I have a randomly occurring problem with a short (90 second?) audio file that describes how to juice a prickly pear. It plays suddenly and unexpectedly at apparently random intervals.
I have no idea where this file originates. I have no interest in prickly pears from either a gardening point of view or as something to eat. I have never deliberately clicked on a link or ad dealing with prickly pears.
This thing has been playing periodically for a few weeks now. The strangest symptom is that I can never find any kind of window for it. It just plays and offers no controls or window so that I stop it (or replay it if I actually wanted to do that). Since I can’t stop it, I simply shut off the speakers for a minute or two until it is done, then put the speakers on again.
My Avast is fully up to date (programs and definitions) and I’ve done both a quick scan and a full scan without detecting any sort of malware.
Does anyone have any thoughts on how I can find and remove this stupid file? It’s really irritating me.
I’ve run the various scans and have the logs you wanted, except for Extras.txt from the OTL program. I don’t think that one got generated. I can’t find it with OTL.txt so I’m guessing the program changed recently and no longer produces that file but your documentation doesn’t reflect that yet.
I’ve had no previous contact with three of the four programs you recommended running - I have used Malware Bytes before - but I’m not seeing any actual malware detected by these programs.
Can you see anything that explains why I’m getting that annoying audio file about juicing prickly pears? What can I do to find and remove that audio file?
It should still be generated, but if you have run OTL before it doesn’t create it again. But that said it should still be present (unless deleted) if you have previously run OTL.
EDIT: A malware removal specialist has been informed of your topic.
Hi do you know what this folder is ? C:\Users\rhino_000\Documents\Sound Organizer
Please RIGHT-CLICK HERE and Save As (in IE it’s “Save Target As”, in FF it’s “Save Link As”) to download Silent Runners.
[*]Save it to the desktop.
[*]Run Silent Runner’s by doubleclicking the “Silent Runners” icon on your desktop.
[*]You will receive a prompt: Do you want to skip supplementary searches?
click NO
[*]If you receive an error just click OK and double-click it to run it again - sometimes it won’t run as it’s supposed to the first time but will in subsequent runs.
[*]You will see a text file appear on the desktop - it’s not done, let it run (it won’t appear to be doing anything!)
[*]Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here. NOTE If you receive any warning message about scripts, please choose to allow the script to run.
I did a search of the entire computer (or at least I TRIED to do so but I’m not familiar with the Search functionality on the laptop so I may have done it wrong) and couldn’t find Extras.Txt anywhere. I originally ran OTL without all the pasted scans (I hadn’t scrolled down far enough), then ran it correctly. Is that why Extras.Txt is (apparently) not present? Do I need to run it again? If so, do I need to do anything special to make it create Extras.Txt, like uninstall/reinstall?
When I saved the link, it put a text file called Silent Runners.vbs.txt on my desktop. When I double-click the file, it doesn’t run, it opens in Notepad. Should I rename the file to omit the .txt extension? Or is there some other technique I should use? The afflicted computer is running Windows 8.
With regards to OTL, I can see only two files: OTL.exe and OTL.Txt, both of which are in my Downloads directory. There is no directory on C: (or D:) with a name anything like OTL or _OTL. I’ll be happy to rerun OTL for you if that would gather more/different information but you’ll need to be clear on how to do it differently this time to make that Extras.Txt file appear.
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Kaspersky didn’t discover any threats at all. I tried to cut and paste of the report but it exceeded the length limit so I pasted into a text file and have attached it.
I’m online pretty much every second I have the computer turned on, which is pretty much every moment I’m awake, even if I am not doing anything online at the time, like playing a game that doesn’t involve online access.
I haven’t really figured out a pattern to this problem. It doesn’t happen a lot, typically just a couple of times in a day. But some days it doesn’t happen at all. It may very well depend on being online but I’m not particularly keen to stay offline for a couple of days just to see if this is going to happen when I’m offline. It’s been happening for a couple of weeks now.
Run the programme you have just downloaded to your desktop ( it will be randomly named )
First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.
Do not close AVPTool or it will self uninstall, if it does uninstall - - then just rerun the setup file on your desktop
Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then upload the zip file to a file sharing site
The file is located at C:\Users[i]your name[/i]\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip
I was unsuccessful in installing Kaspersky. It downloaded fine but when I tried to install, it got as far as extracting files and a bit farther, than popped up an error dialog that said:
“VPTool installation failed.
Please try to reboot your computer. Error message is: Client register error: -2147024894”
I did the reboot but the same thing happened when I tried to install after the reboot.
Do you have a spare USB drive ? If see we will play outside of windows
Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
[]Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
[]Launch drwebliveusb.exe.
[*]The program will detect available USB-devices automatically and prompt you to choose the one you’d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
[]To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
[]Files will be copied automatically.
[]Once the copying process is completed, press the Exit button to close the application.
[]Reboot the infected computer with the USB in the drive
[]Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
[]As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
[]The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
[]Once completed reboot to normal windows
[*]No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist
Sorry for the delay. I’ve created the emergency USB drive but I’m having a heck of a time getting into my BIOS to change it so that it will boot from USB. In a nutshell, nothing I’ve tried so far has gotten me to the BIOS. I’ll keep plugging away at it and post back again when I have been in the BIOS. I don’t know how long that will take: minutes or hours. Maybe days at this point…
I’m getting very frustrated. This prickly pear business is just a sideshow while I work on bigger issues on my main computer but this stupid little audio file is starting to suck up as much of my time as the big issues on the other computer. I don’t like giving up but it’s starting to look attractive right about now…
Once completed could you upload the zip file to a file sharing site for me to collect