Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

phantom audio ads playing on my computer


  • This topic is locked This topic is locked
10 replies to this topic

#1 llcnotell

llcnotell

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 02 January 2014 - 12:37 PM

Had family over for the holidays & was left with audio ads constantly running in the background of my comp, even with multiple removal software and reboots. I have only been able to isolate the audio by adjusting volume levels (note attachment "Name Not Available"). I am at my wits end. I have tried every suggestion listed:

MalwareBytes

Adwcleaner

JRT

SuperAntispy

Sophos

Rogue Killer

Hitman

e.t.c.

Any assistance or advice would be greatly appreciated.

Attached Files


Edited by hamluis, 02 January 2014 - 03:32 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:07 AM

Posted 02 January 2014 - 01:56 PM

Please download TDSSKiller and install it.  Then run the scan.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 llcnotell

llcnotell
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 January 2014 - 06:37 AM

Already did that. But, for you, i'll run it again...

 

Still, no luck :(rtz4.jpg


Edited by llcnotell, 03 January 2014 - 01:54 PM.


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:07 PM

Posted 03 January 2014 - 08:36 AM

Hi,

 

Please go to http://www.virustotal.com and upload the following file: c:\windows\system32\rpcss.dll

Just type the complete file path in the address bar, its unlikely you'll be able to see the file using the browse option.

Post the link to the scan results here in this topic. 

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 llcnotell

llcnotell
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 January 2014 - 11:32 AM

I entered c:\windows\system32\rpcss.dll into the virus total bar
and recieved a message back with a black exclamation mark in a triangle caution sign which read:
 
rpcss.dll
File not found.
Check the file name and try again.
 
Please advise...yo5j.jpg


Edited by llcnotell, 03 January 2014 - 01:55 PM.


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:07 PM

Posted 03 January 2014 - 11:33 AM

Hi,

 

Try this for me:

 

Download Malwarebytes Anti-Rootkit from HERE to your Desktop.

  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 llcnotell

llcnotell
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 January 2014 - 01:27 PM

After scan it reads:

 

Congratulations, no cleanup is required!

Scan Finished: No malware found!

 

Also, it does not create the two logs?

Please advisekvbg.jpgtv8q.jpg


Edited by llcnotell, 03 January 2014 - 01:59 PM.


#8 llcnotell

llcnotell
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 January 2014 - 02:02 PM

I've uploaded  screenshots to help you see what i'm seeing. also, it's still showing/playing the 'phantom' audio source pictured in the initial post ["name not available"]



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:07 PM

Posted 04 January 2014 - 05:25 AM

Hi,

 

On consideration, we need you to repost this issue with a DDS log so we can get it out.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well. 

 

xXToffeeXx~


Edited by xXToffeeXx, 04 January 2014 - 09:24 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:07 PM

Posted 04 January 2014 - 09:34 AM

Hi,

 

Make sure to follow the instructions in the post above. I have edited after talking with a colleague about this infection. Thank you.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 hamluis

hamluis

    Moderator


  • Moderator
  • 56,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:07 AM

Posted 05 January 2014 - 12:38 PM

MRL topic:  http://www.bleepingcomputer.com/forums/t/519677/phantom-audio-ads-playing-on-my-computer/

 

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users