Jump to content

Recommended Posts

I've been having sound issues since I [tought] had removed a virus, but I've been told by Firefox (expert here) that I'm still infected. Here is my original post:

 

-------------------------------

Hi everyone,

 

First, sorry for any language mistakes I can make, english is my second language. If something I write is not clear, please ask me to rephrase. 

 

After formatting my PC a week ago, I downloaded an infected file "Microsoft Office Toolkit". My antivirus went crazy and flagged every page I opened on Chrome as a threat, I got adware, my PC was slow, etc. 

 

I downloaded Malware Bytes, AdwCleaner and Revo Uninstaller, and after two or three runs of all these programs and my antivirus, plus a reinstall of Chrome, I finally got rid of the virus (for all I can say, no other symptoms).

 

My actual problem is that after using Malware Bytes the first time and rebooting, the only sound I got was the Windows usual notifications (opening theme, error notification, etc). I don't get any sound from Internet browsers, games or applications. I cannot listen to music with WMP. At first I thought it was another symptom of the virus and I continued working towards removing it (which I wasn't finished at that time). 

 

Now that I think I got it removed completely, the sound has not come back. I even cleaned the registry with CCleaner in case I had modified something I shouldn't have, to no avail.

 

So, anyone can help me get my sound back?

 

Thanks a lot!

 

Louis-Philippe

----------------------------------

I want to add:

 

- I also used Hitman to get all the remnants of malware.

 

- My drivers are updated, the sound driver is running correctly, my headphones are detected, I tried different USB slots, etc.

 

- Here are my specs:

AMD-FX 6100 6@3.3GHz

8 Gb Ram

NVidia GeForce FTX 550 Ti

Windows 7 64 bits

Sound and network are on motherboard

 

Help me remove this virus please!

 

You'll find the required files below.

 

 

Addition.txt

CheckResults.txt

FRST.txt

Link to post
Share on other sites

Hi!

Welcome to Malwarebytes' Support Forums! I am Blackbird and I will help you removing any malware that might be present on your computer.

An important WARNING to all individuals reading this topic:
All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!
Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.


General rules:
  • From now on, don't use this computer anymore to access your bank account or any other serious business where you have to login for, untill I've told you your computer is clean from malware.
  • Be patient waiting for my answer. I'm doing the best I can to answer to logs as soon as possible, but I'm handling multiple topics at the same time. Please feel free to remind me of your topic by sending a link to it by private message, when I didn't get back to you after 24 hours.
  • Don't change anything on your computer in the period I'm helping you, except when I tell you to do so. So don't add/remove any software (programs, drivers, etc.) and don't change any hardware. If you really need to change something that can't wait, please inform me directly, by posting it in this topic or - if private - send me a private message containing an explanation of the changes made by you. This gives me the possibility to give you good advice.


Rules about advices from me:
  • The Helpers active on this board first got a full training in removing malware and providing support to people who got infected. Also they were trained to resolve any problems caused by malware infections. Please use the programs I provide to you only when under supervision of a trained Helper. This, because using these programs without supervision can cause damage to your computer.
  • It's possible that your virus scanner, anti-spyware program or any other malware protection program or policy tries to block one or more of the programs provided by us. If that is the case, please always allow those programs to run and/or allow the provided changes to be made. If needed to run our tools properly, temporarily disable your anti-malware programs.
  • Always Save tools provided by me to your Desktop, unless I give you other instructions. Don't ever run tools directly from the internet, because this can stop them from working properly. Also never save tools to any other locations than your Desktop.
  • If you have any problems while following my instructions, stop there and tell me the exact nature of the issue.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit.



Rules about posting results:

  • Always copy/paste the logfiles in your replies completely. If a logfile doesn't fit into one post, please add the logfile as an attachment instead. If this still won't work, please inform me.
  • Never change something in the logfiles!! Include them in your posts as they were provided by the tools. This way I'll get a clear view on your system's situation. If you change the logfiles, it will take more time to clean up your computer.
  • Don't post logs using CODE, QUOTE or FONT tags. Just post them as direct text.


Things I want you to do before performing the steps below:
  • Please enable your system to show hidden files: How to see hidden files in Windows.
  • Make sure you're subscribed to this topic. Click on the Follow This Topic button at the top right of this page, make sure that the Receive Notification box is checked and that it is set to Instantly.
  • Even though we do the best we can to help you, removing malware includes risks. Therefor I advise you to back-up all of your important files to a CD/DVD, external drive or flash drive. For instructions/help, take a look here.



-------------------------------------------------------------------------------------------------------------------------------------------------------
Thanks in advance for keeping above rules in mind. :)
Maybe they look like unnecessary rules, but practice teaches us they are needed to help.

Now, let's continue with the steps you need to do:
-------------------------------------------------------------------------------------------------------------------------------------------------------

1. We need to temporarily disable any cd-emulators active on your computer, as they can impede the interpretation of logfiles provided by our tools.

  • Download Defogger and save it to your Desktop.
  • Right-click Defogger.exe and select Run as Administrator.
  • When the program has opened, click the Disable button.
  • When Defogger asks for a confirmation, click Yes.
  • Wait untill you get the "Finished" message. Click OK.
  • When Defogger asks you to restart the system, please allow the program to do so immediately.


  • When an error occured while using Defogger, look for a file called "defogger_disable.txt", which should be located at your Desktop. Post the contents of this file into your next reply.
  • You can enable the cd-emulator software again by running Defogger again and clicking the "Re-enable" button. Only do this when I told you your computer is clean again.


2. Download AdwCleaner and save it to your Desktop.
  • Close all open windows.
  • Right-click AdwCleaner.exe and select Run as Administrator.
  • When the program has started, click the Scan button and wait untill the scan has finished.
  • Make sure everything (on all tabs) is selected, and click the Delete button.
  • It's possible that AdwCleaner asks you to restart the system. It's important that you agree with this.
  • After restart a logfile will appear. Please post the contents of that logfile in your next reply.



3. Download Malwarebytes' Anti-Malware and save it to your Desktop.
If you already got Malwarebytes' Anti-Malware installed on your computer, please go to step 3-A.



3-A. Start Malwarebytes' Anti-Malware.

  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).


4. Please read and perform the steps described on this page: I'm infected - What do I do now?.
Post the logfile from Farbar Recovery Scan Tool into your next reply.

5. Download GMER Rootkit Scanner and save it to your Desktop.
NOTE: Windows 8 users can skip this step. GMER Rootkit Scanner isn't compatible with Windows 8. Don't run it.
  • Right-click the GMER executable file (which's name will contain 8 digits/characters) and select Run as Administrator.
  • If GMER warns you about possible rootkit activity and asks you to scan for rootkits, DON'T allow GMER to do so.
  • Under "Files", put a checkmark next to Quick Scan.
  • Remove the checkmark next to Show all.
  • Now, click the Scan button.
  • Note: This scan often provides False Positives in the scan results. Never fix anything found by Gmer, unless I instructed you to do so!
  • If the scan's finished, click Save and save the log to your Desktop.
  • Post GMER's logfile into your next reply.



6. Please provide me a detailed description of any computer problems you're facing, together with the logfiles mentioned in step 1 - 6.

Good luck! :)

Link to post
Share on other sites

I attach to this post the logs of steps 1 and 2. 

 

Step 3 is in process, but it's taking way longer that I expected (I didn't scan my full-capacity 1TB external drive last time...), more than 2 hours in. 

I'll post again when other steps have been completed. 

 

I've got to go now, will be back in approximately 6-8 hours. 

defogger_disable.log

AdwCleanerS3.txt

Link to post
Share on other sites

Hi,

 

Allright, I'll wait for your other logs. In the meantime, please read this:

 

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Hope to hear from you soon. :)

Link to post
Share on other sites

Hi!

 

I've proceeded with all the remaining steps without problems. I've included all the required logs in attached files.

 

As to the problem I'm experiencing, here it is.

 

After downloading MS Office Toolkit (which a friend told me it could resolve a problem I was having with my Word 2010), it required many updates and installations, which never seemed to work. Every time I tried to run it, it restarted the same update/installation process, then close. I didn't know at the moment that it was malware, which I found after searching a bit more about it. 

 

I cleaned it with Malwarebytes and AdwCleaner, then with Hitman Pro. I also cleared all registry errors with CCleaner and scanned my disk with Avast. After all these and rebooting, I don't have any sound except from the usual Windows one. I hear the sound of Windows opening, for example, but I cannot listen to a video on Youtube, or listen to music on WMP, or have sound in any game I've tried. 

 

I first thought the problem was connected to my use of Malwarebytes, as I read on Internet that some other users had the same problem. After using it to remove malware, their PC functioned as in Safe Mode, which prevented it to play any other sounds than Windows ones. I thought that maybe I was experiencing the same problem, as I did not detect any other malware at the moment.

