Random Audio playing and slowing Internet

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by nomax5, May 31, 2013.

  1. nomax5

    nomax5 Private E-2

    Hi,
    Thanks for providing this forum and helping people.

    What has happened
    A couple of days ago I could hear audio music playing through my headphones which were lying on my desk, I thought it was an advert playing on some window behind other windows. I couldn't find it so I closed all windows and all programs, but the music continued. I did Ctrl Alt Del Started Task manager and no processes were running.
    Thinking it was some legacy youtube audio flash thing that was stuck I rebooted and the music went away. But a short time later it was back with a different audio file so I figured it is some sort of Audio infection.

    Internet going slow: I have 2 PC's on my network and when my PC is turned off the internet runs fine, but when I turn it on and connect to the internet both PC's get very slow internet access, but it isn't constantly slow it is intermittent, but frequent, as if something is starting up and using the internet then stopping.

    What I have done.
    Turned off wifi (till I sort this out)
    Backed up important stuff outlook .pst rules alerts safe and blocked senders ipswitch wsftp sites firefox favs accounts, etc.
    from my C:drive on to my D:drive

    Downloaded and run CCleaner

    Printed the Vista & Windows 7 Malware Removal/Cleaning Procedure
    And started going through it
    Disabled User Account Control
    Rebooted (and checked its disabled)
    Downloaded all the tools
    Run RogueKiller
    And RogueKiller has found something [Rootkit] ZeroAccess (Max++)
    RogueKiller threw up a web page about it http://tigzyrk.blogspot.co.uk/2011/09/rootkit-zeroaccess-max.html

    I was wondering what I should do next?

    I've attached the RogueKiller reports I've run 2 scans and attached both reports
     

    Attached Files:

  2. nomax5

    nomax5 Private E-2

    I have gone through the Vista & Windows 7 Malware Removal/Cleaning Procedure I think Malwarebytes has fixed the problem but I would like to be sure
    I will attach the logs

    Kind Regards

    Roy
     

    Attached Files:

  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to rerun Hitman and have it fix everything it found. Running Keygens and cracks will get you infected faster than anything.

    Now Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:


    • [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1679718047-499205520-2687351887-1001\$70c4afff5e83b2244ca708ad7bfdb0f5\n) [-] -> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.

    Now click the Files/folders tab and locate these detections:


    • [ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-1679718047-499205520-2687351887-1001\$70c4afff5e83b2244ca708ad7bfdb0f5\n [-] --> FOUND
      [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1679718047-499205520-2687351887-1001\$70c4afff5e83b2244ca708ad7bfdb0f5\@ [-] --> FOUND
      [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1679718047-499205520-2687351887-1001\$70c4afff5e83b2244ca708ad7bfdb0f5\U --> FOUND
      [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1679718047-499205520-2687351887-1001\$70c4afff5e83b2244ca708ad7bfdb0f5\L --> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)

    Reboot and rescan with both RogueKiller and Hitman and attach both those logs as well.

    Be sure to tell me how things are running.
     
  4. nomax5

    nomax5 Private E-2

    Thanks TimW I really appreciate you helping me.

    I tried to follow your instructions to the letter but I may have done something wrong, (I got a bit confused)

    I ran rogueKiller unchecked all in the registry tab except
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32

    Pressed the Delete button

    it did stuff

    Then I clicked "Files" tab there isn't a "Files/folders" that I can see
    there are 3 entries a File and 2 folders which have removed next to them so I cant put a checkmark next to them.

    I ran hitman Pro but when it had finished checking I wondered if I should have run it so I clicked the x and closed it down.

    So I rebooted
    Ran RogueKiller and Hitman got a report this time

    I do not have the symptoms anymore My internet is running fine again I do have 2 desktop.ini files on my desktop greyed out..

    So there are more reports than there should be but I've attached them for completeness.
     

    Attached Files:

  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun Hitman and have it fix everything it found.

    Let me know what issues remain, if any.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds