Author Topic: Threat: HTML:EvilCursor-B [Trj] - Action: Delete - Error: Access is denied (5)  (Read 3248 times)

0 Members and 1 Guest are viewing this topic.

Offline jeffstones0987

  • Newbie
  • *
  • Posts: 3
Hi,

I've just had this threat recognised during a full scan. I have attached images of the scan result. The first 2 items were deleted but the next 2 came up with Error: Access is denied (5). I have since run another full scan and boot-time scan and no infected files were found. Is this threat something I should be worried about and are there any further steps that need to be taken to ensure it is gone? TIA

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 65381
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Start a topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4
Instructions (basic diagnostic logs): https://forum.avast.com/index.php?topic=194892.0
Win 8.1 [x64] - Avast PremSec 20.5.2415.BUC [UI.532] - CC 5.68 - EEK - FF ESR 68.10 [NS/AOS/uBO/PB] - TB 68.10 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36684
HTML:EvilCursor-B [Trj] = FakeAlert / Cursor hijacker

If you clear chrome surf history cache it should be gone if avast did not do it

https://www.digitalinformationworld.com/2019/03/google-chrome-fix-evil-cursor-bug.html

https://blog.malwarebytes.com/cybercrime/2018/09/partnerstroka-large-tech-support-scam-operation-features-latest-browser-locker/


==========================================================
The evil cursor
There are many different documented techniques that can be used to prevent users from closing a tab or browser window, and often times those are specific to each browser. For instance, Edge and Firefox users will often get the authentication required prompt in a loop, while Chrome users are served with more nasty stuff, such as actual attempts to freeze the browser or trigger thousands of downloads.

In early September, we came across the Partnerstroka group again and noticed that they had incorporated a browser locker technique that was working against the latest version of Google Chrome (69.0.3497.81). Similar to other tricks, it effectively prevented from closing the offending page because the mouse cursor had been hijacked.
============================================================



« Last Edit: March 26, 2020, 04:29:41 PM by Pondus »

Offline jeffstones0987

  • Newbie
  • *
  • Posts: 3
Thanks Asyn, I have started a new topic with the Malwarebytes & FRST logs.

& Thanks Pondus, I have cleared Chrome surf history as well.

Offline franKENstin

  • Newbie
  • *
  • Posts: 1
I have had the mouse hijack in the past(not log ago) never had it ided until I installed/ran avast full scan. It did stop me from having mouse/click interaction on web page's. I did a history delete/clean and full scan comes up with nothing ! Hop this helps ppl