Security - How deeply can malicious software get into hardware?

[Alir]

Last year my desktop's drives were infected with malicious software. It was causing my windows on the screen to unclick once every several seconds.

 

I thought the problem was solved. I copy and pasted my main hdds' files to my laptops hdd. Used Linux mostly after that on my laptop. Avast for Linux and ClamAV (linux) both confirmed my hdd is clean - might not be though. Also, Windows 8.1 AVs on my laptop have also confirmed my drive is clean - Malwarebytes, ESET SS, Sophos. Worth noting however that the chances of the virus spreading is very slim - it would have to run on both Linux and Windows as I only used Linux when creating the USB to install windows.

 

Now I have changed my desktops' mobo for a separate reason and I have noticed that once every few minutes when I'm not using my computer, the window is unclicking. I notice it at the corner of my eye. I *might* be imagining it. Have not been looking dead on at the monitor and the window.

 

But my question is... how likely is it that this bugger of a virus/malware/etc has either infected the firmware/[the place where the firmware is installed] in my cd drive, hdd, or possibly even my mouse? Or maybe the malicious software survived and has copied itself from my laptop back to my desktop? Worth noting, this *is* possible but the likelihood is very low. Snowden leaks confirmed the NSA can do this. Safe to assume there are hackers or coders out there who also know how to. They must be pretty determined.

 

What's interesting to note however is that Windows 8.1 on my laptop has *NOT* been unclicking, ever. This problem has only presented itself on my desktop.

 

Alternatively, anyone think this could be some kind of hardware issue or conflict? Though worth noting I HAVE changed my mobo and with it all my main drivers.

 

KB: Corsair K65, Mouse: Razer Ouroboros.

Though worth noting my kb is new and did not affect my last install of Windows on my desktop.

 

Note: While typing this, I noticed the window unclick! I'm definitely not imagining it. There is no way to express how P'd off I am. I spent ages dealing with this problem last year.

 

If it isn't caused by malicious software, would it also affect Linux? Thinking of installing Linux on my desktop to see if windows unclick there as well.

[vanished]

I heard some viruses can get into the firmware of your HDD and actually reserve certain portions secretly and copy files for purposes later, but it was extremely advanced stuff and purpose built.  As in, you would have to have detailed knowledge of the firmware of the drive, since it depended on unpublished features.  Basically only the HDD company or the government, since they had gotten it somehow, could create it.  And this, like stuxnet, was very targeted.  I doubt you've got anything like that

[Alir]

1 minute ago, vinyldash303 said:

Your mouse button might be screwed up. I don't think someone would go through all the trouble of getting a virus into the firmware on your mouse, specifically to unclick your windows.

I assume that the mouse unclicking might just be a side effect as opposed to being the sole purpose of the 'virus'.

 

However I tried using a different mouse last year and the unclicks were still happening.

[Guest Generallee]

2 minutes ago, Ryan_Vickers said:

I heard some viruses can get into the firmware of your HDD and actually reserve certain portions secretly and copy files for purposes later, but it was extremely advanced stuff and purpose built.  As in, you would have to have detailed knowledge of the firmware of the drive, since it depended on unpublished features.  Basically only the HDD company or the government, since they had gotten it somehow, could create it.  And this, like stuxnet, was very targeted.  I doubt you've got anything like that

That is veeeery unlikely. For a malicious program to "infect" a firmware, it has to flash it on behalf of the user, which is nearly impossible because the said device will unplug during the flashing process, causing the user to freak out, not to mention that it is a pain in the ass to code since there are so many variations of so many firmwares of a said device, no one has the time for that even the blackest of blackhats

 

I think OP's imagination is at work here

[Alir]

5 minutes ago, Ryan_Vickers said:

I heard some viruses can get into the firmware of your HDD and actually reserve certain portions secretly and copy files for purposes later, but it was extremely advanced stuff and purpose built.  As in, you would have to have detailed knowledge of the firmware of the drive, since it depended on unpublished features.  Basically only the HDD company or the government, since they had gotten it somehow, could create it.  And this, like stuxnet, was very targeted.  I doubt you've got anything like that

Worrying.

 

I also didn't mention that I have formatted the hdds in different ways and then proceeded to securely erase all data on my 2 HDDs several times over.

 

I have 2 HDDs: the 1TB one and 1 750GB one. the 750GB one is unrelated to last year. the 1TB one was whole disk encrypted meaning that if the hdd was in fact infected, so long as the drive was not mounted via Truecrypt, the 'virus' could not have any effect. This was evident last year as when I installed Windows completely as new, everything would run perfectly fine, right until I would decrypt the drive. At which point the unclicking started.

 

I DID in fact use Linux on my desktop last year when transferring all my files and deleting old files. the 'virus' had no effect on Linux.

[Guest Generallee]

Just now, Alir said:

Worrying. 

Dude, chill. There is no virus on your HDDs. no known "virus" can survive a hard drive erase, and the odds of it being hidden in the firmware of your drives is so small it's nearly impossible.

[Alir]

Is the unclicking of a Window a common occurrence within Windows? Like the unclicks that are happening now take place at least 5 minutes after I have stopped pressing any buttons on my keyboard or mouse.

 

So I am wondering whether this a result of a background Window task. Which also seems odd because I have never experienced this on any other Windows computer before.

[Alir]

19 minutes ago, vinyldash303 said:

I'd get your tinfoil hat out.

