nRiTeCh
Oracle
Two days back I heard a commentary and some person speaking on a radio kind of voice from my system. At that time I was surfing the net so thought that some flash plugin ad might be running on some page. And I was about to leave so closed all stuff and shutdown the system and dint bother about it.
But same sort of sound was heard yesterday as well when my pc was idle with no applications or audio players opened, no browsers and any downloads running. It was strange, weird and scary as well as wth hell was happening around!
I disabled the lan connection and the voice went off. Again re-enabled and this time all was ok. So there was some hidden net activity going on but I was not able to figure out what was that. Even my Eset didnt recognized any threat.
Today just some time ago, same shit happened again and this time too my pc was simply idle.
Now this was getting into my head and I decided to troubleshoot in Task manager.
After lot of looking and head scratching I zeroed down to "vmhost.exe".
It wasnt using much resources but it was weird as I dont have any vmware currently installed on my system.
So killed "vmhost.exe" and the sound went off.
Now I tried searching for the entry in registry followed by a deep search in but no trace in either ways.
Googled for the issue and found this thread:
vmhost.exe sounds off unexpectedly
A similar person facing exact same issue that too just yesterday. And no more cases on the net as of yet.
So this seems to be something new to watch out for.
I ran malwarebytes and found "vmhost.exe" in "C:\ProgramData\UpdateTask"
Further, malwarebytes entries revealed some infected stuff in Registry keys and all files in
"C:\Users\<username>\AppData\Roaming\UpdateServ\*.*"
Dont know what damage does this file causes but strange is, Eset and other antiviruses dint mark it infected upon manaul scanning and the same was reported in the above mentioned link/post.
-Lastly we can conclude this is some sort of voice based infection whose damage level is unknown.
-
But same sort of sound was heard yesterday as well when my pc was idle with no applications or audio players opened, no browsers and any downloads running. It was strange, weird and scary as well as wth hell was happening around!
I disabled the lan connection and the voice went off. Again re-enabled and this time all was ok. So there was some hidden net activity going on but I was not able to figure out what was that. Even my Eset didnt recognized any threat.
Today just some time ago, same shit happened again and this time too my pc was simply idle.
Now this was getting into my head and I decided to troubleshoot in Task manager.After lot of looking and head scratching I zeroed down to "vmhost.exe".
It wasnt using much resources but it was weird as I dont have any vmware currently installed on my system.
So killed "vmhost.exe" and the sound went off.
Now I tried searching for the entry in registry followed by a deep search in but no trace in either ways.
Googled for the issue and found this thread:
vmhost.exe sounds off unexpectedly
A similar person facing exact same issue that too just yesterday. And no more cases on the net as of yet.
So this seems to be something new to watch out for.
I ran malwarebytes and found "vmhost.exe" in "C:\ProgramData\UpdateTask"
Further, malwarebytes entries revealed some infected stuff in Registry keys and all files in
"C:\Users\<username>\AppData\Roaming\UpdateServ\*.*"
Dont know what damage does this file causes but strange is, Eset and other antiviruses dint mark it infected upon manaul scanning and the same was reported in the above mentioned link/post.
-Lastly we can conclude this is some sort of voice based infection whose damage level is unknown.
-**So guys watch out/ scan/ hunt and look for this file and the files/paths and registry keys mentioned in the pic. I have highlighted them accordingly.
....And if you hear any strange sound from your system, first check this method and then look elsewhere !! **
....And if you hear any strange sound from your system, first check this method and then look elsewhere !! **
Last edited:
