Vista rootkit issue - all legit. software

  • Thread starter Thread starter Bob
  • Start date Start date
B

Bob

Guest
Hi

I have Windows Vista Home Premium pre-installed on my new HP laptop.

Every time I go to open a folder that has audio, ripped from a CD, in .wav
format, my hard-drive goes overtime, running almost 100% constantly. System
responsiveness to a single-click is about 30 to 60 seconds. This is the
definite trigger, (the folder).

I have Norton Internet Security 2007, not my first choice of av software
installed, and I also run Windows Defender. I update regularly and run IE
with very tight security settings.

I recently purchased and installed Ashampoo Burning Studio 7, as my burning
needs are for simple document backups.

I ripped my first audio CD since I purchased today and that's when my
problems began.

I have stopped and permanently disabled the Windows Search Index service to
prevent further hard-drive activity.

I do own Sony Sound Forge Audio Studio 9.

Nothing on this laptop has been an issue since today and ripping that audio
CD into .wav. By the way, when I rip a CD, Ashampoo connects to the Internet
to collect the music CD's track and album details.

I have tried a couple of free rootkit detection app's but nothing yet. NIS
2007 is supposed to detect them...

I don't need to rip CD's normally or in future but I do want to know if I
have a rootkit and/or DRM issue on this laptop.

Wadda ya think?

Many thanks

Bob
 
Re: Vista rootkit issue - all legit. software

Thanks Mr Arnold

I have used some of that software and have found no 'rogue' processes.

I have deleted the music folder that has caused the problem. This appears to
be some kind of digital rights management issue.

To check if the burning application I used is the culprit, I'm going to try
and extract music using another program.

Thanks again.

Bob


"Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
news:ObYzaGiBIHA.4160@TK2MSFTNGP06.phx.gbl...
>
> "Bob" <bob@here.com.nope> wrote in message
> news:13g79ajr46ph120@corp.supernews.com...
>> Hi
>>
>> I have Windows Vista Home Premium pre-installed on my new HP laptop.
>>
>> Every time I go to open a folder that has audio, ripped from a CD, in
>> .wav format, my hard-drive goes overtime, running almost 100% constantly.
>> System responsiveness to a single-click is about 30 to 60 seconds. This
>> is the definite trigger, (the folder).
>>
>> I have Norton Internet Security 2007, not my first choice of av software
>> installed, and I also run Windows Defender. I update regularly and run IE
>> with very tight security settings.
>>
>> I recently purchased and installed Ashampoo Burning Studio 7, as my
>> burning needs are for simple document backups.
>>
>> I ripped my first audio CD since I purchased today and that's when my
>> problems began.
>>
>> I have stopped and permanently disabled the Windows Search Index service
>> to prevent further hard-drive activity.
>>
>> I do own Sony Sound Forge Audio Studio 9.
>>
>> Nothing on this laptop has been an issue since today and ripping that
>> audio CD into .wav. By the way, when I rip a CD, Ashampoo connects to the
>> Internet to collect the music CD's track and album details.
>>
>> I have tried a couple of free rootkit detection app's but nothing yet.
>> NIS 2007 is supposed to detect them...
>>
>> I don't need to rip CD's normally or in future but I do want to know if I
>> have a rootkit and/or DRM issue on this laptop.
>>
>> Wadda ya think?
>>
>> Many thanks

>
> <http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html>
> <http://www.pcworld.com/downloads/file/fid,23780-order,1-page,1/description.html>
> <http://www.microsoft.com/technet/sysinternals/default.mspx>
>
> ActivePorts doesn't work on Vista, but CurrPort does.
>
> <http://www.nirsoft.net/>
>
> Also use Google to find information on how to use Process Explorer.
>
>
>
 
Re: Vista rootkit issue - all legit. software - found the problem - the burning app I was using...

Re: Vista rootkit issue - all legit. software - found the problem - the burning app I was using...

My CD burning application appears to be the culprit.

I managed to extract audio from the same CD, using another application and I
can access those .wav files and the folder they're contained in just fine.

My conclusion at this point therefore is that Ashampoo Burning Studio 7.1
contains some form of digital rights management protection that is used when
extracting audio from CD's, or it activates some form of digital rights
management protection in Vista.

I'm not sure if I should keep using the software, as it may lead to other
vulnerabilites later. At this point I do plan to keep using it though.

Bob

"Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
news:ObYzaGiBIHA.4160@TK2MSFTNGP06.phx.gbl...
>
> "Bob" <bob@here.com.nope> wrote in message
> news:13g79ajr46ph120@corp.supernews.com...
>> Hi
>>
>> I have Windows Vista Home Premium pre-installed on my new HP laptop.
>>
>> Every time I go to open a folder that has audio, ripped from a CD, in
>> .wav format, my hard-drive goes overtime, running almost 100% constantly.
>> System responsiveness to a single-click is about 30 to 60 seconds. This
>> is the definite trigger, (the folder).
>>
>> I have Norton Internet Security 2007, not my first choice of av software
>> installed, and I also run Windows Defender. I update regularly and run IE
>> with very tight security settings.
>>
>> I recently purchased and installed Ashampoo Burning Studio 7, as my
>> burning needs are for simple document backups.
>>
>> I ripped my first audio CD since I purchased today and that's when my
>> problems began.
>>
>> I have stopped and permanently disabled the Windows Search Index service
>> to prevent further hard-drive activity.
>>
>> I do own Sony Sound Forge Audio Studio 9.
>>
>> Nothing on this laptop has been an issue since today and ripping that
>> audio CD into .wav. By the way, when I rip a CD, Ashampoo connects to the
>> Internet to collect the music CD's track and album details.
>>
>> I have tried a couple of free rootkit detection app's but nothing yet.
>> NIS 2007 is supposed to detect them...
>>
>> I don't need to rip CD's normally or in future but I do want to know if I
>> have a rootkit and/or DRM issue on this laptop.
>>
>> Wadda ya think?
>>
>> Many thanks

>
> <http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html>
> <http://www.pcworld.com/downloads/file/fid,23780-order,1-page,1/description.html>
> <http://www.microsoft.com/technet/sysinternals/default.mspx>
>
> ActivePorts doesn't work on Vista, but CurrPort does.
>
> <http://www.nirsoft.net/>
>
> Also use Google to find information on how to use Process Explorer.
>
>
>
 
Re: Vista rootkit issue - all legit. software


"Bob" <bob@here.com.nope> wrote in message
news:13g79ajr46ph120@corp.supernews.com...
> Hi
>
> I have Windows Vista Home Premium pre-installed on my new HP laptop.
>
> Every time I go to open a folder that has audio, ripped from a CD, in .wav
> format, my hard-drive goes overtime, running almost 100% constantly.
> System responsiveness to a single-click is about 30 to 60 seconds. This is
> the definite trigger, (the folder).
>
> I have Norton Internet Security 2007, not my first choice of av software
> installed, and I also run Windows Defender. I update regularly and run IE
> with very tight security settings.
>
> I recently purchased and installed Ashampoo Burning Studio 7, as my
> burning needs are for simple document backups.
>
> I ripped my first audio CD since I purchased today and that's when my
> problems began.
>
> I have stopped and permanently disabled the Windows Search Index service
> to prevent further hard-drive activity.
>
> I do own Sony Sound Forge Audio Studio 9.
>
> Nothing on this laptop has been an issue since today and ripping that
> audio CD into .wav. By the way, when I rip a CD, Ashampoo connects to the
> Internet to collect the music CD's track and album details.
>
> I have tried a couple of free rootkit detection app's but nothing yet. NIS
> 2007 is supposed to detect them...
>
> I don't need to rip CD's normally or in future but I do want to know if I
> have a rootkit and/or DRM issue on this laptop.
>
> Wadda ya think?
>
> Many thanks


<http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html>
<http://www.pcworld.com/downloads/file/fid,23780-order,1-page,1/description.html>
<http://www.microsoft.com/technet/sysinternals/default.mspx>

ActivePorts doesn't work on Vista, but CurrPort does.

<http://www.nirsoft.net/>

Also use Google to find information on how to use Process Explorer.
 
Re: Vista rootkit issue - all legit. software - found the problem - the burning app I was using...

Re: Vista rootkit issue - all legit. software - found the problem - the burning app I was using...

I could be wrong, but absolutely nothing about your symptoms suggest to me
this is related to DRM. Instead it sounds like a regular bug somewhere. When
you hit this 100% activity on your system, can you use Task Manager on the
'Process' tab to see which process on your system is using 100% CPU?


"Bob" <bob@here.com.nope> wrote in message
news:13g8gbhj3dkrcc5@corp.supernews.com...
> My CD burning application appears to be the culprit.
>
> I managed to extract audio from the same CD, using another application and
> I can access those .wav files and the folder they're contained in just
> fine.
>
> My conclusion at this point therefore is that Ashampoo Burning Studio 7.1
> contains some form of digital rights management protection that is used
> when extracting audio from CD's, or it activates some form of digital
> rights management protection in Vista.
>
> I'm not sure if I should keep using the software, as it may lead to other
> vulnerabilites later. At this point I do plan to keep using it though.
>
> Bob
>
> "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
> news:ObYzaGiBIHA.4160@TK2MSFTNGP06.phx.gbl...
>>
>> "Bob" <bob@here.com.nope> wrote in message
>> news:13g79ajr46ph120@corp.supernews.com...
>>> Hi
>>>
>>> I have Windows Vista Home Premium pre-installed on my new HP laptop.
>>>
>>> Every time I go to open a folder that has audio, ripped from a CD, in
>>> .wav format, my hard-drive goes overtime, running almost 100%
>>> constantly. System responsiveness to a single-click is about 30 to 60
>>> seconds. This is the definite trigger, (the folder).
>>>
>>> I have Norton Internet Security 2007, not my first choice of av software
>>> installed, and I also run Windows Defender. I update regularly and run
>>> IE with very tight security settings.
>>>
>>> I recently purchased and installed Ashampoo Burning Studio 7, as my
>>> burning needs are for simple document backups.
>>>
>>> I ripped my first audio CD since I purchased today and that's when my
>>> problems began.
>>>
>>> I have stopped and permanently disabled the Windows Search Index service
>>> to prevent further hard-drive activity.
>>>
>>> I do own Sony Sound Forge Audio Studio 9.
>>>
>>> Nothing on this laptop has been an issue since today and ripping that
>>> audio CD into .wav. By the way, when I rip a CD, Ashampoo connects to
>>> the Internet to collect the music CD's track and album details.
>>>
>>> I have tried a couple of free rootkit detection app's but nothing yet.
>>> NIS 2007 is supposed to detect them...
>>>
>>> I don't need to rip CD's normally or in future but I do want to know if
>>> I have a rootkit and/or DRM issue on this laptop.
>>>
>>> Wadda ya think?
>>>
>>> Many thanks

>>
>> <http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html>
>> <http://www.pcworld.com/downloads/file/fid,23780-order,1-page,1/description.html>
>> <http://www.microsoft.com/technet/sysinternals/default.mspx>
>>
>> ActivePorts doesn't work on Vista, but CurrPort does.
>>
>> <http://www.nirsoft.net/>
>>
>> Also use Google to find information on how to use Process Explorer.
>>
>>
>>

>
 
Re: Vista rootkit issue - all legit. software - found the problem - the burning app I was using...

Re: Vista rootkit issue - all legit. software - found the problem - the burning app I was using...

Careful - 100% drive activity does not necessarily correlate to 100% CPU
usage.

Try the Performance and Reliability Monitor.

Alun.
~~~~

"Dave Wood [MS]" <davewood@online.microsoft.com> wrote in message
news:efXD4jsBIHA.1212@TK2MSFTNGP05.phx.gbl...
>I could be wrong, but absolutely nothing about your symptoms suggest to me
>this is related to DRM. Instead it sounds like a regular bug somewhere.
>When you hit this 100% activity on your system, can you use Task Manager on
>the 'Process' tab to see which process on your system is using 100% CPU?
>
>
> "Bob" <bob@here.com.nope> wrote in message
> news:13g8gbhj3dkrcc5@corp.supernews.com...
>> My CD burning application appears to be the culprit.
>>
>> I managed to extract audio from the same CD, using another application
>> and I can access those .wav files and the folder they're contained in
>> just fine.
>>
>> My conclusion at this point therefore is that Ashampoo Burning Studio 7.1
>> contains some form of digital rights management protection that is used
>> when extracting audio from CD's, or it activates some form of digital
>> rights management protection in Vista.
>>
>> I'm not sure if I should keep using the software, as it may lead to other
>> vulnerabilites later. At this point I do plan to keep using it though.
>>
>> Bob
>>
>> "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
>> news:ObYzaGiBIHA.4160@TK2MSFTNGP06.phx.gbl...
>>>
>>> "Bob" <bob@here.com.nope> wrote in message
>>> news:13g79ajr46ph120@corp.supernews.com...
>>>> Hi
>>>>
>>>> I have Windows Vista Home Premium pre-installed on my new HP laptop.
>>>>
>>>> Every time I go to open a folder that has audio, ripped from a CD, in
>>>> .wav format, my hard-drive goes overtime, running almost 100%
>>>> constantly. System responsiveness to a single-click is about 30 to 60
>>>> seconds. This is the definite trigger, (the folder).
>>>>
>>>> I have Norton Internet Security 2007, not my first choice of av
>>>> software installed, and I also run Windows Defender. I update regularly
>>>> and run IE with very tight security settings.
>>>>
>>>> I recently purchased and installed Ashampoo Burning Studio 7, as my
>>>> burning needs are for simple document backups.
>>>>
>>>> I ripped my first audio CD since I purchased today and that's when my
>>>> problems began.
>>>>
>>>> I have stopped and permanently disabled the Windows Search Index
>>>> service to prevent further hard-drive activity.
>>>>
>>>> I do own Sony Sound Forge Audio Studio 9.
>>>>
>>>> Nothing on this laptop has been an issue since today and ripping that
>>>> audio CD into .wav. By the way, when I rip a CD, Ashampoo connects to
>>>> the Internet to collect the music CD's track and album details.
>>>>
>>>> I have tried a couple of free rootkit detection app's but nothing yet.
>>>> NIS 2007 is supposed to detect them...
>>>>
>>>> I don't need to rip CD's normally or in future but I do want to know if
>>>> I have a rootkit and/or DRM issue on this laptop.
>>>>
>>>> Wadda ya think?
>>>>
>>>> Many thanks
>>>
>>> <http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html>
>>> <http://www.pcworld.com/downloads/file/fid,23780-order,1-page,1/description.html>
>>> <http://www.microsoft.com/technet/sysinternals/default.mspx>
>>>
>>> ActivePorts doesn't work on Vista, but CurrPort does.
>>>
>>> <http://www.nirsoft.net/>
>>>
>>> Also use Google to find information on how to use Process Explorer.
>>>
>>>
>>>

>>

>
 
Re: Vista rootkit issue - all legit. software - found the problem - the burning app I was using...

Re: Vista rootkit issue - all legit. software - found the problem - the burning app I was using...

I believe svchost was accessing the drive when I struggled at the time to
get access to the the perf. and reliability monitor.

I was mostly concerned about a rootkit or something affecting my PC. I don't
appear to have a rootkit on the PC.