 

18 minutes ago, Generallee said:

That is veeeery unlikely. For a malicious program to "infect" a firmware, it has to flash it on behalf of the user, which is nearly impossible because the said device will unplug during the flashing process, causing the user to freak out, not to mention that it is a pain in the ass to code since there are so many variations of so many firmwares of a said device, no one has the time for that even the blackest of blackhats

 

I think OP's imagination is at work here

 

13 minutes ago, Generallee said:

Dude, chill. There is no virus on your HDDs. no known "virus" can survive a hard drive erase, and the odds of it being hidden in the firmware of your drives is so small it's nearly impossible.

My point is it's possible, and at this point in time I don't see a logical explanation as to why the unclicking is happening again unless a firmware somewhere somehow has been infected.

 

The only way a malicious software could actually have been transferred from my laptop, to my desktop is if the .iso for Windows 8.1 was infected. Which from my understanding of ISOs would corrupt the ISO file and render it unusable.

 

Unless of course the malicious software, if indeed that is the culprit, runs on both Linux and Windows which is even less likely. If not, impossible

 

I will try and find out if this is being caused by Windows itself - if you have any ideas as to where to start that would be appreciated

Edited February 12, 2016 by Alir
check bold

[HPWebcamAble]

Is it possible? Yep. Likely? No.

 

Check your program list and running processes in Task Manager. If you don't see anything strange, you're fine.

You've already run multiple anit-virus programs.

 

Post a video of the 'unclicking' if you can.

[Alir]

1 hour ago, HPWebcamAble said:

Is it possible? Yep. Likely? No.

 

Check your program list and running processes in Task Manager. If you don't see anything strange, you're fine.

You've already run multiple anit-virus programs.

 

Post a video of the 'unclicking' if you can.

The unclicking is pretty much just the colour of the border going white and then going back to the original colour. Except when it unclicks the window, it doesn't click a specific window, it clicks... nothing apparently. Or maybe the  taskbar. I have another idea. It might be because of the Case's USB ports being faulty. I'll use the mobo ports and see if it still happens.

[Alir]

1 hour ago, vinyldash303 said:

A different windows 8.1 iso, then nuke and pave over the install and see if it is still happening. I'd imagine the way you hold the mouse could impact it, but I've got nothing other than that. I dunno. Good luck!

I'll try a different ISO.

 

What do you mean by nuke and pave over the install? Just format my SSD and install?

[vanished]

4 hours ago, Alir said:

I assume that the mouse unclicking might just be a side effect as opposed to being the sole purpose of the 'virus'.

 

However I tried using a different mouse last year and the unclicks were still happening.

Yes, side effect would be my guess too, if there really is anything going on here at all (not convinced there it at this point honestly).

 

But I'm not at all surprised changing mice did nothing - I feel like your mouse would be completely unrelated and this would still happen with it unplugged.

3 hours ago, Generallee said:

Dude, chill. There is no virus on your HDDs. no known "virus" can survive a hard drive erase, and the odds of it being hidden in the firmware of your drives is so small it's nearly impossible.

No.  Wrong.  This was discovered months ago:

http://www.pcworld.com/article/2884952/equation-cyberspies-use-unrivaled-nsastyle-techniques-to-hit-iran-russia.html

[Alir]

17 hours ago, Ryan_Vickers said:

Yes, side effect would be my guess too, if there really is anything going on here at all (not convinced there it at this point honestly).

 

But I'm not at all surprised changing mice did nothing - I feel like your mouse would be completely unrelated and this would still happen with it unplugged.

No.  Wrong.  This was discovered months ago:

http://www.pcworld.com/article/2884952/equation-cyberspies-use-unrivaled-nsastyle-techniques-to-hit-iran-russia.html

 

Thanks.

 

I'll try reinstalling this time with a fresh iso. If the problem persists after that I will post back.

[Alir]

I just got an(other) idea. Is it possible this could be caused by Intel:

Smart Connect

Rapid Storage

Rapid Start

 

I'm looking at the Taskbar and the likely culprits (if this is being caused by any processes in the taskbar) are the above.

 

The only other processes that I had the last time I was experiencing this problem are Flux, Steam, Malwarebytes (premium), one of the MSI GPU programs and Razer Synapse.

 

I uninstalled Razer Synapse last time and it was still happening. The others don't seem like they would cause this. Maybe flux or Malwarebytes if the problem is caused by a bug or conflict.

 

Though it is also worth noting that the deselecting right now is no way near as bad as it was last year. Like. Literally. I'm "lucky" if I can even spot the deselecting. Last time it was happening once every 5-10 seconds.

[Alir]

Does anyone have any thoughts as to if any of the above programs could be causing this?

[vanished]

1 hour ago, Alir said:

Does anyone have any thoughts as to if any of the above programs could be causing this?

no idea, but I can tell you that it's probably a few orders of magnitude more likely that it's some badly coded program than a super virus

[Alir]

1 minute ago, Ryan_Vickers said:

no idea, but I can tell you that it's probably a few orders of magnitude more likely that it's some badly coded program than a super virus

That's probably true.

 

Last year was most definitely malware/'virus'*1. This time the deselecting/unclicking is very rarely happening. Is this normal though? I remember before last year, my experience with Windows, there were times when the window would deselect; eg. when i'd get notifications in some programs. So is the deselecting of windows normal in Windows?

 

I'll be concerned if the deselecting starts becoming more and more frequent - it started off before as only a few deselecting.

 

*1 I use virus as a generic term. Not many people actually know the difference between virus, malware, etc.