I am having a problem with autorun.inf. basically when window starts (after entering my password) CIS alerts me to l:/autorun.inf (I have no L drive) as a virus. then it alerts me to malware, i chose clean pc and it tells me the computer needs restart for the clean up to be be completed. I have tracked the autorun file to
[autorun]
action=BitLocker To Go Reader
icon=BitLockerToGo.exe,-1
ShellExecute=BitLockerToGo.exe
UseAutoPlay=1
now I looked up bitlocker and it seems its a window system file for password protection. I tried to delete it and I was told I had to be a Trusted Installer in order to delete it even though the account I am using has full administrator privialeges.
Smells fishy to me.
Oh and malwarebytes has just finished running a scan and found 158 infections (this is a new computer I only just put it together on wednesday.
and the funny thing is they are all found in the internet explorer folder except one infection called hijack.CMDprompt which is in the registry.
as your pc is new built, its the right time to make a clean reinstall of the operating system, and to think about “how could it be possible to get (so unbelieveable much) infected in so few days?”.
something you are doing definitely wrong.
check your external drives, usb sticks ect… somewhere must be the spot.
dont think your pc is clean, just because of any antivirusprogram “doesnt find anything else”.
I think I know where the infections have come from.I used my portable harddrive to transfer files from my old computer and I think the portable harddrive got infected when I plugged it in at the internet cafe. I really don’t want to re-install windows as I have transferred all 100 gigs of music and installed all the programs I need on the computer already.
I did partition the harddrive and put my file in a seperate partition from windows, so would my files be ok.
im not sure but i think that if u have all your files in a separate partition u might be safe during the format because all your doing is formatting the partition. im not sure
Ok I have run a scan with super anti spyware, asquared and antimalwarebytes in safe mode.
SAS scan was clear.
Asquared showed g:/autorun.inf, and a recycler in the same drive g. they were locked so I unlocked them using file assassin and manually deleted them.
Antimalware scan was clear.
I re-ran SAS and AMB in normal mode.
SAS was clear
AMB showed 146 infections all in the internet explorer folder. (the same internet explorer I uninstalled). The IE folder is locked. File assassin doesn’t work on folders only individual files and unlocker is not showing the up on the right click menu. So I cannot delete IE
I have attached the most recent Hijackthis log file and the most recent antimalwarebytes log file.
Also I ran a scan on just the IE folder with Asquared which came back negative which was to be expected as it didn’t scan a single file, probably was blocked from doing so.
Now I added IE to my blocked files in defense plus a couple of days ago so it could be that CIS is blocking me from opening it, but I doubt it.
and one last thing I am being blocked from accessing the documents and settings folder which I find strange.
first, disable “autoplay”, remember this for future reference :-TU
1) Click on the "Start Menu" and then click on "Run"
2) type in gpedit.msc
3) click on "Administrative Templates"
4) Click on "system"
5) The right side pane called “Turn off Autoplay” Click on "disable"
6) Problem Solved Thumb Up
Scan saved at 18:37:46, on 25/07/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Unable to get Internet Explorer version!
That was from the "hijack this" log, That's really bad when hijack this can't idenitfy your windows version
when you get a bunch of “Unknown owner” WITH “(file missing)”
That means those files are tampered with and with a bunch of them also means it’s heavily contaminated , you can’t remove it, only “disinfect it or replace it”
I almost never recommend this, but you need to reformat your computer.
also download this from another computer
and burn it to a disc and run it before installing a new windows. I’m sorry for having to tell you that
first, disable "autoplay", remember this for future reference :-TU
1) Click on the "Start Menu" and then click on "Run"
2) type in gpedit.msc
3) click on "Administrative Templates"
4) Click on "system"
5) The right side pane called “Turn off Autoplay” Click on "disable"
6) Problem Solved Thumb Up
this will prevent future infections from the memory stick from automaticlly infecting your computer
Wherever you had you memory stick before you put it in your computer is propably infected too
Also, Check to make sure there is no other infected drives in there too!!!, if there is make sure there not infected
Ok I can't disable autorun, cannot find gpedit.msc.
