Click here to Skip to main content
15,867,568 members
Articles / Programming Languages / C#

Anti virus for soundmix.exe

Rate me:
Please Sign up or sign in to vote.
4.32/5 (11 votes)
10 May 2009CPOL2 min read 42.8K   706   16   14
A very simple way to remove the soundmix.exe virus from your computer.

Image 1

Introduction

This is a very simple way to remove the Soundmix virus in three simple steps. When I find out I should pay $29.99 for an antivirus and that the antivirus won't fix the aftermath of the virus, I started thinking what I could do about it and I wrote this article from what I learned in the process.

Background

This virus targets USB removable flash. Whenever you plug a USB stick in, the virus creates an autorun.inf file and creates a folder name "RECYCLER", then copies itself in it and then hides them all. Every time you plug it in to another computer, it autorun executes the virus and infects the computer to make these files:

%System%\dllcache\zipexr.dll 
%System%\soundmix.exe 

This virus works in two life cycles: one is harmless and just infects other computers and makes a lot of harmful exe files with the icon of a folder, but it is fatal virus if you double click on it. It makes your computer reboot and every time your Windows logs in, it executes and causes a reboot. Terrible experience!

The soundmix.exe injects some code in the Windows shell system such that every time Windows wants to run an application, soundmix.exe interferes and does the process, so if you remove it, you will not be able to run any .exe file or application. You will need a tool to fix this issue. I found something on the internet, a COM application; I don't know what it does, but it works!

The third step is to remove the fatal virus that is spread through your computer with your directory names, so we have to search your hard disk for applications with the same size and delete them.

There is just one more thing that remains, and that is you will not be able to see hidden files; if anyone knows how to fix it, post a comment.

Using the code

What I did was write a very simple application in three simple steps:

C#
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Collections.ObjectModel;
using System.IO;

namespace WindowsFormsApplication1
{

    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void button1_Click(object sender, EventArgs e)
        {
            DirectoryInfo di = new DirectoryInfo(textBox1.Text);
            FileInfo [] fii = di.GetFiles();

            for (int i = 0; i < fii.Length; i++)
            {
                fii[i].Attributes = FileAttributes.Normal;
            }

            DirectoryInfo [] dii = di.GetDirectories();

            for (int i = 0; i < dii.Length; i++)
            {
                if (dii[i].Name == "RECYCLER")
                {
                    dii[i].Attributes = FileAttributes.Normal;
                    fii = dii[i].GetFiles();

                    for (int ii = 0; ii < fii.Length; ii++)
                    {
                        fii[ii].Attributes = FileAttributes.Normal;
                        fii[ii].Delete();
                    }
                    dii[i].Delete();
                }
            }
 
            System.Diagnostics.Process[] p = System.Diagnostics.Process.GetProcesses();

            for (int i = 0; i < p.Length; i++)
            {
                if (p[i].ProcessName == "soundmix")
                {
                    p[i].Kill();
                    p[i].WaitForExit();

                    System.IO.FileInfo fi = new 
                      System.IO.FileInfo(@"C:\WINDOWS\system32\soundmix.exe");
                    fi.Attributes = System.IO.FileAttributes.Normal;
                    fi.Delete();
                    fi = new System.IO.FileInfo(@"C:\WINDOWS\system32\dllcache\zipexr.dll");
                    fi.Attributes = System.IO.FileAttributes.Normal;
                    fi.Delete();
                    System.IO.File.Delete(@"C:\WINDOWS\system32\dllcache\zipexr.dll");
                    System.IO.File.Delete(@"C:\WINDOWS\system32\soundmix.exe");
                }
            }
            //System.IO.File.Delete(@"C:\WINDOWS\system32\dllcache\zipexr.dll");
        }

        private void process1_Exited(object sender, EventArgs e)
        {
        }

        private void button2_Click(object sender, EventArgs e)
        {
            // im not responsible for this .exe contend
            string s = Application.StartupPath + "\\exefix_xp.com";

            if (File.Exists(s))
                System.Diagnostics.Process.Start(s);
        }

        private void button3_Click(object sender, EventArgs e)
        {
            recursiveScan(new DirectoryInfo(@"D:\"));
        }

        public void recursiveScan(DirectoryInfo di)
        {
            DirectoryInfo [] dii = di.GetDirectories();
            for (int ii = 0; ii < dii.Length; ii++)
            {
                if (dii[ii].Name == "System Volume Information")
                    continue;

                FileInfo[] fi = dii[ii].GetFiles("*.exe", 
                                SearchOption.AllDirectories);

                long size = (long)numericUpDown1.Value;

                for (int i = 0; i < fi.Length; i++)
                {
                    if (fi[i].Length == size)
                    {
                        fi[i].Attributes = FileAttributes.Normal;
                        fi[i].Delete();
                    }
                }
            }
        }
    }
}

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Software Developer (Junior)
Iran (Islamic Republic of) Iran (Islamic Republic of)
he studied MCSD (C# based 2003) and MCDBA (2005) CWNA, CWNP at Sematech
IC Programming with 8051, AVR , IC desighn with FPGA and board desigh at Contronic Co

He also worked on Wireless Low level TCP/IP Programmable Module and video motion Detection algorithm
he is student of Industrial engineering in University of Payam e noor Tehran learning about PMBOK and management systems.
He has Certificate in Advanced English (CAE) and also he studied German language in ökf österreichisches Kulturforum

Comments and Discussions

 
GeneralMy vote of 3 Pin
Mazen el Senih29-Mar-13 5:47
professionalMazen el Senih29-Mar-13 5:47 
QuestionNeed something more about PEN Drive. Pin
Аslam Iqbal29-Jun-10 23:51
professionalАslam Iqbal29-Jun-10 23:51 
I'm trying to do something like you did.
Killing only one virus is not enough.
you can detect when a removable Device is inserted or removed and then find autorun.inf and all possible risky application(.exe,.com,.bat,.cmd files) and make a function to detect them to find are they virus or not(I've already done it). But all I need to parse the autorun.inf file. there is no exact solution i found.
If you have interest to sharing code then Jajakallah.
AnswerRe: Need something more about PEN Drive. Pin
Arash Javadi5-Oct-10 7:11
Arash Javadi5-Oct-10 7:11 
Generalthanks Pin
Member 148265311-Feb-10 11:22
Member 148265311-Feb-10 11:22 
Generalplease write your comments in english Pin
Arash Javadi5-Oct-10 7:21
Arash Javadi5-Oct-10 7:21 
Generalsolving the problem of seeing hidden files Pin
pezhman karimeh3-Jul-09 9:02
pezhman karimeh3-Jul-09 9:02 
Generalaltered windows shell Pin
phrixus12330-Jun-09 4:53
phrixus12330-Jun-09 4:53 
GeneralRe: altered windows shell Pin
phrixus12330-Jun-09 4:56
phrixus12330-Jun-09 4:56 
GeneralRe: altered windows shell Pin
Arash Javadi30-Jun-09 5:39
Arash Javadi30-Jun-09 5:39 
GeneralDamet garm Arash.... Pin
Reuven2226-Jun-09 13:51
Reuven2226-Jun-09 13:51 
GeneralRe: Damet garm Arash.... Pin
Arash Javadi6-Jun-09 20:14
Arash Javadi6-Jun-09 20:14 
GeneralFetching hidden Files Pin
AhsanS10-May-09 21:35
AhsanS10-May-09 21:35 
GeneralRe: Fetching hidden Files Pin
Arash Javadi11-May-09 2:21
Arash Javadi11-May-09 2:21 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.