I have lost sound, due to quarantine of a trojan

[Jake916]

MalwareBytes informed me of two Trojans located in the same file and suggested I quarantine it, so I did.
Upon restarting my computer, I had no sound at all, I attempted to test the sound within a windows program which told me it had 'failed'.

I then opened up Malwarebytes and took a look at the history (I have the paid version with the new layout).

 

The Trojans were labeled 'Trojan.FakeMS'. Both in the same location.

 

The location was C:\Windows\System32\audiodg.exe

 

 

What should I do about this?

How can I get my sound back without keeping the Trojans?

 

[Jake916]

I forgot to mention I am running Windows 7 64bit 

[nasrul29]

Same happened to me..exactly the same time.My pc started to detect it during me doing sfc scan..I dont know what happened.kinda freaking me out right now.I just upgrade my mothrboard and i dont want to think that the on board audio is defective already.

[Firefox]

Hello and to both of you...

Its possible that this may be a false positive, to make sure you can submit the file for review HERE If you have already Quarantined the file, you will have to restore it so you can submit it for review.

[Hiyuko]

I also detected a trojan.fakems but it was in C:\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7600.16385_none_d294b5cdfe50c681\audiodg.exe

[Firefox]

Hi, and , nasrul29 & Hiyuko:

Its better to start your own topic as apposed to "me too" replies see my post #4 above for instructions as to what to do next....

Sorry to hear you are having issues.

Each computer is unique.

Problems that sound "the same" most often are not.

The same is true for solutions.

They most often need to be individualized.

It is less confusing for everyone if we try to stick to "one user per topic".

Please start a NEW, SEPARATE topic using the button.

The staff and experts will be able to more easily provide both you and the OP with individual help to get you both up and running.

Thanks for your patience and understanding,

Firefox

[Jake916]

upon reading online it says that viruses named this are very nasty and can do a wide range of horrible things to a system including stealing data and hiding itself after the first scan, so I'm worried about restoring it. Is restoring it still a good idea? After all it wasn't found in a scan it just popped up after clicking on a website

[Firefox]

Restoring the file will not really harm your computer, unless you double click it. In order to verify if it is actually a virus/malware the file will have to be submitted and analyzed by someone that is getting this detection.

[Jake916]

What do you mean unless I double click it? it's a trojan, as far as I know they do not require you to double click it for it to start doing it's dirty work.

 

Sorry if I'm coming off as rude here, I don't mean to be.

 

But anyway I'll restore it, scan and see what happens.

[Firefox]

The file just sitting in a folder does not do anything unless you, or the system auto starts it via a command at boot up, double click it to execute the program.

Once its restored, submit the file for review and if its found to be clean or a false positive then you still have the file handy. As many reports as we are getting with this file, its a good chance its a false positive.

[Jake916]

If it turns out that it is not a false positive should I come back here or make a new thread?

[pondus]

upload audiodg.exe to www.virustotal.com   if tested before, click new scan ..... post link to scan result here

[xandrewx]

I had this exact same problem this morning.

Malwarebytes quarantined the audiodg.exe file as a trojan and then I removed it only to have all my sound stop working.

 

I used system file checker to actually rebuild said file and now my audio is working but malwarebytes is still picking up audiodg.exe as a trojan and dropping it in quarantine.

If anyone wants to see if this'll work for them too, check out this page. http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

[AdvancedSetup]

Please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

[AdvancedSetup]

Yes there was a false positive that was quickly fixed. Please update your database.  Current version is: DB version 2014.06.05.11

 

With the updated database this file will no longer be detected.

 

Thank you

[Jake916]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 05/06/2014

Scan Time: 13:51:58

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.06.05.08

Rootkit Database: v2014.06.02.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7

CPU: x64

File System: NTFS

User: Jake

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 265695

Time Elapsed: 7 min, 59 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 1

Trojan.FakeMS, C:\Windows\System32\audiodg.exe, 1324, Delete-on-Reboot, [9e3e284cbfbc3501f71bfb8b0001748c]

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

Trojan.FakeMS, C:\Windows\System32\audiodg.exe, Delete-on-Reboot, [9e3e284cbfbc3501f71bfb8b0001748c], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[AdvancedSetup]

Thank you for the log. Your database shows it as: Malware Database: v2014.06.05.08 this was corrected in build .09 and current build is at .12

 

Please update your database and this should no longer be detected.

 

If needed you should be able to run the following to restore the file:  How to Repair Windows 7 System Files with System File Checker

 

Thank you

[Jake916]

Upon updating it to .11 I ran a scan of system32 and it came up clean.

 

Although this was a false positive I am grateful for everyone's help in this thread.

 

Thank you.

[Firefox]

Your welcome, glad we could help with this matter.... Take care...