"Random" sounds, promos, and previews

Discussion in 'Windows Media Center' started by CClif, Dec 2, 2007.

  1. CClif

    CClif Guest

    Hello...

    I am getting seemingly random playing of sounds, tv/movie promos, etc. on my
    system. This seems like it is an adware application connected to the
    internet...

    I've run a full system scan with the latest spyware/virus definitions and my
    system is "clean."

    I've checked the Add/Remove Programs list and everything looks normal -- no
    suspicious or unfamiliar programs...

    I've checked the Task Manager for a list of all processes currently running
    and nothing is out of the ordinary...

    Has anyone else had this problem and if so, how can I get rid of these
    random audio events!

    Thanks
    c
     
    CClif, Dec 2, 2007
    #1
    1. Advertisements

  2. CClif

    Matt Guest

    Ok, I had this problem as well and I believe that after catching the software
    culprit in the act (luckily is played a bit too long once) I think I have the
    solution!

    Problem: Random sound clips and burst were playing. I would hear explosions,
    cars, etc... random movie ads like "the blah blah pay-per-view" etc. Just
    random sound in general. I also heard a "Hello" at one point.

    Solution:
    The problem is a combination of "perfs.exe" and "indt2.sys" that are
    infecting your system. The thing actually playing the sound is "indt2.sys".
    If you open the Windows Task Manager and find it, watch and be patient. When
    a sound comes it will jump from like 2-3MB of Ram to over 20+MB. Additionally
    if you sort by memory use it you will see it is the only process that has a
    memory spike when one of the random sounds comes across your computer. I
    actually found this out by accident and after waiting a bit saw this seemed
    to be the problem.

    Although I'm not really sure of the best sure-fire way to get rid of it,
    here is what I did and it hasn't shown back up in the task manager.

    I used RegRun Reanimator (http://www.greatis.com/security/download.htm) to
    isolate the perfs.exe file for removal. It took a few tries to get reanimator
    to find it, but eventually it did. I then had it remove it at the next boot.
    I had previously patched my registry to allow the "Take Control" option in
    vista. This allows you to take control of a system file and delete it. I
    found the registry patch here
    (http://www.askvg.com/add-take-owners...windows-vista/). When my computer
    rebooted I navigated as fast as possible to C:\Windows\System32 and found the
    Indt2.sys file. I right clicked it, took control of it and deleted it. The
    sound seems to have stopped now.

    Brief rundown of steps:

    1) Make sure Vista "Take Control" is enabled by patching registry.
    2) Isolate prefs.exe using Regrun reanimator.
    3) Have reanimator delete prefs.exe on next boot.
    4) Reboot, should get message before Vista loads saying prefs.exe was deleted.
    5) Navigate to C:\Windows\System32
    6) "Take Control" of Indt2.sys by right clicking and selecting "Take Control"
    7) Delete Indt2.sys
    8) Empty the recycle bin to flush that nasty file away.

    Your annoying sounds should be gone after that.

    Hope I helped! ~Matt
     
    Matt, Dec 10, 2007
    #2
    1. Advertisements

  3. CClif

    tateros

    Joined:
    Jun 26, 2011
    Messages:
    1
    Likes Received:
    0
    I had the same problem. I found stdrt.exe was the culprit.

    I went into task manager and stopped the process "Stdrt.exe", which was being used by windows media center.

    I went into Regedit and deleted all the instances of the file.

    I deleted the actual file, which was in c:\windows\temp\mrt5263.tmp\stdrt.exe

    Then I did a quick scan with malwarebytes, which found 2 trojans.

    So far so good.
     
    Last edited: Jun 26, 2011
    tateros, Jun 26, 2011
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.