Click here to Skip to main content
Click here to Skip to main content

Anti virus for soundmix.exe

, 10 May 2009 CPOL
Rate this:
Please Sign up or sign in to vote.
A very simple way to remove the soundmix.exe virus from your computer.

Introduction

This is a very simple way to remove the Soundmix virus in three simple steps. When I find out I should pay $29.99 for an antivirus and that the antivirus won't fix the aftermath of the virus, I started thinking what I could do about it and I wrote this article from what I learned in the process.

Background

This virus targets USB removable flash. Whenever you plug a USB stick in, the virus creates an autorun.inf file and creates a folder name "RECYCLER", then copies itself in it and then hides them all. Every time you plug it in to another computer, it autorun executes the virus and infects the computer to make these files:

%System%\dllcache\zipexr.dll 
%System%\soundmix.exe 

This virus works in two life cycles: one is harmless and just infects other computers and makes a lot of harmful exe files with the icon of a folder, but it is fatal virus if you double click on it. It makes your computer reboot and every time your Windows logs in, it executes and causes a reboot. Terrible experience!

The soundmix.exe injects some code in the Windows shell system such that every time Windows wants to run an application, soundmix.exe interferes and does the process, so if you remove it, you will not be able to run any .exe file or application. You will need a tool to fix this issue. I found something on the internet, a COM application; I don't know what it does, but it works!

The third step is to remove the fatal virus that is spread through your computer with your directory names, so we have to search your hard disk for applications with the same size and delete them.

There is just one more thing that remains, and that is you will not be able to see hidden files; if anyone knows how to fix it, post a comment.

Using the code

What I did was write a very simple application in three simple steps:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Collections.ObjectModel;
using System.IO;

namespace WindowsFormsApplication1
{

    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void button1_Click(object sender, EventArgs e)
        {
            DirectoryInfo di = new DirectoryInfo(textBox1.Text);
            FileInfo [] fii = di.GetFiles();

            for (int i = 0; i < fii.Length; i++)
            {
                fii[i].Attributes = FileAttributes.Normal;
            }

            DirectoryInfo [] dii = di.GetDirectories();

            for (int i = 0; i < dii.Length; i++)
            {
                if (dii[i].Name == "RECYCLER")
                {
                    dii[i].Attributes = FileAttributes.Normal;
                    fii = dii[i].GetFiles();

                    for (int ii = 0; ii < fii.Length; ii++)
                    {
                        fii[ii].Attributes = FileAttributes.Normal;
                        fii[ii].Delete();
                    }
                    dii[i].Delete();
                }
            }
 
            System.Diagnostics.Process[] p = System.Diagnostics.Process.GetProcesses();

            for (int i = 0; i < p.Length; i++)
            {
                if (p[i].ProcessName == "soundmix")
                {
                    p[i].Kill();
                    p[i].WaitForExit();

                    System.IO.FileInfo fi = new 
                      System.IO.FileInfo(@"C:\WINDOWS\system32\soundmix.exe");
                    fi.Attributes = System.IO.FileAttributes.Normal;
                    fi.Delete();
                    fi = new System.IO.FileInfo(@"C:\WINDOWS\system32\dllcache\zipexr.dll");
                    fi.Attributes = System.IO.FileAttributes.Normal;
                    fi.Delete();
                    System.IO.File.Delete(@"C:\WINDOWS\system32\dllcache\zipexr.dll");
                    System.IO.File.Delete(@"C:\WINDOWS\system32\soundmix.exe");
                }
            }
            //System.IO.File.Delete(@"C:\WINDOWS\system32\dllcache\zipexr.dll");
        }

        private void process1_Exited(object sender, EventArgs e)
        {
        }

        private void button2_Click(object sender, EventArgs e)
        {
            // im not responsible for this .exe contend
            string s = Application.StartupPath + "\\exefix_xp.com";

            if (File.Exists(s))
                System.Diagnostics.Process.Start(s);
        }

        private void button3_Click(object sender, EventArgs e)
        {
            recursiveScan(new DirectoryInfo(@"D:\"));
        }

        public void recursiveScan(DirectoryInfo di)
        {
            DirectoryInfo [] dii = di.GetDirectories();
            for (int ii = 0; ii < dii.Length; ii++)
            {
                if (dii[ii].Name == "System Volume Information")
                    continue;

                FileInfo[] fi = dii[ii].GetFiles("*.exe", 
                                SearchOption.AllDirectories);

                long size = (long)numericUpDown1.Value;

                for (int i = 0; i < fi.Length; i++)
                {
                    if (fi[i].Length == size)
                    {
                        fi[i].Attributes = FileAttributes.Normal;
                        fi[i].Delete();
                    }
                }
            }
        }
    }
}

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Arash Javadi
Software Developer (Junior)
Iran (Islamic Republic Of) Iran (Islamic Republic Of)
he studied MCSD (C# based 2003) and MCDBA (2005) CWNA, CWNP at Sematech
IC Programming with 8051, AVR , IC desighn with FPGA and board desigh at Contronic Co

He also worked on Wireless Low level TCP/IP Programmable Module and video motion Detection algorithm
he is student of Industrial engineering in University of Payam e noor Tehran learning about PMBOK and management systems.
He has Certificate in Advanced English (CAE) and also he studied German language in ökf österreichisches Kulturforum

Comments and Discussions

 
GeneralMy vote of 3 PinmemberMazen el Senih29-Mar-13 6:47 
QuestionNeed something more about PEN Drive. Pinmemberkisukortechai30-Jun-10 0:51 
AnswerRe: Need something more about PEN Drive. PinmemberArash Javadi5-Oct-10 8:11 
Generalthanks PinmemberMember 148265311-Feb-10 12:22 
Generalplease write your comments in english PinmemberArash Javadi5-Oct-10 8:21 
Generalsolving the problem of seeing hidden files Pinmemberpezhman karimeh3-Jul-09 10:02 
Generalaltered windows shell Pinmemberphrixus12330-Jun-09 5:53 
GeneralRe: altered windows shell Pinmemberphrixus12330-Jun-09 5:56 
GeneralRe: altered windows shell PinmemberArash Javadi30-Jun-09 6:39 
GeneralDamet garm Arash.... PinmemberReuven2226-Jun-09 14:51 
GeneralRe: Damet garm Arash.... PinmemberArash Javadi6-Jun-09 21:14 
GeneralFetching hidden Files PinmemberAhsanS10-May-09 22:35 
GeneralRe: Fetching hidden Files PinmemberArash Javadi11-May-09 3:21 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web03 | 2.8.141220.1 | Last Updated 10 May 2009
Article Copyright 2009 by Arash Javadi
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid