Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Malware


  • Please log in to reply
6 replies to this topic

#1 water88

water88

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 02 January 2014 - 03:11 PM

I hear commercials and music through my speakers. Any help or advice on how to remove it would be appreciated.


Edited by hamluis, 02 January 2014 - 04:35 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:53 AM

Posted 02 January 2014 - 03:47 PM

Please download and run TDSSKiller.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 water88

water88
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 02 January 2014 - 03:51 PM

TDSSKiller didn't detect anything. The sound comes from Host Process for Windows Service which I can mute so I don't hear it. The process is called svchost.exe. However, if I end the process windows has to shut down and restart.



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:53 AM

Posted 02 January 2014 - 05:01 PM

What is showing under the Description column for this process?

 

In the Task Manager click on the Performance tab, then click on Resource Monitor.  See if you can find that svchost.exe and post the PID for it.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:53 AM

Posted 03 January 2014 - 10:50 AM

Hi,

 

Sorry to interject dc3, but this is a new (or so we think) malware infection and mbar should be updated to deal with it now:

 

Download Malwarebytes Anti-Rootkit from HERE to your Desktop.

  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:53 AM

Posted 03 January 2014 - 11:08 AM

 

Sorry to interject dc3, but this is a new (or so we think) malware infection and mbar should be updated to deal with it now:

 

No need to apologize, this is your specialty, I'll take any advice from you in this arena. :thumbup2:


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:53 AM

Posted 03 January 2014 - 11:14 AM

Hi dc3,

 

Hehe okay, been talking to Elise and watching around trying to figure this out. The svchost process itself is legitimate as far as I know, but one of the files of the services has been patched. MBAR should detect this patched file.

 

xXToffeeXx~


Edited by xXToffeeXx, 03 January 2014 - 11:14 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users