Old 13th July 2008, 23:13   #41
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,821
The mp3 files are corrupted. The fix (FS-MP3Fix) is a few posts further up.

The reason why WMP can play them is because the trojan installs somes flash codec thing for them to play in WMP (your files have actually been converted to wma, heh).

By the way, are all those entries I referenced above now gone when you run HJT scan again? Or did some other weird random named "O20 - Winlogon Notify" entry reappear?
DJ Egg is offline   Reply With Quote
Old 14th July 2008, 22:56   #42
bjarnihk
Junior Member
 
Join Date: Jul 2008
Posts: 4
..continued

Hi
I have done some some testing and found out that the majority of my mp3 files are infected. I ran some through FS-MP3FIX and it worked to make the files playable to Winamp but unfortunately the tags were lost. I'm not prepared to that to all my mp3's just yet.
To see if an mp3 file is corrupted or not you can look at the bit rate of the file shown by Windows Explorer. See the attached picture.(Maybe you already noticed...) If the bit rate doesn't match any of the standard rates the file is corrupted.
Winamp skips corrupted files with bit rate higher than 128kbps but plays the corrupted 128kbps (130kbps) file with crappy sound. I did not test files with lower rates.
I tested the three corrupted files, the one shown in the picture and two others, 160kbps file (WE says 162kbps) and 320kbps (WE says 324kbps) in Yahoo Music Jukebox (2.2.2.058)and Windows Media Player (11.0.5721.5230) and both players played all the files perfectly.
The corrupted 130kbps file sounds all chopped up in Winamp as mentioned before and the 4:38 song is over in approximately 30 seconds, i.e tempo is way to fast. By converting this file to another 128kbps mp3 file the right tempo is back but still it sounds very badly.
I hope the above helps solving the problem with the files. I really hope for a solution that can bring them back without destroying the tags...
Attached Images
File Type: png yes bit rate 14072008.png (4.6 KB, 309 views)
bjarnihk is offline   Reply With Quote
Old 14th July 2008, 23:10   #43
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,821
You can use the AutoTag feature in Winamp to fix the tags after you've fixed the corrupted files with FS-MP3FIX.

As I've already said (in one of the three threads that cover this topic), the reason for why they play in WMP is because the virus/trojan installs some Flash Codec thing which makes them play. WMP uses DirectShow playback method, and the Flash Codec is a DirectShow Filter. The corrupted files will probably also play ok in Winamp if you remove MP3 from in_mp3 config extension list and add MP3 to in_dshow config (in: Winamp -> Prefs -> Plugins -> Input).
However, you'll have no id3 tag, autotag, replaygain, or transcoder support for mp3 then (because in_dshow doesn't support those features, whereas in_mp3 does).
DJ Egg is offline   Reply With Quote
Old 16th July 2008, 23:28   #44
bjarnihk
Junior Member
 
Join Date: Jul 2008
Posts: 4
Hello, I got to "fix" many of my files by RESTORING A BACKUP that I had totally forgotten about the others I will fix the way you suggested.
I just noticed your question since 0713 now... yes, the log file shows two "020 - winlogon notify" entries... the file is attached.
The tech support guy has not responded yet.
Attached Files
File Type: txt hijackthis 16072008.txt (26.9 KB, 333 views)
bjarnihk is offline   Reply With Quote
Old 16th July 2008, 23:34   #45
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,821
Yes, the virus is gone now.
Your latest log is clean (assuming those R1/R0 crawler.com entries are legit/ok?)
DJ Egg is offline   Reply With Quote
Old 18th July 2008, 14:34   #46
jasonong
Junior Member
 
Join Date: Jul 2008
Posts: 13
Send a message via Yahoo to jasonong
Hi.

I have question about FS-MP3Fix.. why is it that everytime I try to fix something (an mp3 file) not only that it fixed that mp3 BUT multiplied the file into like x30? whats wrong with this?
jasonong is offline   Reply With Quote
Old 23rd July 2008, 23:02   #47
dguest
Junior Member
 
Join Date: Jul 2008
Posts: 2
Experiencing similar problem...

I have a similar problem with mp3 occasionally playing back too fast. It appears to be more inconsistent/random than some other people's posts.

I've attached my hijacklog and would appreciate any advice you can give?