WoW, I'm assuming you click on "run" on the start menu. Now that's really bad
Will my files on the partition be deleted when I reformat the hd
Yes, it will. Based on you asking that question, I'm guessing you have some important stuff on there (This would help you)
http://download.cnet.com/Panda-USB-Vaccine/3000-2239_4-10909938.html
Panda USB Vaccine is a free utility from Panda Research which helps prevent malware infections due to the autorun feature of Windows Operating Systems. Once executed the user can choose two types of vaccinations: Computer Vaccination or USB Drive Vaccination. USB Vaccine allows users to vaccinate their PCs in order to disable autorun completely so that no program from any USB/CD/DVD drive (regardless of whether they have been previously vaccinated or not) can auto-execute. This is a really helpful feature as there is no user friendly and easy way of completely disabling autorun on a Windows PC. Panda USB Vaccine can be used on individual USB drives to disable its autorun.inf file in order to prevent malware infections from spreading automatically
this way, you can save your stuff(like movies,important documents, music) on a cd, dvd, or another memory stick(one thats clean) before you reformant the computer. <------- after you install a fresh windows, scan the stuff that you saved before adding them to the new computer(Don't put software on in it, just redownload them to be safe)
P.S. please change your passwords for email, banks and other important places that you have used on that computer.
If anybody likes to add anything to this, feel free
Hope this helps
funnily enough I downloaded panda usb vaccine last night and installed it and I have already started copying everything to disk (dvd). I have over 100 gigs of stuff to saved so its taking a while.
I have over 100 gigs of stuff to saved so its taking a while.
That'll take some time :o >:-D
!ot!
A little bit off topic, have you considered a external harddrive(One that has a usb connection). That way, if it was a bunch of movies(like backup copys of home movies with the family during the holidays >:-D ) Why not get a external hardrive (one with a usb port). Then get a DVD player that has a usb port. That way, you can connect the external harddrive to the dvd player and watch all your home movies that way :-TU
Just an idea :-La If it doesn’t apply, then ignore it
My external HD (a portable one) is what got me into this mess, that and the stinking internet cafe. I don’t own a TV I don’t like all the bull**** thats on it. All my home entertainment needs are taken care of via my PC, well unless I have female company that is.
I have almost finished loading it all onto disk. Taken me almost 8 hours. At least its all backed up now. I just hope the discs are fine.
Back on topic, I am going use my housemates computer to download the boot sector repair tool, another copy of Panda usb vaccine and CIS so that my computer has suitable protection for when I start loading my files. It would help if you could tell me how best to use the boot sector repair tool.
OK I formatted the hard drive, reinstalled window, ran that boot sector thingy, then i installed CIS and firefox. Then Installed a cd with some other security software AMB, Avast unlocker and finally installed the driver for my network adaptor.
After that I downloaded and installed hijack this and ran a scan and the results were EXACTLY THE SAME AS THE SCAN I RAN BEFORE ALL THE FORMATTING AND REINSTALLATION OF WINDOW.
Scan saved at 23:32:09, on 26/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
with that good to go
please download “comobofix” and save it to the desktop (An antivirus will flag this, but this is safe and well known), Please remember, Very rarely do this program cause problems and can usually fix most infected computers. <-----PLEASE REMEMBER THAT, IF YOU DECIDED TO USE THIS http://www.majorgeeks.com/downloadget.php?id=6402&file=1&evp=4d90f753bf109637fabd69481c775ab1
*I WILL assume your windows 7 installation disc is NOT infected and/or prirated as that could be an issue for obvious reasons
P.S.
Before running it
Close all open Windows including this one. (Make sure all browsers are closed)
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue. If you are using Windows Vista, and receive UAC prompt asking if you would like to continue running the program, you should press the Continue button.
If you can’t download “comobofix”, please post here that you can’t
[autorun]
action=BitLocker To Go Reader
icon=BitLockerToGo.exe,-1
ShellExecute=BitLockerToGo.exe
UseAutoPlay=1
now I looked up bitlocker and it seems its a window system file for password protection. I tried to delete it and I was told I had to be a Trusted Installer in order to delete it even though the account I am using has full administrator privialeges
I kind of dout that it’s the problem,
But I’m sure you like to know how to delete stuff that requires “trustedinstaller” right??? Make damm sure it safe to delete, get a second opinion if needed
anyway, do this (Remember this is only for windows 7, I don’t know if it works for vista) While there is more then one way to do this, but this is my preferred way
4) Click on file
5) click on “save as”
6) save it to the desktop AND name the file as “Add Take Ownership Option.reg”
7) close notepad
8) Now double click on Add Take Ownership Option.reg
9) It’s now activated
From that point on any file you want to delete, right click on it, choose “take ownership” then click on delete :-TU