TechSpot

Random Sound Virus Windows XP please help

Solved
By apathy00
Aug 19, 2010
Topic Status:
Not open for further replies.
  1. I believe my computer has been infected by the Random Sound Virus. It fits the profile described in other posts (Random sounds, ads, etc play automatically while connected to the internet.) I have run TFC and Malwarebytes' Anti-malware. I have also followed the instructions to the point of running ComboFix. I have attached the combofix log for your reference. I am currently running Windows XP Professional Version 2002 Service Pack 2.

    Please help to disinfect. Thank you

    Attached Files:

  2. crunchie

    crunchie Malware Helper Posts: 761

    Hi and welcome to TechSpot forums :).

    ====

    Please read the directions given here and when done, post the requested logs.
    Please do not attach the logs unless requested, or unless they are to large to paste.
  3. apathy00

    apathy00 TS Rookie Topic Starter

    All steps have been followed as described. I was not 100 percent sure on which to paste and which to post. I have included all attachments. please let me know if a post is more appropriate or needed. Thanks,

    Attached Files:

  4. crunchie

    crunchie Malware Helper Posts: 761

    Please download JavaRa

    If you get this message:
    Problems with the download? Please use this direct link or try another mirror.

    Select the Direct link download unzip it to your Desktop.

    Double click JavaRa.exe then click Remove Older Versions.

    Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

    Next, open JavaRa.exe again, and select Search For Updates.

    Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

    In Vista and Windows 7 run the tool as Administrator.

    ==========

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  5. apathy00

    apathy00 TS Rookie Topic Starter

    Step 1 Remove Java Complete (attached)
    Step 2 Install New Java Complete
    Step 3 Bootkit info below

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.1.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    55 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...

    Attached Files:

  6. crunchie

    crunchie Malware Helper Posts: 761

    Ok. Since running combofix, have the symptoms remained?
  7. apathy00

    apathy00 TS Rookie Topic Starter

    After multiple shutdowns and restarts today I have not heard any of the sounds or popups show up. I saw in the combofix log that it showed a couple items disinfected. I wasn't sure if that would resolve the infection or if there was anything else that needed to be addressed.
  8. crunchie

    crunchie Malware Helper Posts: 761

    I cannot see anything else there, but it will be worth doing an on-line scan to make sure.

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

  9. apathy00

    apathy00 TS Rookie Topic Starter

    Looks good found 0 cleaned 0 Thanks for your help.

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=387a824339fdef4ca84066e310d0c946
    # end=stopped
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-08-20 05:11:53
    # local_time=2010-08-20 12:11:53 (-0600, Central Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=11481
    # found=0
    # cleaned=0
    # scan_time=1151
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=387a824339fdef4ca84066e310d0c946
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-08-22 01:32:55
    # local_time=2010-08-21 08:32:55 (-0600, Central Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=48931
    # found=0
    # cleaned=0
    # scan_time=2213
  10. crunchie

    crunchie Malware Helper Posts: 761

    Looks good :). Just do the following and you should be good to go.

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC by OldTimer:
    Save it to your Desktop.
    Double click OTC.exe.
    Click the CleanUp! button.
    If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.