Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Ads and Radio playing in the background Windows 10


  • This topic is locked This topic is locked
9 replies to this topic

#1 sungholy

sungholy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 14 May 2016 - 11:26 PM

Starting today, I constantly have this audio playing in the background which sounds like some foreign radio with ads. Although it is very feint, I still can hear it. The weird thing is, if i restart my computer, I start hearing it even before putting in my password, meaning it's probably not a program that I need to physically open (chrome, etc). The weird part is that even when I mute my computer, I can still hear it. It's a Lenovo ThinkPad 450s, I just got it this January and I have kept it bloat-free with very few programs installed. I find nothing suspicious in the task manager, and I have ran Adwcleaner, Malware bytes, and Windows Defender full scan and they've caught nothing. I would very much appreciate any help I can get on this. I am posting this in the security subforum because others with this problem seemed to relate this to a Trojan. Thank you for taking your time to read this and I eagerly await for your responses.



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 15 May 2016 - 12:29 AM

Hello sungholy and Welcome to the BleepingComputer. :welcome:  
 My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
Please do the following.
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

============================================================================
How are your PC and browsers  and are there still septoms ?
 
Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 sungholy

sungholy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 15 May 2016 - 12:54 AM

Hey, 

Thanks so much for your quick response! I've ran the AntiMalware and here is the result:

 

Zemana AntiMalware 2.20.2.613 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/5/15
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-5200U CPU @ 2.20GHz
BIOS Mode              : UEFI
CUID                   : 003776A523CD044AA2783A
Scan Type              : Smart Scan
Duration               : 1m 14s
Scanned Objects        : 20691
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
DO_NOT_TRUST_FiddlerRoot
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\FB792B4626BE080881EAAAD8A9BDE9BDAE40F5D4\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\FB792B4626BE080881EAAAD8A9BDE9BDAE40F5D4\Blob = 190000000100000010000000A090828F1ED0E3545B8CC26CB958A3FC02000000010000007C0000001C0000002C00000001000000000000000000000000000000020000004A006F00650053006F006600740000004D006900630072006F0073006F006600740020005300740072006F006E0067002000430072007900700074006F0067007200610070006800690063002000500072006F00760069006400650072000000030000000100000014000000FB792B4626BE080881EAAAD8A9BDE9BDAE40F5D4140000000100000014000000D956983D3D63D62246E58450D3F214F2C59D95D40F00000001000000140000002B66386A5F4CEC54C588A346B6B2104B71680BF120000000010000008903000030820385308202F2A00302010202107CAE9C7159DFB09042B16B66E3111CB0300906052B0E03021D050030818B312B3029060355040B13224372656174656420627920687474703A2F2F7777772E666964646C6572322E636F6D3121301F060355040A1E180044004F005F004E004F0054005F005400520055005300543139303706035504031E300044004F005F004E004F0054005F00540052005500530054005F0046006900640064006C006500720052006F006F0074301E170D3134313232393035303030305A170D3235313232393034353935395A30818B312B3029060355040B13224372656174656420627920687474703A2F2F7777772E666964646C6572322E636F6D3121301F060355040A1E180044004F005F004E004F0054005F005400520055005300543139303706035504031E300044004F005F004E004F0054005F00540052005500530054005F0046006900640064006C006500720052006F006F007430819F300D06092A864886F70D010101050003818D0030818902818100C34552BFD6F7DBB7F1C2DA0DCBC50C2B355C2447A8C8B722356C98F899849C2ECEDFE485F416C5AF719D4D4CF65B6107A910FBCB8C893EDAA8AFB3F9730C25EF89D5E67E495517EE153EF4A717ECE8B11525F0D0CDDA13935CDD68ED1BDCE4A898056D2E2ABF94AB487AB1088BC8D218837AEEA0687A6BFFA00D190D87AB0A090203010001A381EF3081EC30120603551D130101FF040830060101FF02010130130603551D25040C300A06082B060105050703013081C00603551D010481B83081B58010E1DA37401226F8D842EDAE21E209F2C6A1818E30818B312B3029060355040B13224372656174656420627920687474703A2F2F7777772E666964646C6572322E636F6D3121301F060355040A1E180044004F005F004E004F0054005F005400520055005300543139303706035504031E300044004F005F004E004F0054005F00540052005500530054005F0046006900640064006C006500720052006F006F007482107CAE9C7159DFB09042B16B66E3111CB0300906052B0E03021D0500038181003FD648D531151CF4B5BDE7E3713EB29A298072E99FA393A230973E7AC5AD044AA0B921F8E24EF2280052E4A6EA9AF5259D3318611D6E9972BF1BC73A8E97038031EA09CBA524FFCA1CADDC911104DDEDB201EF82361C5107972DAB41843971255BC554D9A5F7190E6ADD75C3B5E83A9A25553BCBC2453029C22A069C87F72C51
 
Service_KMS.exe
Status             : Scanned
Object             : %programw6432%\kmspico\service_kms.exe
MD5                : 3C19C8CBC7917FEE066CB7A116D3F326
Publisher          : ByELDI Certificate
Size               : 1050904
Version            : 11.0.0.0
Detection          : PUA:Win32/HackTool.IdleKMS
Cleaning Action    : Quarantine
Related Objects    :
                File - %programw6432%\kmspico\service_kms.exe
                Registry Entry - HKLM\System\CurrentControlSet\Services\Service KMSELDI\ImagePath = C:\Program Files\KMSpico\Service_KMS.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0
 
Before running the scan, I put the laptop to sleep and after waking it back up, I haven't heard anything. After the scan, it noticed two questionable things, one of which I quarantined since it's a well known thing I use. I deleted the other file. I will restart my computer right now and report if I hear anything!


#4 sungholy

sungholy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 15 May 2016 - 01:04 AM

After fidgeting around, it turns out I only hear the radio when my laptop is plugged in... 



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 15 May 2016 - 01:30 AM

After fidgeting around, it turns out I only hear the radio when my laptop is plugged in... 

Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

=======================================================================================

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

=========================================================================================

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

 

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 sungholy

sungholy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 15 May 2016 - 12:34 PM

Thanks for quick reply as always, but it seems as though I have "solved" this issue.

 

For anyone else who might be having the same problem, try unplugging your device from the outlet and see if you still hear any radio. It turns out that for me, when I unplug my laptop, I stop hearing any noise. After some googling and testing other outlets, I have basically confirmed that when my laptop is plugged in, my headphone-to-outlet wiring acts as an antenna for the radio signal. Turns out this is not a very rare case for people living near a radio broadcast station like me. If you do have the same problem as me, try playing with other outlets and headphones. Other than that, only other suggestion I have is to just not use your headphones/speaker while charging the device. 



#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 15 May 2016 - 04:00 PM

I understand. Nice !!

Do you want me to close the topic ? What about you?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 sungholy

sungholy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 15 May 2016 - 04:06 PM

I think I will just avoid using the audio while charging. I think the topic can be closed now. Thank you for all your help



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 15 May 2016 - 05:09 PM

You're welcome, :thumbup2:

 

Congratulations,your PC are clean now.

 

Thank you for your patience.  Please do the following:

In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista. and Disk cleanup in Windows 10

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
 
Please take the time to carefully review this info contained below. Its invaluable.
Answers to common security questions - Best Practices
How Malware Spreads - How your system gets infected
Best Practices for Safe Computing - Prevention of Malware Infection
 
Some safety suggestions !

Best regards.wave.gif


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 08 June 2016 - 03:53 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users