06-18-2008 09:56 AM
I had to manually remove this virus from my computer. Windows defender, Norton 360, Ad-aware, and every other program that I had fully up to date reported my computer as virus, adware, and malware free. But the sound clips kept playing at random intervals from my speakers - very random sound clips too.
I did a search and found this thread: http://www.techsupportforum.com/security-center/ge
Problem: Random sound clips and burst were playing. I would hear explosions, cars, etc... random movie ads like "the blah blah pay-per-view" etc. Just random sound in general. I also heard a "Hello" at one point.
The problem is a combination of "perfs.exe" and "indt2.sys" that are infecting your system. The thing actually playing the sound is "indt2.sys". If you open the Windows Task Manager and find it, watch and be patient. When a sound comes it will jump from like 2-3MB of Ram to over 20+MB. Additionally if you sort by memory use it you will see it is the only process that has a memory spike when one of the random sounds comes across your computer. I actually found this out by accident and after waiting a bit saw this seemed to be the problem.
Although I'm not really sure of the best sure-fire way to get rid of it, here is what I did and it hasn't shown back up in the task manager.
I used RegRun Reanimator (http://www.greatis.com/security/download.htm) to isolate the perfs.exe file for removal. It took a few tries to get reanimator to find it, but eventually it did. I then had it remove it at the next boot. I had previously patched my registry to allow the "Take Control" option in vista. This allows you to take control of a system file and delete it. I found the registry patch here (http://www.askvg.com/add-take-owners...windows-vis
Brief rundown of steps:
1) Make sure Vista "Take Control" is enabled by patching registry.
2) Isolate perfs.exe using Regrun reanimator.
3) Have reanimator delete prefs.exe on next boot.
4) Reboot, should get message before Vista loads saying perfs.exe was deleted.
5) Navigate to C:\Windows\System32
6) "Take Control" of Indt2.sys by right clicking and selecting "Take Control"
7) Delete Indt2.sys
8) Empty the recycle bin to flush that nasty file away.
06-19-2008 12:11 PM
Had you tried the steps in this document?
Searching the filenames you listed, it seems that these threats match the description on the page. Please let me know if you think it might be something else, with any additional information as to why. Thanks!