Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1492
  • Last Modified:

how to remove the virus or worm called soundblaster.exe which breaking my head for the last few days???

Hi all,
 am a new member to this group.
well, My system is affected with a virus called Soundblaster.exe this virus is sitting in C:Windows/System32.
I scanned using Norton Antivirus , McAfee and also spyware (webroot spysweeper). there is no use to remove the virus from the system.
Then I tried to remove as described in the website
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.NP
As described in the site i removed the soundblaster.exe file in the TaskManager... no use still itz active
and then as described below from the link

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing at startup.

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Micr Update = "soundblaster.exe"

>>>>in my PC There  was no Micr Update = "soundblaster.exe"  entry in the rigistry


In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Runservices
In the right panel, locate and delete the entry:
Micr Update = "soundblaster.exe"

>>>>there is no folder called Runservices



In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Micr Update = "soundblaster.exe"
Removing Other Malware Entries from the Registry

>>>>again in my PC There  was no Micr Update = "soundblaster.exe"  entry in the rigistry



Still in the Registry Editor in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Ole
Still in the left panel, change the entry:
EnableDCOM = "N"
to
EnableDCOM = "Y"


>>>>>>>> Itz already enabled to 'Y'



Still in the Registry Editor in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>
Control>Lsa
Still in the left panel, change the entry:
restrictanonymous = "dword:00000001"
to
restrictanonymous = "dword:00000000"
Close Registry Editor.


>>>>>>>> Itz already restrictanonymous = "dword:00000000"


finally i tried to remove using the free version of Trend Micro antivirus software from the same site and still coundnt sort out.

0
prasant_g
Asked:
prasant_g
  • 4
  • 3
  • 3
  • +4
3 Solutions
 
rossfingalCommented:
Hi!

You may have to try this in "safe" mode.
If you're running Windows XP/ME - turn off "System Restore"
Make sure show all files and folders is enabled
Try to kill it using Task Manager.
Search your entire computer for any instances of soundblaster.exe
Delete all that you find.
Clean out all of your temp files:
# C:\Windows\Temp - delete ALL of the CONTENTS of the folder - Not the "temp" folder itself!
# C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files (all contents)
  <=This will delete all your cached internet content including cookies.
  This is recommended and strongly suggested!
    However, if you delete all your cookies - this can affect your stored Internet passwords
    and your ability to logon automatically to various sites.
    So, consider deleting all your cookies - optional
# C:\Documents and Settings\<Your Profile>\Local Settings\Temp (all contents)
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files (all contents)
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp (all contents)
# Empty your "Recycle Bin".
Reboot your computer and see how it's going.

Good luck!  (heard this is a "Nasty" one!)
RF
0
 
kitisakCommented:
You should try to scan virus by Sysclean of Trend micro in safe mode.
you can download Sysclean from http://www.trendmicro.com/ftp/products/tsc/sysclean.com. And you have to use it with pattern from http://www.trendmicro.com/download/pattern.asp (lptxxx.zip ; xxx is number).
0
 
prasant_gAuthor Commented:
hi Rossfingal,

I tried to kill all the virus in SAFE mode, n still the problem exists?. now my pc is very slow with lot of virus i guess...

0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
prasant_gAuthor Commented:
yea, this virus is deadly.
can some one activate and use my pc when it is in logout??
0
 
Asta CuCommented:
Disconnect from network
0
 
kitisakCommented:
Did you update your AV before scanning?
0
 
prasant_gAuthor Commented:
yup, obviously i updated my Antivirus b4 scanning...
0
 
kitisakCommented:
Maybe you have to disable system restore, connection and sharing first. Then you login to Safe Mode and scan virus again.
0
 
acmpCommented:
At least 1 vairant that I noted on the McAfee site looks as though it gets into Windows File Protection. If your's does this then everytime you remove it then Windows will put it back.

Can you do a search for 'Soundblaster.exe' and see if it exists elsewhere.  By default WFP uses %systemroot%\system32\dllcache to keep copies of 'important' files. If you virus is here too then you'll need to use a WFP tool to remove it.

If you do find it then I'll see what I can find to remove it.

acmp<><
0
 
Hispano8888Commented:
Go to this link

http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.blaster.worm.removal.tool.html

If it didn't work go to Start, then Run. And type this command  shutdown -a
It will block the Virus but only temporay!!!.....but then you have a time how to delete that
****TY VIRUS!!!!

I wish you god LUCK!!!
0
 
prasant_gAuthor Commented:
well, finally i guess  we can delete with sophos antivirus with the latest *.ide files. while deleting disconnect from the network and run the antivirus several times. hope it has removed the **** virus.
0
 
Asta CuCommented:
My guess is that the information provided above, and including the 'system restore' issue helped resolved this, based on the last response and the tool prasant_g used.  I'd recommend a split between all but myself, unless Asker responds.
Thanks, LucF.
Asta
0
 
acmpCommented:
It all sounds fair to me

acmp<><
0
 
Asta CuCommented:
I agree, LucF, thanks for your work here.  ":0) Asta
0
 
fizbin01Commented:
When something like this happens, I just format the workstation, reinstall all apps and a good current copy of mcafee 8.0 with current dat.
Works everytime.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 3
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now