malicious. And it can be very tricky so the results may not be obvious but any website that has to check 'the browser' in order to continu is very suspicious! I'm disappointed that Malwarebytes is not willing to follow up on this so I will try with other communities. 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.