Jump to content

Unruy.AA Trojan and other hidden trojans...


Recommended Posts

Hello there MB users!

I'm new here and I just registered a few moments ago, now wonderring if you could assist me in finding and cleaning some trojan that is messing up my pc and my head.

First of all; I'm running NOD32 antivirus with realtime protection etc. - no firewall and on a wireless home network with a router.

Now; about 2 weeks ago the symptoms started, I can't remember doing anything unusual so I have no idea where this trojan (if at all a trojan) came from.

I usually am able to work out this sort of stuff myself but this is a hard one. I'm pretty familiar with all the PC apps and even the registery and, ofcourse, taskmanager.

My PC started playing a random soundfile 2 weeks ago, so I though I had a webbrowser streaming something or whatever and didn't think it'd be any harm. Shut down my webbrowser and it still kept playing. Rebooted PC and it was gone.

Now I booted starcraft 2 (nothing to do with it, but yeah) and during a game it started playing again (some f***** anoying farm-sounds, sheep, goats, pigs, cows, you name it, they're all starring in the file). Obviously I knew something was wrong. I ran a NOD32 scan and it came up with a trojandownloader and 2 Unruy.AA trojans that were found - quarantained them, yet, the soundfile kept coming back.

By now, 2 weeks later, the entire thing escalated and it now plays about every 2 minutes and repeats itself over and over and over again till it eventually shuts down somehow. Soon after it'll repeat and it drives me insane wanting to shoot myself.

However, when I disable my internet connection it will not play a sound file, I do however hear clicks of some application trying to open, but nothing will happen, without internet I can't do my work etc though so it's no option leaving it off. I ran a safety-mode NOD32 scan, ran CCleaner, ran JV16 Powertools, ran Malwarebytes' Anti-Malware (even a full system scan) but nothing is found! Nothing unusual in my taskmanager, but there are, in my view, too many svchost.exe's running, so I'm thinking it's hidden in there somewhere.

Anyway, it still anoys me now and it is even playing while I am creating this topic. If any of you could assist me in cleaning this thing I would greatly appreciate it as I do not really want to reformat my 2 terrabytes of data and lose it.

Any help is greatly appreciated, sorry for the wall of text but I want you to know as much about it as possible, this site really is my last resort as I tried pretty much everything else I know I can do.

-Bigglet

Link to post
Share on other sites

Hi Bigglet, welcome to Malwarebytes!

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  • After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  • One of the expert helpers there will give you one-on-one assistance when one becomes available.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here.

Please be patient, someone will assist you as soon as it is possible.

Link to post
Share on other sites

Hello Bigglet: You may want to follow this thread http://forums.malwarebytes.org/index.php?showtopic=59320 due to similar symptoms

Hmm, I'll read that through in a moment, thanks.

I'd like to add something else though, when I shut down my PC a few hours ago it started installing the windows updates, you know, it logs off and starts updating and shuts down afterwards. Well, after logging off and starting the update installation the sound came back once again, so that makes me wonder, what exactly is it then? It's not possible to play sounds at that moment is it? Could it have been radio signals after all? Now I moved back upstairs I haven't had it play, yet...

Will see, maybe it was some shitty radio signal, will update tomorrow.

Link to post
Share on other sites

Okay, so I read the thread and I saw the guy had a "iexplore.exe" running in the background. I have checked for this alot but it actually isn't running and therefore is not the problem. It's not random voices either, it's a soundfile that keeps repeating over and over. Now I moved back upstairs I still have had it play a few times, so it isn't a radio signal or whatever.

I do wonder how it can possibly play while the system isn't logged on... who could have a possible explanation for that?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.