Solved

Virus plays random sounds on Win 7

Posted on 2010-11-07
9
1,172 Views
Last Modified: 2013-11-22
Hi,

Apparently I've contracted a virus or trojan or something similar that will play random sounds at random intervals.  I saw some stuff in google, but it's all old.

What program might find & eliminate this?

Is it a service at start up?  Did it overwrite a system file? What is the best way to track this down?

How EXACTLY does this thing start up?

Is there anybody who actually knows for sure?

Thanks!

I'm running Windows 7, and have AVG and MalwareBytes installed already.
0
Comment
Question by:ugeb
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 7

Expert Comment

by:kpmartin
ID: 34080805
Here's a shot in the dark...  Last week I would occasionally hear a dog bark or bird chirp; maybe a few other sounds.  They were so low I didn't realize for a bit that it was the PC till it got redundant!  I did a thorough check of the PC and found nothing unusual.  So I removed an alarm clock/timer gadget since that was the only thing I knew was active and played a sound, often without being set to alarm.  The sounds went away.  I forgot about it till now and reinstalled the clock to see if it re-occurs.  Be interesting to see if that's applicable to your case.  I'll update if I find anything...
0
 
LVL 11

Author Comment

by:ugeb
ID: 34080847
No, this is definitely some sort of malware.
0
 
LVL 23

Expert Comment

by:DanCh99
ID: 34080861
AutoRuns will list your startup programs:
http://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx

and so can SilentRunners
http://www.silentrunners.org/thescript.html

I'd suspect a joke program, rather than virus, which is generally good news...  easier to kill!

Both programs will give lots of output.  Be careful with deleting or disabling what you're not sure about!
0
 
LVL 11

Author Comment

by:ugeb
ID: 34080933
Thanks for the links.  The problem is that there are so many programs/services/etc. that launch, I don't know what is legitimate or not.  I also don't know if some program is masquerading as a valid windows file.

How do I use this info?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 33

Accepted Solution

by:
Todd Gerbert earned 500 total points
ID: 34081039
MalwareBytes' Anti-Malware has been very good for me, http://www.malwarebytes.org.  Run a scan with your anti-virus, and also with MalwareBytes.  If you don't have an anti-virus you can get one for free, I like AVG's free anti-virus http://free.avg.com and Microsoft makes a decent free one http://www.microsoft.com/security_essentials.
Since you're on Win7 you can right-click on the speaker icon near your systems clock, and choose "Open Volume Mixer", it should show every application that's using the sound system - that might give you an idea of what the program's name is.

Untitled.png
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34081046
Just noticed you mentioned you already have AVG and MalwareBytes... but just make sure they're up to date.
0
 
LVL 11

Author Comment

by:ugeb
ID: 34081234
Yes, I was looking for precisely this; something that would show me what was using the audio system.

Turns out something in Firefox called "Plugin Congainer for Firefox" is responsible, and when the sound played I was quickly able to mute it from the volume mixer as you illustrated.  The container is legitimate, and is needed for all audio plugins in Firefox, e.g. Adobe Flash Player.  But something, an addon or something in the container itself got infected.

I don't know whether I can just reinstall Firefox, or if I have to uninstall, delete, and reinstall all my addons too.

Thanks!
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34081410
I would start by going to the "Tools" menu in FireFox and clicking "Add-ons", then disable Plugins and Extensions one at a time until you find the culprit.
0
 
LVL 7

Expert Comment

by:kpmartin
ID: 34081563
Funny, I had similar results but mine showed "Windows Desktop Gadgets", hence my earlier diagnosis...  I was having some error in the past with "Plugin Container for Firefox" though.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

One of the features I've come to appreciate about Windows 7 and Windows Server 2008 R2 is the ability to pin applications to the task bar. As useful a feature as I've found this, it does have some quirks.  For example, have you ever tried pinning an…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now