Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Random music playing virus (STDRT.EXE, crosspost)


(!)

jwcgator's Avatar
jwcgator jwcgator is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Dec 2005
Location: Florida
Experience: Not scared by CMD
19-Jul-2010, 12:03 AM #1
Random music playing virus (STDRT.EXE, crosspost)
Posted this on Windows 7 Forum; Makes more sense to post it here:



This all started today when I plugged in an HDTV with an HDMI cable and I heard random mixtures of music and talking playing through the speakers. At first I thought it was the tv picking up something in the air so I unplugged the cable and the "music" started playing through my laptop speakers. I closed every running window to make sure it was nothing I had running but it was still playing. I traced the sound back to STDRT.EXE using the audio mixer. It normally hovers around 17mb but when it activates it goes up to 300mb. There are a lot of temp files containing the exe and other files (that are replaced after a reboot).
The audio only seems to happen when I plug in my TV, though.

I'm rather stumped, because neither Mal-ware Bytes nor Spybot can find anything related to it, and a scan of any of the files leads to nothing.

Also, I'm leaving for a trip in about 5 hours from now so I may not be able to get on the internet for a while (anywhere from 6 hours to 4 days, depending on internet access availability) .

Attached is a file containing a sample of what plays and my HJT log..
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
19-Jul-2010, 11:32 AM #2
Hi

Please do the following:



Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.



NEXT





Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.
jwcgator's Avatar
jwcgator jwcgator is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Dec 2005
Location: Florida
Experience: Not scared by CMD
19-Jul-2010, 07:05 PM #3
Thanks! Attached are the log files


Edit: also, it's playing the random music atm, it's just automuting itself on the current audio playback device.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
20-Jul-2010, 10:34 AM #4
Hi

Do you recognize this directory? Did you create it yourself?

If not - open it and let me know if it contains files (don't open them > just report)

Please do the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    @Alternate Data Stream - 1213 bytes -> C:\ProgramData\Microsoft:lJOLmCyz2Q7Lkbybly4mfV
    
    :Commands
    [resethosts]
    [emptyflash]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT



Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

**Vista users - right click on the IE icon and run as administrator

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
jwcgator's Avatar
jwcgator jwcgator is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Dec 2005
Location: Florida
Experience: Not scared by CMD
20-Jul-2010, 10:49 AM #5
I'm not sure what directory you're referring to, but I'll go ahead and start on all of that now.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
20-Jul-2010, 12:21 PM #6
sorry about that,

could have sworn I copy/pasted that in

C:\Users\jwcgator\Documents\jtk379en
jwcgator's Avatar
jwcgator jwcgator is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Dec 2005
Location: Florida
Experience: Not scared by CMD
20-Jul-2010, 06:01 PM #7
Here are the logs, Kaspersky seems to have found the file that was causing all of this (Windows/system/regsrv.exe)

Edit: oh and about the folder, it's a program called joytokey, it's safe
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
20-Jul-2010, 07:53 PM #8
Hi

Please do the following,

Please empty the SPAM folder in your email, then empty the recycle bin


NEXT


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :Files
    C:\Program Files (x86)\Image-Line\FL Studio 9\FL.exe	
    C:\Windows\system\regsrv.exe	
    
    :Commands
    [resethosts]
    [emptyflash]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log

NEXT

Please post a fresh OTL log and advise how your computer is running now and if there are any outstanding issues.
jwcgator's Avatar
jwcgator jwcgator is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Dec 2005
Location: Florida
Experience: Not scared by CMD
20-Jul-2010, 08:54 PM #9
I experienced some weird behavior when I ran that in OTL, I got a popup telling me that Windows encountered a serious error and was going to reboot in 1 minute (which it did). OTL didnt finish running (it was all the way up to clearing the temp files, though). I checked task manager, and there were many iexplorer.exe (or iexplore.exe, dont remember which) running under SYSTEM. The next boot appeared to be locked up so I cool-rebooted my laptop and the files hadnt been deleted, so I deleted them myself manually which has cleared all symptoms.

tl;dr: A bunch of weird stuff happened but I got rid of the files and they didn't come back.

Thank you so much for your time!!

Attached is a fresh OTL log using the parameters I used before
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
21-Jul-2010, 07:28 AM #10
That was odd behaviour, at least you were able to delete the files manually.

The log appears to be clean,

so let's do the tool clean up,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 21 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 21 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u21 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


NEXT


Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.


If any tools / logs remain on your desktop > right click and delete them

Let me know how the computer is running and if there are any outstanding issues.
jwcgator's Avatar
jwcgator jwcgator is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Dec 2005
Location: Florida
Experience: Not scared by CMD
21-Jul-2010, 08:17 AM #11
Java is all up to date and my computer is cleaned up and running great!

Thank you so much for your time and help, I really appreciate it.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
21-Jul-2010, 10:10 AM #12
you are welcome

stay safe

~CB
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Solved: Music playing virus? (STDRT.exe) jwcgator Windows 7 0 18-Jul-2010 11:50 PM
Random ads, "Congratulations, you have been selected to win .... !" and random music. Yanks4Life92 Virus & Other Malware Removal 4 04-Aug-2009 09:34 AM
Random music/video files play on desktop with NOTHING open. ShwStppnActr Virus & Other Malware Removal 1 30-Jul-2009 04:01 PM
Random music playing on my computer ciece Virus & Other Malware Removal 0 07-May-2009 01:48 PM
Music plays when Firefox opens akdezyn All Other Software 7 16-Mar-2009 09:29 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2