Jump to content

Downloaded .RAR file, now there's screen and mouse flickering.


Recommended Posts

A friend recommended me a RAR file to download through MediaFire for an application that he himself had downloaded and reported no issues with. Since downloading this file and extracting the program through Bandizip, there's been two instances that have scared the hell out of me.

Out of seemingly nowhere when running chrome, my screen started to flicker, tabs started moving by themselves slightly off-screen, my mouse appeared to flicker back and forth, but i still had some control, and a new tab opened on chrome and characters started typing themselves into the top search bar by themselves. On the second instance, the same thing happened, except the downloads tab file location opened itself up when i had never clicked on it before. On both of these instances, I turned off the laptop via holding down the power button for like 10 seconds to hard reset it.

I'm worried that somehow my computer is being controlled with malicious intent, but after running scans on the file in question and my entire hard drive using both the Windows Defender and Malware-Bytes Anti-Malware corporate scanning, nothing pops up at all, and I'm worried that the issues will continue to persist. Please help if possible!

Here's the text log of the quick scan for the corporate scan, the full scan with windows defender scanned all my files and returned similar results:

 

Malwarebytes Anti-Malware (Corporate) 1.80.2.1012
www.malwarebytes.org

Database version:
  main:    v2020.06.27.08
  rootkit: v0000.00.00.00

Windows 10 x64 NTFS
Internet Explorer 11.900.18362.0
micro :: LAPTOP-F0CHSQSO [administrator]

6/28/2020 12:37:56 AM
mbam-log-2020-06-28 (00-37-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: 
Objects scanned: 193274
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here's the log of the .rar file scanned in question:

Malwarebytes Anti-Malware (Corporate) 1.80.2.1012
www.malwarebytes.org

Database version:
  main:    v2020.06.27.08
  rootkit: v0000.00.00.00

Windows 10 x64 NTFS
Internet Explorer 11.900.18362.0
micro :: LAPTOP-F0CHSQSO [administrator]

6/28/2020 1:01:28 AM
mbam-log-2020-06-28 (01-01-28).txt

Scan type: Custom scan (C:\Users\micro\Downloads\Adobe Photoshop 2020 21.0.1.47 (x64) RePack by SanLex [Multi.Ru].rar|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra
Objects scanned: 1
Time elapsed: 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 


 

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's check further.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please attach the log for my review.

Wait for further instructions
====

Link to post
Share on other sites

Hi,

Remove these program(s) in bold using the Control Panel > Programs > Programs and Features...
App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.272.1.295 - SweetLabs) <==== ATTENTION
App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.272.1.295 - SweetLabs) <==== ATTENTION
App Explorer (HKU\S-1-5-21-1724635325-1095639183-1519823991-1001\...\Host App Service) (Version: 0.273.4.137 - SweetLabs) <==== ATTENTION
<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists and Chrome is Synced with other Devices reset it.

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

https://support.google.com/chrome/answer/185277

Execute the suggested fix.

Restart the computer normally.
===========

Is the problem solved?

 

p.s.

Pasting the logs was OK. Thanks.

fixlist.txt

Link to post
Share on other sites

Hello, I've run the file, reset my computer, and reset chrome syncing on this device. Attached is the fix log file. 

In the previous response, there were what appeared to be 3 different versions of the same application. In my control panel, I was only able to find the most recent version below, and it was removed before executing the restart. The other two versions above, I couldn't locate in the control panel, is this something to be worried about.

App Explorer (HKU\S-1-5-21-1724635325-1095639183-1519823991-1001\...\Host App Service) (Version: 0.273.4.137 - SweetLabs) <==== ATTENTION

-The file in question, which was the only version i could find in the control panel^^

Additionally, what was this software doing to my computer that was causing it to freak out the way it did? Please let me know.


My primary issue with the various flickerings occured only two times, about a day apart each through moderate use of the computer. As a result, I don't have a way to monitor it other than when it actually happens; if it does occur again I'll be sure to let you know.

Fixlog.txt

Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.