Thanks
dguest is offline   Reply With Quote
Old 23rd July 2008, 23:07   #48
dguest
Junior Member
 
Join Date: Jul 2008
Posts: 2
Whoops, here's the hijacklog attachment:
Attached Files
File Type: txt hijackthis.txt (12.9 KB, 582 views)
dguest is offline   Reply With Quote
Old 24th July 2008, 00:55   #49
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,821
@dguest
There's no evidence of any malware in your HJT log. The log is clean.
DJ Egg is offline   Reply With Quote
Old 24th July 2008, 03:09   #50
harimenon89
Member
 
Join Date: Apr 2008
Posts: 81
@all infected
Microsoft has confirmed this as their SEcurity vulnerability of their own proprietary file format .ASF
actually the malware/virus convert your .mp3's into .asf,but the trick is that it still shows.mp3 but actually its .asf infected one then when u play it with OUR GR8 WMP 11 ;-),the malware exploits the vulnerability in WMP and it tries to downloiad a codec which is actually not a codec but a virus. so download songs only from secured sites
Pardon me if i made any mistake.

Thank you

Hari
harimenon89 is offline   Reply With Quote
Old 24th July 2008, 13:25   #51
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,821
@harimenon89

Yup. That is correct.

http://hydrogenaudio.org/forums/inde...howtopic=64754
http://blog.trendmicro.com/infectiou...malware-style/
http://www.trustedsource.org/blog/13...ltimedia-files
DJ Egg is offline   Reply With Quote
Old 4th August 2008, 10:58   #52
Balun
Junior Member
 
Join Date: Aug 2008
Posts: 1
Another one..

Hello,

I suspect that I have the same trojan in my system, and would be very grateful if you could have a look.
/Robin
Attached Files
File Type: txt hijackthis.txt (10.2 KB, 572 views)
Balun is offline   Reply With Quote
Old 4th August 2008, 23:32   #53
roland007
Junior Member
 
Join Date: Aug 2008
Posts: 2
Been using Winamp for years...
Same problems listed above...attched my hijack file
roland007 is offline   Reply With Quote
Old 4th August 2008, 23:36   #54
roland007
Junior Member
 
Join Date: Aug 2008
Posts: 2
oops
Attached Files
File Type: txt hijack.txt (6.1 KB, 397 views)

Last edited by roland007; 5th August 2008 at 00:44.
roland007 is offline   Reply With Quote
Old 10th August 2008, 15:57   #55
robdog2004
Major Dude
 
robdog2004's Avatar
 
Join Date: Jan 2005
Location: South Carolina
Posts: 843
Send a message via AIM to robdog2004 Send a message via Yahoo to robdog2004
Trojan.Brisv.A!inf virus. norton antivirus
is just one of the names the virus goes by
if any one cares
now as far as the site its connecting to its a known virus site (spybot s&d puts the block in the host files) but the creator of the virus had renamed the site to circumvent the host file entry
it is easy to block the new site by using a host file editor or editing it down in safe mode (look for removing ads in winamp in the forums) but as far as saving your mp3s without getting the ridiculous duplication of files i'm lost untill someone had found a better way

thanks rob
(c)rob 2013 (picture & SN)

(please note) As users we can't give others help unless we get full details of the problem that you are having
robdog2004 is offline   Reply With Quote
Old 10th August 2008, 15:59   #56
robdog2004
Major Dude
 
robdog2004's Avatar
 
Join Date: Jan 2005
Location: South Carolina
Posts: 843
Send a message via AIM to robdog2004 Send a message via Yahoo to robdog2004
@roland
delete the entry
O20 - AppInit_DLLs: avgrsstx.dll
down in safe mode
along with the file that it associates

thanks rob
(c)rob 2013 (picture & SN)

(please note) As users we can't give others help unless we get full details of the problem that you are having
robdog2004 is offline   Reply With Quote
Old 10th August 2008, 16:28   #57
robdog2004
Major Dude
 
robdog2004's Avatar
 
Join Date: Jan 2005
Location: South Carolina
Posts: 843
Send a message via AIM to robdog2004 Send a message via Yahoo to robdog2004
Re: Another one..

