Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop playing music in the background


  • This topic is locked This topic is locked
6 replies to this topic

#1 cebrooks42

cebrooks42

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 01 October 2014 - 09:01 AM

ok, so this has been an issue on a clients win7 laptop for some time. After many hours working to remove this I ended up formatting the drive and reloading. I backed up and restored the the users desktop and documents and then gave it back to him. a couple of days later he called and reported that the music is back.

 

I have a hijackthis log which I have attached to this port. I'm at a loss as to what it causing this behavior and would really appreciate the help.

Attached Files


Edited by cebrooks42, 01 October 2014 - 09:02 AM.


BC AdBot (Login to Remove)

 


m

#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:11 PM

Posted 01 October 2014 - 03:25 PM

Hello and welcome to Bleeping Computer.

Please download the Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)

Note: Wait for the direct download to begin, do not click on anything else on the page.

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it.
When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run.

Please attach that log to your reply.
The first time the tool is run, it makes a second log (Addition.txt).
Please attach that to your reply as well


STEP2:

Please download Malwarebytes Anti-Rootkit (MBAR) from here:
http://www.malwarebytes.org/products/mbar/ and save it to your desktop.

Doubleclick on the MBAR file and allow it to run.

•Click OK on the next screen, to allow the package to extract the
contents of the file to its own folder named mbar.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, do NOT press the Cleanup button when the scan completes. Click EXIT.

Before performing any removals, I'd like to see the log first so I can see what it will be targeting. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 cebrooks42

cebrooks42
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 01 October 2014 - 04:00 PM

Great, thanks for the reply. I've attached the logs as requested.

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:11 PM

Posted 01 October 2014 - 07:36 PM

were you able to run the MBAR scan as well?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 cebrooks42

cebrooks42
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 02 October 2014 - 08:53 AM

Just completed the scan and nothing was found.



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:11 PM

Posted 02 October 2014 - 11:13 AM

How does he connect to the internet (wifi, ethernet, router?) and what browser(s)are used.

Does the background music happen on all sites or random sites (what are they?

Does it happen with all browsers?

Please run the following:

Download the Avast Browser Cleanup tool from here:

http://files.avast.com/files/tools/avast-browser-cleanup.exe

Double-click on the downloaded file to execute the program.
It scans the computer for adware and other unwanted add-ons or extensions.
Remove the identified items and restart the browser.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:11 PM

Posted 23 October 2014 - 08:14 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users