Sound Wave being Muted/turned down, I.E Explorer popping up - when i don't use IE.

Re: Sound Wave being Muted/turned down, I.E Explorer popping up - when i don't use IE

Please download MBRCheck to your desktop

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some data on it
• Right click on the screen and select > Select All
• Press Control+C
• Open a notepad and press Control+V
• now please ATTACH that report to this thread

 

Re: Sound Wave being Muted/turned down, I.E Explorer popping up - when i don't use IE

Do you have all important data backed up? You really should do this before continuing since we will need to rewrite your MBR to fix this and while most times this can be done without any problem, these infections can react badly and that could result in a PC not being bootable. You really don't have much choice though since these infections are too dangerous to your security to leave on a PC.

Also note if you have a Dell PC which uses a non-standard MBR ( or another manufacturer's who does similar to Dell) , fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not continue but you risk serious problems leaving this infection in place and thus your only other option would be to try using the Dell Restore Utility to return a factory ship state which will remove everything you additional you have put onto the PC.


Now if you wish to continue and fix the malware - please do the following:

• Run MBRCheck.exe
• Wait until you see the following lines:
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.
    Enter your choice:

• Please push the 'Y' key and then press Enter
• When the program asks you to Enter your choice: enter 2 to Rstore the MBR and press the Enter key
• Now the program will ask you to "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
• The program will show Available MBR codes as below

• You need to select your version of Windows frrom the list. For example, enter 0 or 1 for XP or enter 3 for Vista.....etc. and then press Enter.
• The program will prompt for confirmation. Type 'YES' and hit Enter.
• Left click on the title bar (where program name and path is written). From menu chose Edit -> Select All
• You will see all the text in the window get highlighted.
• Hit the Enter key on your keyboard to copy all of the text into the clipboard.
• Paste that text into Notepad, save it to your desktop as MBRfix.txt
• Restart your PC.
• Attach the MBRfix.txt file to your next message..

Now run C:\MGTools.exe as per the instructions in the READ & RUN ME FIRST. Malware Removal Guide

Then attach the below logs:

* C:\MGlogs.zip

 

Re: Sound Wave being Muted/turned down, I.E Explorer popping up - when i don't use IE

Run MBRCheck again as shown in post '2 and attach the resultant log.

 

Re: Sound Wave being Muted/turned down, I.E Explorer popping up - when i don't use IE

Your infection is in your Master Boot Record (MBR). We need to see the below log before creating a fix.

• Download bootkit_remover.rar
• Click the underlined DOWNLOAD text to download the file and save it to your Desktop.
• You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip
• After extracing remover.exe to your Desktop, double click the remover.exe file to run the program.
• Attach or post inline here, the output from remover.exe

NOTE: The Command Prompt window text can be copied to the clip board by right clicking on the top bar of the window and using the Edit commands to Mark, Copy, and Paste.


Also I need to ask some questions:

1. Do you have any drives that has a non-windows installation on them
2. Are all drives NTFS formatted
3. Do you have any non-standard or special MBRs which can occur from companies like Dell or HP who frequently install additional partitions used for recovery partitions in lieu of giving CD/DVDs.
4. Is any program like Grub ( see:http://www.gnu.org/software/grub/ ) being used
5. Is drive-encryption being used?
6. Are any drives external USB pen drives or external hard drives being used?
7. VERY IMPORTANT: Do you have all important data backed up? You really should do this before continuing since we will need to rewrite your MBR to fix this and while most times this can be done without any problem, these infections can react badly and that could result in a PC not being bootable. You really don't have much choice though since these infections are too dangerous to your security to leave on a PC.

 

Re: Sound Wave being Muted/turned down, I.E Explorer popping up - when i don't use IE

That is not the kind of log output I should be seeing from Bootkit remover, that is debug information. Can you run it again and then screenshot the results, which should show something similar to MBRCheck results, like this:

Also you are not answering those questions I asked!

 

Re: Sound Wave being Muted/turned down, I.E Explorer popping up - when i don't use IE

Thus for example with remover.exe on the Desktop -

• Click Start, Run and copy and paste the below into the Run box and click OK.

• Now reboot your PC and after reboot continue with the below instructions.
• Run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Re: Sound Wave being Muted/turned down, I.E Explorer popping up - when i don't use IE

Good! Just do this:

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

cd \MGtools<-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see. Attach the log.

And a final check using MBRCheck.exe again, attach the log.