It only happens when I extract audio from a copied CD with that particular
app.

Thanks for the replies guys


"Alun Jones" <alun@texis.invalid> wrote in message
news:%23F$QuQtBIHA.1208@TK2MSFTNGP05.phx.gbl...
> Careful - 100% drive activity does not necessarily correlate to 100% CPU
> usage.
>
> Try the Performance and Reliability Monitor.
>
> Alun.
> ~~~~
>
> "Dave Wood [MS]" <davewood@online.microsoft.com> wrote in message
> news:efXD4jsBIHA.1212@TK2MSFTNGP05.phx.gbl...
>>I could be wrong, but absolutely nothing about your symptoms suggest to me
>>this is related to DRM. Instead it sounds like a regular bug somewhere.
>>When you hit this 100% activity on your system, can you use Task Manager
>>on the 'Process' tab to see which process on your system is using 100%
>>CPU?
>>
>>
>> "Bob" <bob@here.com.nope> wrote in message
>> news:13g8gbhj3dkrcc5@corp.supernews.com...
>>> My CD burning application appears to be the culprit.
>>>
>>> I managed to extract audio from the same CD, using another application
>>> and I can access those .wav files and the folder they're contained in
>>> just fine.
>>>
>>> My conclusion at this point therefore is that Ashampoo Burning Studio
>>> 7.1 contains some form of digital rights management protection that is
>>> used when extracting audio from CD's, or it activates some form of
>>> digital rights management protection in Vista.
>>>
>>> I'm not sure if I should keep using the software, as it may lead to
>>> other vulnerabilites later. At this point I do plan to keep using it
>>> though.
>>>
>>> Bob
>>>
>>> "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
>>> news:ObYzaGiBIHA.4160@TK2MSFTNGP06.phx.gbl...
>>>>
>>>> "Bob" <bob@here.com.nope> wrote in message
>>>> news:13g79ajr46ph120@corp.supernews.com...
>>>>> Hi
>>>>>
>>>>> I have Windows Vista Home Premium pre-installed on my new HP laptop.
>>>>>
>>>>> Every time I go to open a folder that has audio, ripped from a CD, in
>>>>> .wav format, my hard-drive goes overtime, running almost 100%
>>>>> constantly. System responsiveness to a single-click is about 30 to 60
>>>>> seconds. This is the definite trigger, (the folder).
>>>>>
>>>>> I have Norton Internet Security 2007, not my first choice of av
>>>>> software installed, and I also run Windows Defender. I update
>>>>> regularly and run IE with very tight security settings.
>>>>>
>>>>> I recently purchased and installed Ashampoo Burning Studio 7, as my
>>>>> burning needs are for simple document backups.
>>>>>
>>>>> I ripped my first audio CD since I purchased today and that's when my
>>>>> problems began.
>>>>>
>>>>> I have stopped and permanently disabled the Windows Search Index
>>>>> service to prevent further hard-drive activity.
>>>>>
>>>>> I do own Sony Sound Forge Audio Studio 9.
>>>>>
>>>>> Nothing on this laptop has been an issue since today and ripping that
>>>>> audio CD into .wav. By the way, when I rip a CD, Ashampoo connects to
>>>>> the Internet to collect the music CD's track and album details.
>>>>>
>>>>> I have tried a couple of free rootkit detection app's but nothing yet.
>>>>> NIS 2007 is supposed to detect them...
>>>>>
>>>>> I don't need to rip CD's normally or in future but I do want to know
>>>>> if I have a rootkit and/or DRM issue on this laptop.
>>>>>
>>>>> Wadda ya think?
>>>>>
>>>>> Many thanks
>>>>
>>>> <http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html>
>>>> <http://www.pcworld.com/downloads/file/fid,23780-order,1-page,1/description.html>
>>>> <http://www.microsoft.com/technet/sysinternals/default.mspx>
>>>>
>>>> ActivePorts doesn't work on Vista, but CurrPort does.
>>>>
>>>> <http://www.nirsoft.net/>
>>>>
>>>> Also use Google to find information on how to use Process Explorer.
>>>>
>>>>
>>>>
>>>

>>

>
>
 
Back
Top