After a recent attack by the trojan Spyware Protect 2009, my PClost the System Restore function. The trojan, which bombardedmy system with numerous and frequent popups claiming virusinfestation, was cleaned up but still suffers from aftershock.
A mysterious aftereffect is background audio thatcomes on at random times. The content is non-offensive andsounds like commercial announcements from an internet broadcastsite. Removing the internet cable or locking down the firewalleliminates the intrusion, but that's not the desired solution.How can I detect where this is coming from?
The System Restore function was originally tried in hopes ofeliminating the trojan, but would not work. Now I can't evencreate a restore point. The System Restore window displays andallows me to go through the motions including naming the restorepoint, but clicking OK results in the message "Unable to createrestore point, reboot the system and try again". Rebootingdoesn't help. It was verified that System Restore and TaskManager services are active and there is more than adequatehard drive space available.
Any suggestions short of a Windows re-installation would beappreciated.
You wrote: "(the) infestation was cleaned up but still suffers from aftershock.
A mysterious aftereffect is background audio that comes on at random times. The content is non-offensive and sounds like commercial announcements from an internet broadcast site".
Two possibilities come to mind:
1) the infestation was only partially removed, and is still present "haunting" you.
2) an open web page is broadcasting the commercial.
Let's check on (and either confirm or rule out) the second possibility... Do you have any browser windows/tabs running (even if they're only in your system tray and not "obviously" open)? If so, check out each window (and each TAB) to see if there's an advertisement broadcasting there. Many times, a "Flash" ad can have audio with it. Likewise, if you have any instant messenger programs running, it could be a "feed" from a friend.
If you have nothing running on the internet (browsers, messengers) while the ad is broadcasting, then it would point to an incomplete removal of your problem.
Windows 7 Pro SP1 (64-bit), avast! v12 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]
Adding to what ky331 has posted, can you tell us what procedure was used to clean the malware?
Windows Insider MVP
Microsoft MVP - Consumer Security 2006-2016Social Media and Community ProfessionalSpywareHammer
I am not a Microsoft or a Dell employee. I am a volunteer.
Thanks for your interest...
After Googling the problem, the results were mixed. Many recommended specific anti-spyware programs but one result detailed exactly which processes and files to look for. So I hacked the registry and found a "folder" named AvScan whose keys listed all of the "Spyware Protect 2009" processes matching the Googled results. I simply deleted the AvScan "folder" and the annoying popups disappeared.
I also ran a program called Spyware Doctor which absolutely disagreed with my system and caused more problems than it was worth. Then I ran RegCure which pretty much cleaned things up except for System Restore and the occasional background audio.
The background audio is not a constant thing. I could be working with the system and not be interrupted for hours - then out of the blue I here what sound like a broadcasting internet site. I can silence by using McAfee's Internet Security to lockdown the firewall.
My system, by the way, is a Dell 4700 running Windows XP Media Center Edition SP3.
"one result detailed exactly which processes and files to look for"
Perhaps if you go back to that site and explain your current problems, they will assist you in fixing any additional issues. That way, they can adjust their procedure based on what you have experienced.
...and there lies the problem! I have no idea what site is streaming the background audio. It occurs when I am not actively online and even bringing up the Task Manager to look for any weird programs or processes doesn't show me anything out of the ordinary.
Many recommended specific anti-spyware programs but one result detailed exactly which processes and files to look for.
I suggest that you go back to the site that gave you the information on what files to delete and how to "hack" the Registry, and tell them that you are still having problems -- one of which is background audio.