Windows Legacy OS forum

General discussion

Sound Card Virus?

by jeesonus / March 25, 2009 2:45 PM PDT

Hello... I could not find this topic already addressed. I was listening to music on my computer when I opened a Zip file I had downloaded... my Windows Media player shut down, followed by my whole computer shutting down. When I re-booted everything was fine except the computer did not recognize my sound card (C-Major Sigma Tel Audio.)

In Control Panel my Volume Control is greyed out and lists "No Audio Device." The Audio tab is greyed out: "No Playback Devices, No Recording Devices, No Midi Devices." On the Hardware tab I highlight my soundcard: "PCI Bus 0, device 31, function 5- This device is working properly" Under Audio Codecs & Legacy Audio Drivers I get "Location Unknown" but "These devices are working properly." I have tried uninstalling the sound card and re-installing, restarting the audio Services under the Administrative Options tab, and more... the sound was working again for five minutes until I turned the computer off.

I can't get it going again since I turned it back on... any suggestions?

Thanks!

Discussion is locked
You are posting a reply to: Sound Card Virus?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Sound Card Virus?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
First try?
by R. Proffitt Forum moderator / March 26, 2009 12:17 AM PDT
In reply to: Sound Card Virus?

Use System Restore to a day before the problem.

Collapse -
Thanks
by jeesonus / March 26, 2009 1:26 AM PDT
In reply to: First try?

Thanks, I tried System Restore but it did not work. Any other ideas?

Collapse -
You might be a Norton user.
by R. Proffitt Forum moderator / March 26, 2009 2:12 AM PDT
In reply to: Thanks

Symantec does tell how to fix that issue. Your post is too light on details to go much further.

Collapse -
Malwarebytes Scan
by jeesonus / March 26, 2009 2:29 AM PDT

I have Malwarebytes Anti-Malware software. I had Norton Antivirus but it has been rendered unusable since this attack.

Here is my logfile after running a Malwarebytes System Scan:
Malwarebytes' Anti-Malware 1.34
Database version: 1890
Windows 5.1.2600 Service Pack 3

3/26/2009 8:53:53 AM
mbam-log-2009-03-26 (08-53-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 150728
Time elapsed: 58 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Mike Liberty\Application Data\m (Trojan.Agent) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\Mike Liberty\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5B569949-7F2C-4454-8B46-89D4173A3CB8}\RP557\A0186014.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5B569949-7F2C-4454-8B46-89D4173A3CB8}\RP557\A0186102.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5B569949-7F2C-4454-8B46-89D4173A3CB8}\RP558\A0187102.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5B569949-7F2C-4454-8B46-89D4173A3CB8}\RP559\A0187171.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5B569949-7F2C-4454-8B46-89D4173A3CB8}\RP559\A0187228.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5B569949-7F2C-4454-8B46-89D4173A3CB8}\RP559\A0187248.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike Liberty\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike Liberty\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike Liberty\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike Liberty\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\Mike Liberty\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mike Liberty\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.

I delete infected files, reboot & re-scan and everything is back. Any advice?

Collapse -
How did I guess Norton.
by R. Proffitt Forum moderator / March 26, 2009 3:05 AM PDT
In reply to: Malwarebytes Scan

It remains the primary cause of System Restore failures I encounter.

Here's a link on what to try to let you use system restore -> http://service1.symantec.com/SUPPORT/sharedtech.nsf/pfdocs/2005113009323013

I didn't find the source document about this but you can disable the Norton tamper seal and restore the machine. At least I've been able to so far. If that is not possible, ask Symantec how to repair the damage they caused.

If Symantec disowns you read and post in a malware forum like http://www.malwarebytes.org/forums/lofiversion/index.php/t11684.html
Bob

Collapse -
Yikes
by jeesonus / March 26, 2009 4:20 AM PDT

The problem is the virus prevents me from opening Norton Antivirus to disable the tamper seal to run System Restore!

Any time I try to run or open any Norton product I get the error message: "BLANK is not a valid Win32 application." Is there any back door to get into Norton to disable the seal so I can do a system restore?

Thanks for your help so far!

Collapse -
Either call that in to Symantec
by R. Proffitt Forum moderator / March 26, 2009 6:13 AM PDT
In reply to: Yikes

Heck you paid for it.

Or consider this. Google can't find anyone with "BLANK is not a valid Win32 application."

Head to forums that help people recover from pests. This is not so much a XP issue but a Symantec travesty.
Bob

Collapse -
Sound card virus? Uninstall Norton
by Rainstorm5512 / April 20, 2013 10:55 PM PDT
In reply to: Sound Card Virus?

I had bought a brand new laptop in March and while it has Windows 8 on it (boo hiss) it worked ok until the preinstalled Norton anti-virus software ran out on its trial period. A week past that date (three days ago), my sound card mysteriously quit working. I tried system restore, etc and it did not work.. What worked? I uninstalled Norton and all Symantec components. MY sound card is back. Thanks CNET!

It seems as though Norton does this on purpose to get people to renew the product. This ticks me off because I almost took this comp in to get a $99 diagnostic & was prepared to wait 2 months computerless to see if the manufacturer would install a new one. This is BS. Norton has always put out bad software with all kinds of crap you don't need and messes things up. Why do manufacturers include this stupid program on all new models? It's either Norton or McAfee, and both are garbage, IMO. If this happens to you, and if you have Norton, dump it out of your system and see if it works afterward.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?