Featured Post

Avira Antivirus Pro - Review 2020 - PCMag India

Avira Antivirus Pro - Review 2020 - PCMag IndiaAvira Antivirus Pro - Review 2020 - PCMag IndiaPosted: 11 Jun 2020 12:00 AM PDTEvery computer needs antivirus protection, and one way companies can support that aim is to provide free antivirus to the masses. But these companies can't survive unless some users shell out their hard-earned cash for paid antivirus utilities. Piling on pro-only tools and components is one way companies encourage upgrading to a paid antivirus. Avira Antivirus Pro adds several components not available to users of Avira Free Security, but they don't really add much value. The biggest reason to pay for it is if you want to use Avira in a commercial setting, which isn't allowed with the free version.Avira's pricing is undeniably on the high side, with a list price of $59.88 per year for one license, $71.88 for three, and $95.88 for five. Admittedly, it seems to be perpetually on sale; just now, the one-license price is discounted to $44.99. That…

Observed Some Weird Things, but Scans Found Nothing - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Hi Everyone,
The TL;DR of this topic is that I heard some inexplicable voice-chat like sounds from my computer a couple of times this week, but I have been unable to reproduce the problem and a bunch of anti-malware scans have not picked anything up. I also encountered a couple of minor instances of other things not quite acting how they should. Due to the serious nature of the worst-case scenario (i.e. a RAT or something similar), I want to make sure I'm not missing anything and that there's nothing else I can do.
The long version:
The following happened on a Windows 10 laptop. Two times earlier this week, I was web browsing when I temporarily heard, out of nowhere, audio that sounded like I was listening through someone else's microphone. I'd hear some static-y movement (e.g. rustling of papers) a bit of music (in the second case, a piano), and then the sound stopped without me doing anything. It hasn't happened since, despite my best efforts to try to reproduce the circumstances in which I heard them. It's possible that it was just some ad, video, etc. in one of the multiple tabs I had open; I did have both Chrome and Firefox open at the same time, so some tabs were out of site. But all of the tabs in the window I was using did not display the usual audio icon (unless I did not glance up fast enough and I missed it), and the idea that it came from a window I wasn't touching for some time, randomly started and stopped, and did not sound like any typical ad isn't something I was fully willing to bet on. Aside from this very odd occurrence, a couple of other things weren't behaving 100% correctly. I realized around this time that Windows' "Change Your Password" Systems settings window wouldn't open fully, for instance. I had an update I was trying to install through "Check for Updates" that wasn't fully installing (though in the last two days I've learned that pressing said button could lead to unstable updates, so perhaps that was the real problem). And when I was running some initial scans, it seemed that Windows Defender Offline Scan may not have been completing, in that it seemed to stop at 92%, there was no indication in the Protection History that it had ran, etc. (though I have since learned that this might be expected, if flawed, behaviour).
Below is roughly the steps that I followed after hearing these noises. The exact ordering of some of the various scans might be a little off, but should be insignificant.

  • Ran a Malwarebytes full scan
  • Ran a Windows Defender full scan
  • Ran a Windows Defender Offline Scan
  • None of the above detected anything (provided the Offline Scan was indeed working correctly), but I still was concerned and Windows still wasn't working perfectly, so I updated my file backups and decided to reset Windows. In this factory reset, I opted not to keep any of the files on my C: Drive (though I did not wipe my D: Drive, where most of my files are actually kept).
  • After resetting Windows, I could change my password via Windows' Settings again, but that one update still wouldn't install and Windows Defender Offline was still behaving the same way as before.
    In trying to fix these issues based on whatever info I could find online, I also discovered that the command
    Dism /Online /Cleanup-Image /RestoreHealth
    would always return the error 0x800f081f, in spite of me going through many of the suggested workarounds such as creating a local .wim file using the Media Creation Tool, though it seems like this is a common problem, and regardless, the command 
    sfc /scannow
    works fine and doesn't detect any problems.
  • I ran RKill (and tried to do this before other scans later down in the list, but sometimes forgot to do so; it didn't detect anything, though, so I don't think it really matters).
  • Ran a full Malwarebytes scan again.
  • Ran a full Windows Defender scan again.
  • Ran Malwarebyte's anti-rootkit BETA mbar
  • Ran Adwcleaner
  • Ran Roguekiller
  • Ran the Microsoft Anti-Malware Signature Package
  • Ran the F-Secure Online Scanner
  • Ran the ESET Online Scanner
  • Ran the Sophos Virus Removal Tool
  • Ran Hitman Pro

I also made a ESET SysRescue Live Disk from another computer running Linux Mint, but when I tried to use it, the scan kept freezing. Apparently, "A running Smart Scan from a SysRescue CD may freeze under some circumstances" is a known issue, though?
Anyway, except where noted, all of the above didn't detect anything. In some sense, I would have been surprised to have found something very nasty, since I always have Windows Defender on and generally don't perform any risky software installs or web browsing (the only thing that might be considered an "exception" is that I don't use adblock, since I'm still unsure where I stand on the ethics of that).
But on the other hand, the sounds I heard really freaked me out. As can be seen in the links below, the problem seems somewhat common, and interestingly, the appearance of a piano (or organ/keyboard/etc.) appears with moderate frequency. But the explanations vary from picking up radio frequencies, to some very odd pop-ups, to audio-playing Trojans that could only be found by some very specific antivirus tool, to the worst-case scenario of being "compromised with a RAT(remote access tool) and the other side accidentally turned their audio on". I suppose that it'd have to be a fairly sophisticated piece of malware if it were to survive my reset installation (as it would have had to either modify the files used for the reinstallation or be hiding somewhere random on my D: drive). I'm not sure if the other explanations make complete sense to me, though. For example, all of the "radio" examples seemed to apply mostly to external speakers or headphones, whereas I'm only using using my laptop's built-in speakers, and I don't know how feasible it is that they would pick up audio. Unfortunately, unlike some of the below examples, I cannot replicate what I heard at all in order to investigate further, which is particularly frustrating.

I'm eventually going to do a reformat and a reinstall from a live USB and a Windows 10 .iso (because why not?) soon anyway. I'll also be monitoring my network connections fairly closely with netstat and/or wireshark and/or tcpviewer. Unfortunately, I can't wipe out everything on my D: drive and restore from a guaranteed-clean backup because (1) if this was an infection, I have no clue how long I would have had it for, and (2) I have a lot of new files since my last back-up as a result of just starting a new job.
But before I do that and try to put this behind me, I wanted to ask for a second opinion as to whether the oddities I observed seem reasonable from a non-virus perspective, or whether there's any last thing I should try or check before calling it quits, just because the worst-case scenario is so disturbing. If there is, somehow, anything malicious on my device, I very much want to find it for peace of mind and for ensuring this never happens again.
FRST scan results will follow as replies, as to not exceed post length. Thanks in advance

Edited by cmfordocuments, Today, 12:52 AM.



Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US