Quote:
Originally posted by Balun
Hello,

I suspect that I have the same trojan in my system, and would be very grateful if you could have a look.
/Robin
your entry
O20 - Winlogon Notify: winhld32 - C:\WINDOWS\SYSTEM32\winhld32.dll
delete down in safe mode along with the file
now as far as this entry
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
couldn't tell you what to do

thanks rob
(c)rob 2013 (picture & SN)

(please note) As users we can't give others help unless we get full details of the problem that you are having
robdog2004 is offline   Reply With Quote
Old 10th August 2008, 16:47   #58
red84ed
Junior Member
 
Join Date: Aug 2008
Location: Ro
Posts: 1
Found it, killed it... problem solved

Thx guys! This forum really helped me!
I had the same problem: ALL my mp3s played strangely on winamp.
Actions taken:
Installed HijackThis and ran a test.
Found the problem (\system32\winuqw32.dll)
Restarted in safe mode.
Removed the problem.
Ran FS Mp3 Fix for all my mp3s...
And now i can enjoy them again!

PS. At first i thought it was a problem with winamp AND/OR some drivers i installed (SB Live sound card/Hauppauge TV tuner) and went on the web to find another mp3 player. Not only did i encounter the same problem, but none of the 12 different players i tried looked or felt like winamp.
Keep up the good work!

Ed, Romania.
red84ed is offline   Reply With Quote
Old 10th August 2008, 16:53   #59
robdog2004
Major Dude
 
robdog2004's Avatar
 
Join Date: Jan 2005
Location: South Carolina
Posts: 843
Send a message via AIM to robdog2004 Send a message via Yahoo to robdog2004
well what would help is that the creators of viruses (whoever they may be)would stop trying to compromise other peoples computers and find something more constructive to do with their free time
but until we live in a Walgreen's (tm and (c) to Walgreen) commercial, which will be a while, us mods and other contributors (not saying im a mod in this saying) will have to figure where the glitch/virus is and help others get rid of it

thanks rob
(c)rob 2013 (picture & SN)

(please note) As users we can't give others help unless we get full details of the problem that you are having
robdog2004 is offline   Reply With Quote
Old 10th August 2008, 16:57   #60
robdog2004
Major Dude
 
robdog2004's Avatar
 
Join Date: Jan 2005
Location: South Carolina
Posts: 843
Send a message via AIM to robdog2004 Send a message via Yahoo to robdog2004
@red make sure to get rid of the original infected music or the problem starts all over again

thanks rob
(c)rob 2013 (picture & SN)

(please note) As users we can't give others help unless we get full details of the problem that you are having
robdog2004 is offline   Reply With Quote
Old 11th August 2008, 15:30   #61
robdog2004
Major Dude
 
robdog2004's Avatar
 
Join Date: Jan 2005
Location: South Carolina
Posts: 843
Send a message via AIM to robdog2004 Send a message via Yahoo to robdog2004
don't know if this is part of the virtumonde virus but the tools that i have found work to get rid of the entries left by the the paticular virus specifically the bho and winlogon entries
the ones i have found are:
fvxmonde from symantec
virtumondobegone from business information solutions
vundofix from atribune.org

these will get rid of the entries but you have to use the programs down in safe mode
hope this helps a little
i would attach the files but i would have to use 3 messages to do so

thanks rob
(c)rob 2013 (picture & SN)

(please note) As users we can't give others help unless we get full details of the problem that you are having
robdog2004 is offline   Reply With Quote
Old 11th August 2008, 15:35   #62
robdog2004
Major Dude
 
robdog2004's Avatar
 
Join Date: Jan 2005
Location: South Carolina
Posts: 843
Send a message via AIM to robdog2004 Send a message via Yahoo to robdog2004
Re: Experiencing similar problem...

Quote:
Originally posted by dguest
I have a similar problem with mp3 occasionally playing back too fast. It appears to be more inconsistent/random than some other people's posts.

I've attached my hijacklog and would appreciate any advice you can give?

Thanks
your problem sounds more like a directshow glitch than a virus

thanks rob
(c)rob 2013 (picture & SN)

(please note) As users we can't give others help unless we get full details of the problem that you are having
robdog2004 is offline   Reply With Quote
Old 15th August 2008, 10:14   #63
PCgeek215
Junior Member
 
Join Date: Aug 2008
Posts: 1
I'm having the same problem as above.
I've tried VLC, iTunes and Winamp but i'm getting double the speed and jumpy sound.
Please see attached my HJT log file.

