Greetings...I noticed a few weeks ago that my computer was playing unwanted audio ads/clips after I turned on my speakers to view an online video. At first I thought this was a glitch with the video, but then I discovered it to be an ongoing problem after I turned on my speakers and noticed the audio playing even without my Google Chrome or IE10 web browser launched.
Subsequently, I downloaded and ran TDSSKiller and was able to identify 2 "medium risk" items/files defined as potential threats: DotComLaunch and RpcSs.dll. TDSSKiller gave me the option of sending the items to Quarantine or Skip - I decided to skip until I knew more about what was going on with my computer.
Since TDSSKiller did not detect any malware that I could Cure or Remove, I decided to download Malwarebytes Anti-Malware and see if it could find any threats that could be removed. While I was running the full Threat Scan, a message from my Norton 360 anti-virus popped up and it indicated that it was working on processing a HIGH level threat named Trojan.Viknok.b. Norton 360 indicated that the trojan was quarantined and removed, and that I didn't need to take any further action. The Malwarebytes scan ended soon after and indicated that there were a couple PUPs on my computer that may be threats - seemed to be related to Google Chrome and some type of photography program - so I sent them into quarantine (which I have not yet deleted).
My computer speakers remained quiet for about an hour, but then the unwanted audio came back in spurts - it seemed to be having trouble playing, but it was still playing. Uhg!
After doing extensive research online, it appears that there are still remnants of the trojan on my computer and my options include - and may be a combination - of the following:
1. Restore my computer to an earlier point in time
2. Replace the infected RpcSs.dll file with a clean RpcSs.dll file (32-bit, Windows 7 compatible)
3. Download and execute a series of anti-malware/anti-spyware/anti-adware software programs to stop the malware processes and then remove the trojan / infection and the various traces it has left behind so that it will not come back.
I know I still have some work to do in order to permanently evict my unwanted guest, since the unwanted audio still returns sporadically and Malwarebytes has provided three pop up messages indicating that unauthorized websites are trying to access my Svchost.exe program file (I clicked 'Exclude Website' each time on these messages).
The malware removal techs at BleepingComputer.com seem to have a lot of experience eradicating these type of trojans and file infections, so I'm hoping you can help me finish the job (while helping many others along the way)...
Edited by HiggiStardust, 28 April 2014 - 05:39 PM.