Cursor problem/Boot virus?

I've had several threads related to this problem but I'm going to see if I can summarize everything to this point.

About last July, I started having strange cursor problems. The cursor would jump around, open links, open documents, etc. There were several circles that would appear and disappear on my screen and they would grab the cursor, sometimes showing more than one cursor. Sometimes when these appear, it's almost impossible to move the cursor to a different location, which makes it hard to even shut down. I've mostly gotten around that by bringing up Task Manager and shutting down from there.

Fast forward. I did a repair install of Windows 10. Before even one update was downloaded (turned off updates), the problem was back. The first time it was after I had an internet connection. I turned off wifi manually, even unplugged my modem, did the repair install again, turned off my VPN, and several startup programs to make sure none of them were the problem. Rebooted. Used the laptop without going online for most of the day and the problem reappeared after several hours. This tells me it's not related to the Windows 10 installation, nor about my internet connection.

At this point I wonder if it's a boot virus. A reformat of the disk may not get rid of it, or I'd just do a clean install. So, a few questions:

1) Does this sound like a boot virus. If so, it's the strangest I've ever heard of.
2) What utility would find the offending virus or malware?
3) What utility (same one, hopefully) will reformat the MBR as well as the rest of the disk so I can do a clean install. I'll run the utility from a USB.
3) I've done backups on a separate disk. Image on one partition, file system only on another. Do I need to check this disk for the boot virus as well?
4) I also have a 512GB USB which I use for files that I use frequently. Does this disk also need to be scanned for a boot virus?

Winver 22H2 Build 19045.2965

Simply do a clean install and delete ALL partition and let windows create new ones and it will format them

@rosawoodsii


It depends on where the virus is.

When you boot Windows it does things in this order... BIOS, then kernel, then Windows.

If the virus is in the kernel or Windows, a format (or better yet, a wipe), will get rid of it, and then the clean install will be effective. If the virus is in the BIOS, and you happen to be lucky... flashing the BIOS may remove it.

IF... flashing the BIOS can't remove it, then you'll need a new BIOS chip or a new motherboard.





From your description though, it sounds more like someone has remote access to your computer.
That could be why the cursor is clicking on links and opening programs, etc.

Ghot said:

@rosawoodsii


It depends on where the virus is.

When you boot Windows it does things in this order... BIOS, then kernel, then Windows.

If the virus is in the kernel or Windows, a format (or better yet, a wipe), will get rid of it, and then the clean install will be effective. If the virus is in the BIOS, and you happen to be lucky... flashing the BIOS may remove it.

IF... flashing the BIOS can't remove it, then you'll need a new BIOS chip or a new motherboard.

What is the difference between a format and a wipe? I assume the wipe overwrites the MBR but the format does not?
What is the best utility to scan the boot sector?
Is there a utility that would help me determine if it's the BIOS?

rosawoodsii said:

What is the difference between a format and a wipe? I assume the wipe overwrites the MBR but the format does not?
What is the best utility to scan the boot sector?
Is there a utility that would help me determine if it's the BIOS?

A "wipe" writes zeroes and/or ones to the entire drive. It's like a more serious, format.
A wipe, overwrites... everything.

For a recurring problem like you have... I would "wipe" the drive, then do a clean install.
IF... the problem still comes back then you probably have a BIOS/UEFI infection.

There IS a new BIOS/UEFI infection running loose right now.



But as I mentioned above... your cursor actively "clicking" on things, sounds more like someone is remote accessing your computer. There are a ton of ways that could happen. Programs like Hamachi, Team Viewer, etc., will give someone remote access. An example would be Screen sharing with someone like... Microsoft.
When they set that up... both of you (you and Microsoft), can control your mouse.
In other words, MS can remote access your computer when you do Screen Sharing with them.

I have no idea what programs, apps, or sharing things, you may have done in the past.
You may have... let some tech type somewhere have remote access... and it's still running.
It could also be a virus that allows the bad guy to remote access your mouse.


@flashh4 <---- this guy knows a lot about infections, etc.



Also... Bleeping Computer can walk you through virus removal. It takes a while, but if they say you're clean... then you're clean...

Virus, Trojan, Spyware, and Malware Removal Help Forum - BleepingComputer.com

bro67 said:

A boot virus ia not going to exhibit these kind of behaviors, faulty hardware will.

I dropped the laptop and there's a break in the lower right corner below the screen. Could that be the source? How would I verify that? I'm in Maine, so the DELL hardware is under warranty (but not a broken screen, since I dropped it), but the software is not. How would I determine what hardware is the problem?

- - - Updated - - -

Ghot said:

A "wipe" writes zeroes and/or ones to the entire drive. It's like a more serious, format.
A wipe, overwrites... everything.

For a recurring problem like you have... I would "wipe" the drive, then do a clean install.
IF... the problem still comes back then you probably have a BIOS/UEFI infection.

There IS a new BIOS/UEFI infection running loose right now.



But as I mentioned above... your cursor actively "clicking" on things, sounds more like someone is remote accessing your computer. There are a ton of ways that could happen. Programs like Hamachi, Team Viewer, etc., will give someone remote access. An example would be Screen sharing with someone like... Microsoft.
When they set that up... both of you (you and Microsoft), can control your mouse.
In other words, MS can remote access your computer when you do Screen Sharing with them.

I have no idea what programs, apps, or sharing things, you may have done in the past.
You may have... let some tech type somewhere have remote access... and it's still running.
It could also be a virus that allows the bad guy to remote access your mouse.


@flashh4 <---- this guy knows a lot about infections, etc.



Also... Bleeping Computer can walk you through virus removal. It takes a while, but if they say you're clean... then you're clean...

Virus, Trojan, Spyware, and Malware Removal Help Forum - BleepingComputer.com

The problem appeared even before I got back online. No one can remotely control my computer without internet access, and that can't happen when the modem is unplugged or the computer is otherwise without access. IOW, I don't have to be online or even have gotten online recently for the cursor problem to appear. And sometimes it shows up as soon as I boot up (no internet wince I have it on manual wifi), and sometimes it doesn't show up for hours. The computer could be going just fine for quite a while, or even sitting there doing nothing, and when I wake it up again, bingo, there it is again.
I'll look at the instructions for virus removal on Bleepiing Computer. Thanks.

rosawoodsii said:

I dropped the laptop and there's a break in the lower right corner below the screen. Could that be the source? How would I verify that? I'm in Maine, so the DELL hardware is under warranty (but not a broken screen, since I dropped it), but the software is not. How would I determine what hardware is the problem?

- - - Updated - - -



The problem appeared even before I got back online. No one can remotely control my computer without internet access, and that can't happen when the modem is unplugged or the computer is otherwise without access. IOW, I don't have to be online or even have gotten online recently for the cursor problem to appear. And sometimes it shows up as soon as I boot up (no internet wince I have it on manual wifi), and sometimes it doesn't show up for hours. The computer could be going just fine for quite a while, or even sitting there doing nothing, and when I wake it up again, bingo, there it is again.
I'll look at the instructions for virus removal on Bleepiing Computer. Thanks.

The fastest way to troubleshoot the problem is to "wipe" the drive, then do a clean install of Windows.
Then you'll "know" if the problem is in the software or in the BIOS or the hardware.

rosawoodsii said:

I dropped the laptop and there's a break in the lower right corner below the screen. Could that be the source? How would I verify that? I'm in Maine, so the DELL hardware is under warranty (but not a broken screen, since I dropped it).

I do believe that this was the most important piece of information that you should have posted. Again your hardware is faulty, there is no one trying to get into your machine, there is no virus.

Ghot said:

The fastest way to troubleshoot the problem is to "wipe" the drive, then do a clean install of Windows.
Then you'll "know" if the problem is in the software or in the BIOS or the hardware.

Or just get it replaced since they broke the device.