Mouse clicks intercepted

July 5, 2010 at 14:29:53
Specs: Windows XP
Unable to connect to Internet; unable to run applications except in Safe Mode. Cache shows cookies from and "PC is infected" message appears with path to antivirus software sold by antivirprime. This appeared at startup today. I went through this several months ago with prompts and nags for another antivirus package, but cannot remember how I solved the problem . . .

See More: Mouse clicks intercepted

Report •

July 5, 2010 at 18:43:32
Use the procedures as per my post here.

Include Malwarebytes.

Malwarebytes' Anti-Malware
Error codes
Common Issues, Questions, and their Solutions, Frequently Asked Questions.
Try it in Safe mode.
If it won't run, rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
If it still will not run.
1: Go to Control Panel > Programs and Features and uninstall Malwarebytes.
Next redownload Malwarebytes but rename it before you download it to your desktop. As you are in the process of downloading when you get to the point that the "enter name of file to save to" box appears, in the "filename" slot, rename mbam-setup.exe to something.exe, then click Save.
If it installed but will not run, navigate to this folder:
2: C:\Programs Files\Malwarebytes' AntiMalware
At the top of the page, Tools > Folder Options > View, click > Show hidden files and folders and untick > Hide extensions for known file types.
How to see hidden files in Windows
Rename all the .exe files in the Malwarebytes' Anti-Malware folder and try to run it again.
When it opens, update 1st.
If it won't update after installing, update manually.
Download & install.

Report •

July 6, 2010 at 10:40:08
Thanks, John. After walking back and forth between this PC and my alternate in another room for FIVE hours, downloading all sorts of "fixes", I ran MalWareBytes (after renaming it SamWareBytes.exe and unchecked the "Use proxy Server" box in the IE LAN settings, everything returned to normal. I have rerun MalWareBytes twice since then, and it has found at least three more potential threats each time. Now that the problem appears to be fixed, I am able to run the Microsoft Security Essentials application which has worked fairly well up until now.
My main question at this time is: How the heck did that MalWare get into my PC? And, who the heck is AntiVirPrime that took FIVE HOURS out of my life trying to force me to buy worthless antivirus software? There should be some legal consequences for lowlifes such as them!

Report •

July 6, 2010 at 12:07:10
Nice work bsamstag.

Your defense system is not good enough & someone clicked on a popup.

AntiVirPrime is one of millions, googling is the only way to find out more.

Now to leave no stone unturned, because no one program can keep up with the thousands of new versions of infections coming out each day, run the other programs mentioned in the link in my first post.

After doing that, deal with your temps etc & system restore, once they done, I shall give you info on how to improve your protection.
I also use Microsoft Security Essentials.

ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
This will remove all files from the items that are checked so if you have some cookies you'd like to save, please move them to a different directory first.

System Restore needs to be turned OFF & then ON again.
How to turn off or turn on Windows XP System Restore

Report •

Related Solutions

July 6, 2010 at 12:54:30
If you ever get a pop-up from one of those websites again do NOT use the mouse to clear it. Instead use the keys Alt+F4. The reason for this is that everything on the pop-up equates to "Yes" even the X at the right hand corner. Another way is to use Ctrl-Alt-Del and "end the process".

These things are often due to attacked webpages so difficult to avoid.

Consider "Drop My Rights" from MS. All XP users should be using it but very few do. Go here (the "how to" is on the next page). It all looks complicated but it isn't. All it requires is the installation of a very small program and a special shortcut to your browser. You won't notice it's there and it takes no resources. The only time I ever need the normal shortcut is for Windows "Manual" updates.

Google is NOT the only Search Engine!

Report •

July 8, 2010 at 09:55:12
Unfortunately, I did not connect your post with my problem until it happened to my "rescue" PC. Just after Windows XP started a pop-up displayed in the lower right corner stating that my Windows Security Essentials would expire in 30 days and that some doubt existed as to my Windows being genuine, etc. I MousedOver the link which appeared to point to "", so I assumed it to be genuine. IE opened but went nowhere saying that it could not find the server, etc. Same thing happened with FireFox. Network connections show that I have a good connection through my local wireless with many outgoing ("sent") counts, but no received counts.
I ran MalWareBytes on that PC, and it found 3 problems, 2 in the registry and one pointing to an old Norton Utility (fa.exe). Fixing those problems did not allow me to actually connect to any internet site. I have not tried booting in Safe Mode yet, since my best defense against FRUSTRATION was to shut the (blankety-blank) PC down and walk away.
I will follow "johnw"'s posting advice sometime today to see if that helps.

Report •

July 8, 2010 at 10:24:54
Follow up: Booting in Safe Mode allows me to connect to the internet. Concerning this current infection, what's the difference between Safe and Normal mode?

Report •

July 8, 2010 at 17:34:11
Infections may stop you running any programs, you may just be lucky be able to run programs in Safe mode. The longer you leave the problem, the worse it will get & you will find the computer unbootable.

Report •

Ask Question