Music computers and viruses

For those of you who make music on your computer there is often a conflict with anti-virus software and the running of music DAW's such as Cubase or Ableton Live etc.

Realtime shields and suchlike that anti-virus and anti-spyware software uses can seriously affect the smooth running of audio, causing glitches, drop-outs and even cause the system to hang or crash. Norton Anti-virus has always been famous for this (and many other system problems) and unfortunately my long time favourite, AVG, with Version 8, has now become as far as I am concerned, unusable, messing up my machines performance in general and preventing many of my music projects from running properly.

Many people run dedicated music computers without anti-virus software for this very reason, not connecting them to the internet to avoid contact with viruses.

A friend has a small project studio that I sometimes use, it has a nice, very fast and quiet quad-core computer. various people make use of this and, like myself, generally carry their projects on a portable hard drive or USB flash drive.

Just recently a box kept on appearing saying no internet connection was available and asking whether to work offline. This is a standard internet Explorer prompt so obviously something was trying to access the internet in the background.

Now, as it happens, I had just upgraded ClamWin Portable anti-virus on my USB drive, so I duly plugged into the machine in question, only to discovered that I still had to download the virus database for it to work. I then unplugged it and popped it into a laptop that was online. Immediately the anti-virus software detected a virus!

Somebody had plugged a drive into the system containing a particularly vigorous nasty file: .MFC32DLL.dll.vbs

As soon as a drive is connected this file installs a copy of itself to the root of every partition it finds. It uses a program built in to windows called winscript (the .vbs extension stands for Visual Basic Script, which is a commonly used programming system). Note the period (.) at the beginning, this prevents it from being found in Windows Explorer or any other file manager, although the windows find function can display it.

Anti-virus programs will delete or quarantine the file but it just reappears again and the same happens if you manually delete it. This is because a script is running in the background and because it is a legit Windows program the anti-virus software can't detect it!

I regularly use a program called 'Process Explorer' when troubleshooting, it was thanks to this that I noticed several instances of Winscript running, nicely colour-coded I had never noticed it before any other time I've used the program. Using the 'Kill Process' button I promptly killed off all instances and then deleted .MFC32DLL.dll.vbs from each partition (and my flash drive). Viola! infection gone!

The process can also be found and stopped by calling up the windows task manager (Cntrl+Alt+Delete), select the Processes tab, highlight any instances of winscript and click on the 'end process' button. Then either run a scan with your anti-virus program, or do a file search for .MFC32DLL.dll.vbs and delete them.

Since then I've started to use a free anti-virus program called Avira AntiVir Personal. It doesn't seem to be too invasive and importantly, (unlike the current version of AVG), it is easy to switch off the realtime shield. This means that it can generally be left on to prevent and alert to viruses, but be switched off in a session if it impacts on performance.