Today we received what has to be one of the most unusual service requests ever in our 25 year history in the computer business. A client called to report that their computer was praying. Actually they said it was reciting The Lords Prayer. When I arrived on site, sure enough, after hearing heavy breathing coming out of the computer speakers, a voice did start to recite the prayer over and over for a couple of minutes. Another user standing nearby reported hearing a gun shot as the praying stopped.
I ran several of our anti-malware programs and discovered 3 Trojans embedded in the system and removed them. After a re-boot the praying stopped.
It was obviously some sort of WAV file playing but the $64,000 question is how did it get on this business PC? A search of various support blogs turned up previous references to this behavior but the causes listed varied from a extraneous audio file left over from a game, to malware and also to paranormal activity. It stopped after I removed the malware so I'm going with answer #2 for now but if they call again with a recurrance of the problem, I'm bringing holy water and a priest on the next service call.
Jeff, my family member is having the same problem with this malware. If you could post the removal instructions I would really appreciate it. This malware seems to be avoiding my virus scanner on a linux based operating system that runs externally from a flash drive. If you have any tools that you recommend, please let me know! Also, this malware seems to have a Trojan/Worm property to it, seeing as to how it was transferred via email.
ReplyDeleteFirst, re-boot your computer in SAFE Mode. You do this by pressing F8 as soon the black screen displays BEFORE the Windows splash screen appears. Once there, use the arrow keys to highlight Safe Mode with Networking.
ReplyDeleteNow open your browser and download TDSSKiller.exe from Kaspersky Lab or get it from Download.com or BleepingComputer.com. It's tiny, and takes just a minute to run. It hunts down and kills a specific family of rootkits.
Regardless of the results, download the free version of Malwarebytes’ Anti-Malware (while still in SAFE Mode). Install it and get updates, then run a full scan:
http://www.filehippo.com/download_malwar…
When you're done, remove both programs and re-boot your PC in regular mode. That should remove the malware.