Solved

New Virus - Music Playing in Background


First, had all types of music playing in the back ground. I checked the program manger and no programs are running in the background. Then my computer crashed and wouldn't power back up. But continued to cycle through uploading windows. I took it to Best Buy GeekSquad. They ran a scan and discovered I had a rootkit virus. They cleaned it. My laptop worked just fine. Now the music is back; however, I performed a webroot scan and it found no threats. My laptop powered down again.. Is anyone else out there experiencing this?
icon

Best answer by DanP 3 June 2013, 16:27

View original

13 replies

Userlevel 7
I recommend using our support ticket system so that one of our technicians or threat engineers can investigate.
 
Webroot offers free advanced malware removal and technical support.
 
Support Number: 1-866-612-4227
Support Ticket: https://www.webrootanywhere.com/servicewelcome.asp
Userlevel 5
This type of virus has been around for awhile. A friend of mind has this same type of issue with music playing the background.
His PC would play random music as well as commercials. Eventually it shut down his  computer and it would only boot to a black screen with a white blinking cursor. The virus was messing with his boot files.
Userlevel 7
This may be a new variant of the bugger as WSA did not detect it.  This is why creating a Trouble Ticket is so important: once Webroot Support has seen the new variant it can add it to the Cloud so that WSA will now protect all users from it.
Userlevel 7
Badge +35
We are seeing more of these "audio ads" infections. Some of the nastier varients do use rootkits, but others are not so complex. As others have mentioned, it is best to create a support ticket if you happen to encounter this.
 
-Dan
Userlevel 7
Badge +24
Typically these are rootkits which infect the MBR, others are just dll's and runkeys. I've got a really obnoxious one right now that I'm dissecting and it has already annoyed many people in the office. Opening a support ticket will yield to us logs which will allow us to resolve the issue promptly.

-Tyler

Webroot Threat Research
Userlevel 7
Badge +56
Hello Tyler and Welcome to the Webroot Community Forums. It's nice to have another Threat Researcher on the Forums. ;)
 
Cheers,
 
Daniel
Userlevel 7
Hello Tyler good to see you here!
Userlevel 7
Badge +35
@ wrote:
I've got a really obnoxious one right now that I'm dissecting and it has already annoyed many people in the office.
I can confirm this... I've had to turn the volume down on his test machine since for some reason the ads tend to start up when he's away from his desk...
 
-Dan
Userlevel 7
Badge +56
@ wrote:
@ wrote:
I've got a really obnoxious one right now that I'm dissecting and it has already annoyed many people in the office.
I can confirm this... I've had to turn the volume down on his test machine since for some reason the ads tend to start up when he's away from his desk...
 
-Dan
You tell him Dan! :D
 
Daniel
I ran the norton power eraser tool and it somehow worked. I pretty much installed all the free softwares I can ever think of and npe pretty much took care of it. Well i'm hoping it'll last cause its been 20 mins since my laptop restarted and the annoying music/ads has not played yet.
Userlevel 7
Badge +13
http://www.bleepingcomputer.com/Glad to hear that your problem is gone medz.As for the original poster,as is common in my experience in dealing with machines that Geek Squad worked on,Geek Squad missed something and it returned.The best advise is what mike already suggested,which is to open a support ticket as there is so much more a support agent can do and do it safer.Also,there is another site which is excellent for malware removal help bleepingcomputer.You post there and await a response and ALWAYS follow the directions given,doing no more and no less than what is told you.Also,NPE is an ok tool,but it can totally brick a system as i have seen it do so many many times.Medz,you may want to run the system file checker from an elevated command prompt sfc/ scannow and make sure NPE did not damage any of your system files as it quite often does.Allow the system file checker to complete.Hopefully it doesnt find any integrity violations.If it does,and cannot fix them all cope and paste this command and then run this in the same cmd promt
DISM /Online /Cleanup-Image /RestoreHealth
allow this to run to completion.When finished run the sytem file checker agan and all should be well.
 
Regards
 
Userlevel 3
I agree with super, I was about to work at geeksquad until I found out that they will only run three different scans, all of which good but non were offline scans, so the next time you can get it to boot I would say create a ticket and try to get them to handle it.

If you want it fixed as soon as possible then try to create a ticket and after doing so go take it to a good shop that won't wipe and reinstall, to me rootkits are actually easy to spot as I have to tackle a few a day, but most shops will say the only way to get rid of it is to reinstall, which is and should always be the last resort.

So something you could do but that is not recommended just an insight as far as what a tech is known to do but not something for everyone as it can completely mess up your computer and you could loose everything, I don't recommend trying it unless you have to and even then I would find a different way at first.

that being said if you feel a little inclined if you have multiple computers with webroot on them you can pull the hard drive out (only if you are really technically inclined) and plug it into another computer with webroot, then go through windows explorer and find the drive letter that should be labeled either os or something similar, after that right click it and tell webroot to scan it, since a root kit is very well at hiding it will hide itself when it notices a scan, but if the drive is not being accessed by the installed windows, it can't startup.
Userlevel 7
Badge +56
Note that WSA and it's Monitoring and Rollback feature would of corrected this if WSA was installed before the infection so you should Submit a Support Ticket before using any other tools as they guarantee clean up FREE of charge so since this is the Webroot Support Forum that should be anyone's first step before using any other tools or suggesting any other malware cleaning forums!
 
TH

Reply