 

The next day, every time I opened a Chrome window, Avast detected malware trying to access Internet and blocked it. I uninstalled Chrome completely than rerun all the previous programs. I did not have any more problems. 

 

I went to this forum and asked about my sound issues and explained this problem, then another expert told me (from the logs I attached) that I was still infected.

 

So here I am. I've been told I'm still infected and I don't have any sound other than Windows!

 

Can you help me please?

 

 

P.S. I've uninstalled uTorrent as required. 

AdwCleanerS3.txt

defogger_disable.log

FRST.txt

GMER.log

Malwarebytes.txt

Link to post
Share on other sites

After downloading MS Office Toolkit (which a friend told me it could resolve a problem I was having with my Word 2010)

I know what kind of problem that was. MS Office Toolkit is a program to activate a cracked version of Microsoft Office. Therfor I have to ask you if you're still using a cracked version of Microsoft Office. Do you?

 

Beside that, did these problems occur since you started using MS Office Toolkit?

Link to post
Share on other sites

Hi!

 

I never used a cracked version of MS Office. I had a HUP version of Office 2010, which didn't succeed in activating after I formatted my PC. I can send you the confirmation email received from Microsoft about this purchase. I later learned from Microsoft (which I called) that the reason it wasn't working anymore is because my employer switched to Office 2013 while I was on vacation. I therefore cannot download 2010 as it is no longer supported by my employer and our Home Use Program. 

 

So I must wait that my employer gives me our new HUP code so I can download 2013. For the moment, I just continue using the demo version of Office 2010. 

 

I never got to actually using MS Office Toolkit, as it constantly wanted to update and install, rinse and repeat. But it was from the moment I downloaded this program that I had these problems. I later scanned the actual file I downloaded (which I should have done before) and it was detected as malware by Avast. 

Link to post
Share on other sites

Hi,

 

Allright, that makes clear a lot. Nevertheless, now you gave me this explanation, we will continue getting those problems fixed. :)

 

Download ComboFix to your Desktop.

WARNING: ComboFix is a very powerful tool that can damage your system when not used properly. ONLY use this tool under supervision of a trained Malware Analyst. Never use it on your own!!!

NOTE: Don't use your computer for other purposes while running ComboFix. It may cause it to stall!

  • Temporary disable your own anti-virus and other anti-malware programs. For instructions, take a look here.
  • Close all open windows.
  • Right-click ComboFix.exe and select Run as Administrator.
  • Accept the Disclaimer.
  • If you're asked to install the Recovery Console, allow the program to do so.
  • The scan may take some time to finish. Wait for it, please.
  • If ComboFix asks to restart the system, please allow so immediately.
  • When finished, ComboFix will show you a logfile. Please copy/paste the contents of this logfile in your next reply.


If somehow the logfile didn't open or if you can't find it anymore, it's saved as C:\ComboFix.txt.

 

Please also do a new scan with FRST and post the logfile into your next reply.

Link to post
Share on other sites

Hi,

 

All Clean!
Congratulations, your computer seems to be clean again! I don't see anymore signs of malware on your system. I feel glad to tell you that we are done here! The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of recourses and tools that you might find useful.

 

1. Please press Windows Key + R.

  • In the dialog window that appears, please type: combofix /uninstall and press ENTER << Please include the 'space' and 'slash'!
  • ComboFix will uninstall itself, remove any quarantined files and it will delete all (possibly infected) system restore points and create a new one.

2. AFZxnZc.jpg Download DelFix and save the file to your Desktop.

  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings

    [*]Click the Run button.


-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + Delete).

==============================================================

I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.



The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
  • EG85Vjt.pngMalwarebytes' Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.pngNoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.pngSandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.pngSecunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpgSpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.



My help will always be free! However, if you're happy with the help provided and/or want to buy me a drink, you can consider a donation:


btn_donate_SM.gif



==============================================================

Please confirm if you have no outstanding issues, and are happy with the state of your computer. Also please tell me if you got any questions left regarding the removal process we went through and the information I gave you in this post.

Link to post
Share on other sites

You're most welcome. :)

 

I will inform a moderator to close this topic, as the malware seems to have been deleted. If you got any questions regarding this topic in the coming days and you want this topic re-opened, please inform me or a moderator by private message.

 

Happy surfing again!

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.