Was Infected with virus, deleted file that controls sound

Alright, so to start I'm running Windows XP SP 2 (A compaq so I never bothered with SP3)

The problem is that when I had the virus it was constantly shutting off my computer, not allowing any .exe's to run, or allow me to use the internet or download any files. So I was forced to go into safe mode and delete suspicious files manually from (First mistake..) the Windows and System 32 folder. Using info I got from the task manager before the virus evolved completely, I deleted most of the virus. Sadly, I also deleted a file that renders my computer unable to make ANY sounds such as music in games or songs. Although it makes the occasional bleep, nothing through speakers or headphones.

Yes, I know, I broke one of the golden rules of the computer. Mess with the windows folder

So would anybody be able to help me figure out what file it was I deleted? I can't use one of those file recovery things that brings them back from the grave because I did too much cleanup on the computer to get ride of the virus, and I may/may not have another virus still present.

The other virus hijacked my internet explorer and would use it to go to some sites that I cannot see. I would hear ads and the such when I had sound. I tried deleting internet explorer but somthing in there keeps bringing it back.

The path is C:\Program Files\internet explorer\connections wizard
I am not able to delete that last folder, connections wizard, but I can everything else. I turned a notepad into internet explorer.exe so that it can't use it
**Note that the normal name is Internet Explorer, capitalized**

So..anyone who can help me with my woes? Much appreciated, Bob.

Edit: Since remnants of the virus/es may still exist, I have moved the topic from XP to the more appropriate forum. ~ Animal

EDIT: Thank you Animal, I apologise.
Also I found that I get sound from my monitor but not from headphones.

Edited by Stelmack, 28 June 2009 - 07:33 AM.

Hi Stelmack,

Let's try a few things, because the real blessing of Windows XP is the inbuilt redundancy. Before I give you some instructions, I would like to tell you that when you have a virus, it is best to find the tool which is made to remove that virus. You can often do this by googling the file and tracking down the website (often one of the antivirus or antimalware companies) which posts a specific tool for what you have. Some of this malware removal capacity has been combined to create tools like MalwareBytes, which will remove the virus without your having to try removing it one file at a time.

Your thread was moved to this forum, because it was believed that you may still have malware on your computer, so let's run a couple of very standard scans and then I would like for you to run sfc /scannow, which will search your computer for corrupt or missing system files. That scan will look for the missing files on your computer and if it can't find them, will ask you to insert your XP cd. I will repeat some of this below, but in the case of sfc /scannow, you can use any XP cd which is the same as your computer ( for instance, if you have XP home, it needs to be XP home, if you have XP sp2 pro, it needs to be xp sp2 pro ).

So first will make sure your computer is free of malware and then we'll try to track down the missing file. Please do the following:



Step 1: ATF Cleaner

If you're running XP, please run ATF cleaner according to the following instructions. If you're using Vista, right-click on the icon and select "run as Administrator".

Please download ATF Cleaner by Atribune & save it to your desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main "Select Files to Delete" choose: Select All.
• Click the Empty Selected button.
• If you use Firefox browser click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  If you would like to keep your saved passwords, please click No at the prompt.
• If you use Opera browser click Opera at the top and choose: Select All
• Click the Empty Selected button.
  If you would like to keep your saved passwords, please click No at the prompt.
• Click Exit on the Main menu to close the program.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Step 2: MalwareBytes

Please download Malwarebytes Anti-Malware and save it to your desktop.
MalwareBytes

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable security programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Full Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Step 3: Next I would like for you to run an online scan called BitDefender

Note: You can only run this scan with Internet Explorer with Active X enabled.

Please run a BitDefender Online Scan

• Click I Agree to agree to the EULA.
• Allow the ActiveX control to install when prompted.
• Click Click here to scan to begin the scan.
• Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
• When the scan is finished, click on Click here to export the scan results.
• Click-on the Detected Problems tab. Then select Click here to export the scan report
• When the window comes up to save the report, change the Save as type box to Text (Tab Delimited) (*.txt)
• Then in the File name box enter bdscan then click save.
• Please upload this file with your next post as an attachment, or post the contents of the file into a code box. To do this, simply paste the contents of the file into your Add Reply box (do not use quick reply) and then highlight just those contents and click on the button five over from the smiley face beneath the fonts which is called Wrap in code tags. You can only see this if you allow your mouse to hover over that button.

Step 4: If any malware was found, please post the logs or reports for the following and then wait until I get back to you before you continue:MalwareBytes
BitDefender

Step 5: If no malware was found, please continue as follows. Otherwise wait until I can look at your reports.

Please go to Start > Run and copy/paste in sfc /scannow and click on ok. The scan should run for awhile and may ask you to insert your xp disk.

If the above scan does not work, please try the following: go to Start > Run and type in cmd and hit ok. In the window that opens up, type in sfc /scannow (making sure there is a space between the c and the /) and then hit the enter key. Sometimes when this scan won't run using the run window, it will run in the command prompt (the black dos-looking window).


Let me know how this all went?
Zllio