Please help this is driving me nuts....!!!!!
Attached Files
File Type: txt hijackthis.txt (12.3 KB, 438 views)
PCgeek215 is offline   Reply With Quote
Old 23rd August 2008, 15:18   #64
thestrangestick
Junior Member
 
Join Date: Aug 2008
Posts: 1
I am having the same problem, which is very distressing. Pretty much my whole music folder has been corrupted, and I'm fairly sure they've been converted to ASF as they do not show the normal info if you hover over them, and have no tags. However, Windows Media Player will not pla ythem, among other players, and no link is opened. Further to that, FS-MP3Fix will not fix them! Norton 360 reports a Trojan.Brisv.a!inf but handily tells me it cannot do anything about it which is great for a program you've paid for isn't it?

I will attatch my log here from HiJackthis but I'm fairly sure the problem is O20 uhyvaz.dll The reason I think it is this is because Firefox and internet explorer incessantly open pop-ups (most powered by Zedo) and when I looked at internet explorer plug-ins the same name uhvyaz pops up. I will disable it for now, but I am looking for a fix.

If that is the problem, how do I fix it, and also, should I complain to Norton, or is there no virus scanner capable of fixing this?

About my music, is there no other tool to fix it? The only place my music is backed up in, is on my iPhone, but I would have to use SSH to copy the music off, and all the music has the right tags but stupid file names like m3z45.mp3 or whatever.

Any help at all will be so gladly recieved, I want to fix this PC before my dad comes back from holiday, and stop the nonsense that has me almost crying over my lost music collection

Thanks
Attached Files
File Type: txt hijackthis.log.txt (14.8 KB, 503 views)
thestrangestick is offline   Reply With Quote
Old 24th August 2008, 02:48   #65
robdog2004
Major Dude
 
robdog2004's Avatar
 
Join Date: Jan 2005
Location: South Carolina
Posts: 843
Send a message via AIM to robdog2004 Send a message via Yahoo to robdog2004
to fix the 020 entry you have to delete it down in safe mode with no networking
as for your music if the copy on your iphone is safe you can backup the copies on your hard drive and do a autotag in winamp or itunes
if you use itunes do a consolidate and it will copy the files to the itunes music folder and will rename all the files

thanks rob
(c)rob 2013 (picture & SN)

(please note) As users we can't give others help unless we get full details of the problem that you are having
robdog2004 is offline   Reply With Quote
Old 25th August 2008, 10:11   #66
Blooms
Junior Member
 
Join Date: Aug 2008
Posts: 2
I suspect I have the same problem, could someone help?

I suppose that I have the same problem that have been discussed in this thread. I suppose this because mp3 files sound bizarre and get cut off in winamp, windows media player and on my ipod. I have attached a hijack this log, can someone take a look and let me know if i have this problem and what to do. Thanks.
Attached Files
File Type: rar hijackthis.rar (2.6 KB, 249 views)
Blooms is offline   Reply With Quote
Old 25th August 2008, 10:22   #67
Sawg
Forum King
 
Join Date: Jun 2000
Location: Phoenix, AZ
Posts: 7,456
Send a message via ICQ to Sawg Send a message via AIM to Sawg Send a message via Yahoo to Sawg
It may be too late for the corrupted MP3s. But do see some nasty in the HiJackThis long:

O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
[File missing is good, AVG might have got it, but it may have been too late t save your MP3s. Get rid of it]


O20 - AppInit_DLLs: avgrsstx.dll
[Appears to be AVG, though some sites question it. But seems clear you have AVG installed]

Questionable:
O8 - Extra context menu item: Ì�_¼Óµ½QQ±�_Çé - C:\Program Files\AddEmotion.htm
O4 - HKLM\..\Run: [switch] c:\windows\system32\±ÚÖ½×Ô¶¯»».exe
O2 - BHO: SrchHook Class - {F08555B0-9CC3-11D2-AA8E-000000000000} - C:\WINDOWS\system32\IEBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

| Brought to you by ^V ^C | The one... the original... no seriously!
Sawg is offline   Reply With Quote
Old 25th August 2008, 12:32   #68
Blooms
Junior Member
 
Join Date: Aug 2008
Posts: 2
Thanks for taking a look so quickly. I already deleted the first 2 files that you mentioned. What should I do about the questionable files?

Thanks.

