Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hidden Autorun files in cd burning wizard


  • Please log in to reply

#1
Baggyboy

Baggyboy

    Member

  • Member
  • PipPipPip
  • 106 posts
After a 20hr struggle to clean a friends PC, infected with over twenty thousand malware related files I am left with one small problem which has me totally stumped.

While I was repairing the machine and installing programs from my emergency toolkit, the cd burning wizard was kindly informing me that i had files ready to be copied to a disc. A quick reveal of hidden files revealed an autorun.inf and a companion autorun.exe file awaiting my permission to copy onto my rescue disc.... needless to say that request was strongly denied.... As if!

Anyway, now that everything has been cleaned up to my satisfaction (none of the top freeware anti-spyware apps or AVG report anything untoward), I am still left with the cd burning balloon popping up at each log-on. The autoexec.exe file has gone (taken care of by AVG I assume) but the .inf remains.

I am assuming that this is due to some orphaned registry file somewhere or other which is not being picked up as it is not in itself malicious as it has no payload.

My question is this: Can anyone recommend another scanner or tool which I could use to get rid of this latent bug? Or perhaps I can post a log from HJT or some sort of reg analysis in here for review and advice?
  • 0

Advertisements


#2
EMCguy

EMCguy

    Member

  • Member
  • PipPipPip
  • 729 posts
This site

http://www.sysinternals.com/

has alot of good freeware utilities. One that might help with this problem is Process explorer

EMCguy :)

edit :tazz: I didnt realize this was in the malware forum. Sorry

Edited by EMCguy, 06 October 2005 - 01:29 AM.

  • 0

#3
Baggyboy

Baggyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Thanks for that EMCGuy, I'll have a go with that util the next time I am over at my friends house. See if i can't find out what's causing this.

PS. I dont think your reply to this in the malware forum will be too much of a problem (apologies if you've already been warned by a mod/admin!) as it's not specifically HJT log fix related, rather a request for more information.
  • 0

#4
Baggyboy

Baggyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
errr, ok... I had a go with Process Explorer on my friends computer. I couldn't find anything that looked suspicious, to my eyes anyway. To be honest, I dont think that there is any infection left on the system but for some reason I cannot get this balloon to stop appearing.

Is it worthwile posting a HijackThis log here just to check that I have indeed cleared up all infection?
  • 0

#5
EMCguy

EMCguy

    Member

  • Member
  • PipPipPip
  • 729 posts
I would post an HJT log here.

BUT make sure you start a new topic so it doesnt look like your being helped already. Your new topic will have zero replies :tazz:

EMCguy :)
  • 0

#6
Baggyboy

Baggyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
:tazz: naturally EMC, I will get a log posted from his place probably next week sometime. It will be interesting to see if I missed anything. Especially if it was anything major!!!

Ohh yeah, the chances are that they have already managed to get re-infected with various malware since I repaired it so I'll probably repair that damage before posting a fresh topic/HJT log. Afterall, I wouldn't want to say,
"OK, Here's a HJT Log from a PC I just cleaned, can someone check it please?"
And it turns out there are maybe 10-20 infections lurking there!! :)

Even with my favourite raft of anti malware programs merrily running in the background it's impossible to keep a pc completely safe if the user themselves has only half a clue how to use them properly.

It can be very difficult to understand what is the right course of action when TeaTimer pops up a box asking to (dis)allow certain changes, etc. If you are not very experienced with the inner workings of your PC then how can you tell what is the right answer? (speaking from a n00b point of view there, not my own!)

I try to tell them the most common things to look out for, ie. Names you recognise = good, random letters & numbers = bad... If it happens while you are installing software = usually good but take extra special care that it is what you asked for and not some added on malware. ie Quicktime changes your start-up but is not malicious, whereas other programs may try to install extra stuff at the same time which you do not want.

Far from foolproof I know but what can I say. If it was so easy to spot Malware then we wouldn't need to learn the tricks of the trade from places like GeeksToGo. Everyone would be a malware hunter.
  • 0

#7
EMCguy

EMCguy

    Member

  • Member
  • PipPipPip
  • 729 posts
sounds like a plan. good luck. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP