Author Topic: Somewhere over the Rainbow Audio Virus?????  (Read 18621 times)

0 Members and 1 Guest are viewing this topic.

artscott

  • Guest
Somewhere over the Rainbow Audio Virus?????
« on: July 08, 2012, 05:20:12 PM »
I just got an audio virus....do not know how or where as I have not downloaded anything or opened any emails that were not scanned........ it is a loop playing some version of "Somewhere over the rainbow" with a male voice and ukulele .... I am currently doing a complete system scann with avast and also with SUPER Anti Spyware ....

This thing is driving me nuts, as I cannot lsiten to anything but that stupid loop.

I do know it is not associated with any one of my 265 open FireFox tabs....i closed all the tabes and browser it was still playing........

Any one got any ideas on how to destroy this thing????

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #1 on: July 08, 2012, 05:25:11 PM »
Yep ;D

Download aswMBR.exe ( 4.8mb ) to your desktop.
 Double click the aswMBR.exe to run it  Click the "Scan" button to start scan 



On completion of the scan click save log, save it to your desktop and post in your next reply



THEN

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

artscott

  • Guest
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #2 on: July 09, 2012, 06:46:53 AM »
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-08 23:30:50
-----------------------------
23:30:50.653    OS Version: Windows x64 6.1.7601 Service Pack 1
23:30:50.653    Number of processors: 2 586 0x170A
23:30:50.655    ComputerName: KRKONOSE  UserName:
23:31:03.479    Initialize success
23:31:09.468    AVAST engine defs: 12070801
23:31:15.176    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:31:15.190    Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
23:31:15.196    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
23:31:15.208    Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
23:31:15.219    Disk 2  \Device\Harddisk2\SR0 -> \Device\SdBus-0
23:31:15.224    Disk 2 Vendor: (  Size: 1876MB BusType: 12
23:31:15.268    Disk 0 MBR read successfully
23:31:15.276    Disk 0 MBR scan
23:31:15.282    Disk 0 Windows 7 default MBR code
23:31:15.297    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       78 MB offset 63
23:31:15.322    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS         9642 MB offset 161792
23:31:15.352    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       467218 MB offset 19908608
23:31:15.369    Disk 0 scanning C:\Windows\system32\drivers
23:31:40.108    Service scanning
23:32:16.045    Modules scanning
23:32:16.074    Disk 0 trace - called modules:
23:32:16.101    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
23:32:16.109    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057c3160]
23:32:16.117    3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ae7050]
23:32:18.406    AVAST engine scan C:\Windows
23:32:31.132    AVAST engine scan C:\Windows\system32
23:36:43.938    AVAST engine scan C:\Windows\system32\drivers
23:37:12.228    AVAST engine scan C:\Users\ART SCOTT FOTOGRAFIE
23:39:30.948    Disk 0 MBR has been saved successfully to "C:\Users\ART SCOTT FOTOGRAFIE\Documents\aswMBR log\MBR.dat"
23:39:31.150    The log file has been saved successfully to "C:\Users\ART SCOTT FOTOGRAFIE\Documents\aswMBR log\aswMBR.txt"


artscott

  • Guest
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #3 on: July 09, 2012, 06:48:32 AM »
Gettin a server busy on the OLT.exe.....

SafeSurf

  • Guest
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #4 on: July 09, 2012, 08:54:40 AM »
Please ATTACH your files.  Thank you.

Now I've got that song in my head! :P

artscott

  • Guest
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #5 on: July 09, 2012, 02:11:36 PM »
What files do you want me to attach??  And how.....I am not the smartest when it comes to this stuff....sorry.

Why did I not run the "FIX MBR"?

It is all quiet this morning....ran Avast overnight....Of course this thing could have a timer to only run late at night I guess...when I am trying to sleep and have a playlist of favorite music going...that is when I first noticed it...my music was garbled due tho this thing.......

Before i forget...thank you for trying to help....I am a dummy when it comes to this stuff.
« Last Edit: July 09, 2012, 02:18:40 PM by artscott »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #6 on: July 09, 2012, 04:17:24 PM »
Hi the main G2G site is down at the moment

Here is a secondary link http://majorgeeks.com/OTL_OldTimers_List-It_d7074.html

Do not fix MBR as Avast is not indicating that to be a problem area
« Last Edit: July 09, 2012, 04:58:54 PM by essexboy »

artscott

  • Guest
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #7 on: July 11, 2012, 05:22:01 PM »

Do not fix MBR as Avast is not indicating that to be a problem area

ok....clicked on the OTL link above and it started running with out me ticking all the boxes and pasteing in the code for the custom box...since it does not have a stop button...I will try to rerun as spoon as it is done...Thanx for all the help so far.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #8 on: July 11, 2012, 05:29:59 PM »
OK G2G is back up now  ;D

artscott

  • Guest
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #9 on: July 11, 2012, 05:57:24 PM »
 I THANK YOU FOR THE GREAT HELP...GETTING READY TO RUN.
« Last Edit: July 11, 2012, 06:32:21 PM by artscott »

artscott

  • Guest
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #10 on: July 11, 2012, 06:59:54 PM »
rna OTL twice and I onoy get 1 note pad file to save...here it is:

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #11 on: July 11, 2012, 07:22:31 PM »
OK that has shown me where to go.. This will be a busy fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
NEXT

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please attach its contents on your next reply.

AND FINALLY

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

artscott

  • Guest
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #12 on: July 11, 2012, 10:33:24 PM »
reading your instructions  you say:  "Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following".   Am I supposed to paste in the same code as i did before or the whole of the blue box posted in your response above??   Sorry... I qm not the brightest lamp in the room...
« Last Edit: July 12, 2012, 01:44:31 AM by artscott »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #13 on: July 11, 2012, 11:23:04 PM »
Not a problem

Copy and paste just the part in the quote box in the last post as this is the fix

artscott

  • Guest
Re: Somewhere over the Rainbow Audio Virus?????
« Reply #14 on: July 12, 2012, 02:58:06 AM »
fix report  and now off the download and run the TDSSKILLER....