My main computer has started intermittently playing the Windows ‘Asterisk’ sound at random intervals. Most times, this is not accompanied by any pop-up system window, but occasionally it asks about needing to format D: before writing to it. D: is an old Linux drive, there are no programs or data that Windows would need access to nor have I ever told Windows to attempt to access that drive. I am taking these attempts to write to D: as evidence of an infection of some sort. I have tried doing an Avast full scan, an Avast boot scan, and an MBAM full scan, none of which find anything untoward but the computer continues to play that sound and attempt to write to D:.
Additional information -
Windows 7 Home Deluxe, SP1
Avast versions 130621-1 8.0.1489, dated 6/23/2013
MBAM version 1.75.0.1300, dates 04/04/2013
Please find requested logs attached. I also note that at this point, the system is identifying my optical drive as D: and the Linux drive as E: and the ‘please format’ messages are for drive E:
Hi first a question did you install this [2013/04/04 19:04:40 | 000,000,000 | —D | M] – C:\Users\Carnifex\AppData\Roaming\Curse Advertising
Also when the ding occurs could you see what is running in task manager… Is there a regularity about them i.e. 15 minutes after start or every few days or so ? Thinking along the lines of a job being queued here
Also you have the update client running are you aware of that O4 - Startup: C:\Users\Carnifex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Curse is an add-on manager for World of Warcraft, it tracks which add-ons have newer versions available so that they can be kept fully patched-up and current. If it is a problem, it can certainly be uninstalled however it has been installed since around October of 2012 while the sounds and windows only have been occurring the past week or so.
The sound plays anywhere from once per minute to every 15 minutes, with a random interval. It does seem to be more frequent the more applications are running so possibly the virus has set itself in the registry as a launcher for .EXE files or something?
Sound just played, and got the ‘cannot write to E:’ warning window. Firefox was the only running application, nothing appeared untoward in the processes tab of Task Manager. Will try killing the Curse process and see if that stops the problem.
No. I originally built this system as a Linux box, and later installed a second HD and put Windows on that (and rearranged the SATA cables to make the new drive the first one). I have not touched the Linux HD since Windows was installed. Windows shouldn’t be looking for anything off of C:.
Interestingly - I tried stopping the Yahoo, Curse, and two anti-spyware apps processes and the beeping and error message about D:/E: has dropped to nothing. I don’t use YM on this machine (I have an older box I use as a comms server for that) so will plan to uninstall that completely. Curse is useful, but I suspect it wouldn’t hurt it to be uninstalled and a fresh copy installed from the makers site, as this one seems to be possibly compromised.
Have determined that the beeping in question is from when Windows dismounts, remounts, and attempts to access my old Linux drive. A beep for each, and a warning window only on the last. What remains unsolved is just why Windows decided to start trying to reach this volume after a year or so of ignoring it (as it should) and how to tell Windows to resume ignoring it. The latter question has been posted to MS technical support, and I do thank you all for your help in getting this far.
I haven’t been able to find an answer, unfortunately. One MS tech who couldn’t grasp the idea of two separate hard drives instead of two partitions, which invalidated his stock ‘bad sectors’ answer was as close as I got.