Last edited by Blooms; 25th August 2008 at 13:53.
Blooms is offline   Reply With Quote
Old 29th August 2008, 23:23   #69
brody456
Senior Member
 
brody456's Avatar
 
Join Date: Aug 2008
Location: Vancuver BC Canada
Posts: 123
The one to use is www.trendmicro.com and run the free house call it removed virused addware spyware greyware and the the wares that kill your pc ps best buy charges you 60 bucks to run the same program for free hahaha
brody456 is offline   Reply With Quote
Old 9th September 2008, 06:33   #70
dignifieddevil
Junior Member
 
Join Date: Sep 2008
Posts: 3
problem

i have this problem too..

There's my plugin list and hijackthis log...

please!!!!!!!!!!!! have a look at it......

thank you....
Attached Files
File Type: rar hijackthis & my plugin list.rar (5.4 KB, 275 views)
dignifieddevil is offline   Reply With Quote
Old 10th September 2008, 16:42   #71
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,821
@dignifieddevil

I can't see any problems with your HijackThis log.
Have you maybe already removed the relevant bad entries before posting it?

If you did have the same virus as the other people in this thread, have you tried using FS-MP3Fix to fix the infected mp3 files yet, as referenced on the first page?
DJ Egg is offline   Reply With Quote
Old 10th September 2008, 17:47   #72
dignifieddevil
Junior Member
 
Join Date: Sep 2008
Posts: 3
how do i find dis fs-mp3 fix.... n why does dis thing only affect winamp and not the other players...
dignifieddevil is offline   Reply With Quote
Old 10th September 2008, 18:02   #73
dignifieddevil
Junior Member
 
Join Date: Sep 2008
Posts: 3
sry for troubling u mate but... i really miss using winamp....
dignifieddevil is offline   Reply With Quote
Old 24th October 2008, 15:48   #74
eszter
Junior Member
 
Join Date: Oct 2008
Posts: 3
hello everyone

I hope you won't kill me because I write to this old topic but...
I have been having this problem (mentioned in the first post) for a month now.
First I fixed my mp3s with the fs-mp3fix but after a week they got broken again.
I am stupid for computers so I hope if I attach my hjt log someone clever could help me and tell me what causes the problem.
thanks in advance
Attached Files
File Type: txt hijackthis2.txt (7.7 KB, 440 views)
eszter is offline   Reply With Quote
Old 24th October 2008, 18:36   #75
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,821
Any idea what this is? I haven't, heh.

O4 - HKLM\..\Run: [recinfo234] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [recinfo] RecInfo.exe

It doesn't sound too good...
http://www.prevx.com/filenames/X7591...CINFO.EXE.html
DJ Egg is offline   Reply With Quote
Old 24th October 2008, 21:45   #76
eszter
Junior Member
 
Join Date: Oct 2008
Posts: 3
well I think this must be an application which reminds me to create the recovery dvd for my fujitsu laptop.

this link is scary but I downloaded this prevx csi and it didn't find any suspicious files. I also uploaded this recinfo.exe and ran a scan on sites like virustotal and still nothing.
So I hope this recinfo won't do any harm but then what made my mp3s damaged?:S

anyway thanks for the quick response and for your help
eszter is offline   Reply With Quote
Old 24th October 2008, 21:54   #77
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,821
I couldn't see anything else suspicious in your log. Sorry.
DJ Egg is offline   Reply With Quote
Old 25th October 2008, 13:15   #78
eszter
Junior Member
 
Join Date: Oct 2008
Posts: 3
ok, thank you anyway!
I fixed yesterday the mp3s and now I hope the problem will not occur anymore.
eszter is offline   Reply With Quote
Old 9th November 2008, 23:05   #79
detestedlove311
Junior Member
 
Join Date: Nov 2008
Posts: 1
So, I've been having this same problem for a while now...And it only happens with artists that have a lot of songs for some reason. (So the ones that I've only kept a few songs work fine, but most of the artists with more than 10 songs don't work...and it's saddening...) Anyway, my hijackthis log is down there...Please help?
Attached Files
File Type: txt hijackthislog.txt (6.7 KB, 307 views)
detestedlove311 is offline   Reply With Quote
Old 27th April 2009, 15:10   #80
willsketch
Junior Member
 
Join Date: Apr 2009
Posts: 2
Similar/same problem. When I try and play certain files Winamp skips through them.

Any help would be greatly appreciated. Thank you for your time.
Attached Files
File Type: txt hijackthis.txt (16.1 KB, 360 views)
willsketch is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump