Avast WEBforum

Other => Viruses and worms => Topic started by: jeffstones0987 on March 26, 2020, 01:52:52 PM

Title: Threat: HTML:EvilCursor-B [Trj] - Action: Delete - Error: Access is denied (5)
Post by: jeffstones0987 on March 26, 2020, 01:52:52 PM

Hi,

I've just had this threat recognised during a full scan. I have attached images of the scan result. The first 2 items were deleted but the next 2 came up with Error: Access is denied (5). I have since run another full scan and boot-time scan and no infected files were found. Is this threat something I should be worried about and are there any further steps that need to be taken to ensure it is gone? TIA

Title: Re: Threat: HTML:EvilCursor-B [Trj] - Action: Delete - Error: Access is denied (5)
Post by: Asyn on March 26, 2020, 02:27:05 PM

Start a topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4
Instructions (basic diagnostic logs): https://forum.avast.com/index.php?topic=194892.0

Title: Re: Threat: HTML:EvilCursor-B [Trj] - Action: Delete - Error: Access is denied (5)
Post by: Pondus on March 26, 2020, 03:02:25 PM

HTML:EvilCursor-B [Trj] = FakeAlert / Cursor hijacker

If you clear chrome surf history cache it should be gone if avast did not do it

https://www.digitalinformationworld.com/2019/03/google-chrome-fix-evil-cursor-bug.html

https://blog.malwarebytes.com/cybercrime/2018/09/partnerstroka-large-tech-support-scam-operation-features-latest-browser-locker/


==========================================================
The evil cursor
There are many different documented techniques that can be used to prevent users from closing a tab or browser window, and often times those are specific to each browser. For instance, Edge and Firefox users will often get the authentication required prompt in a loop, while Chrome users are served with more nasty stuff, such as actual attempts to freeze the browser or trigger thousands of downloads.

In early September, we came across the Partnerstroka group again and noticed that they had incorporated a browser locker technique that was working against the latest version of Google Chrome (69.0.3497.81). Similar to other tricks, it effectively prevented from closing the offending page because the mouse cursor had been hijacked.
============================================================

Title: Re: Threat: HTML:EvilCursor-B [Trj] - Action: Delete - Error: Access is denied (5)
Post by: jeffstones0987 on March 26, 2020, 06:15:40 PM

Thanks Asyn, I have started a new topic with the Malwarebytes & FRST logs.

& Thanks Pondus, I have cleared Chrome surf history as well.

Title: Re: Threat: HTML:EvilCursor-B [Trj] - Action: Delete - Error: Access is denied (5)
Post by: franKENstin on June 16, 2020, 01:21:54 AM

I have had the mouse hijack in the past(not log ago) never had it ided until I installed/ran avast full scan. It did stop me from having mouse/click interaction on web page's. I did a history delete/clean and full scan comes up with nothing ! Hop this helps ppl