AutoPlay Virus

[RajaValor]

You should be able to do your normal computer activity. It will make the wait seem less.

Or try to recreate a situation that you know will cause it to appear.

The only way the makes the autoplay run for sure is restaring the comp and Im to busy talking to my Canadian couterpart at this time to be bothered with that x;
I will catch it by tommorow hopefully.

[RajaValor]

Well it poped up while I had the program running and I didnt see anything show up as a running program as far as an autorun; just a bunch of rundll32.exe's pop in an out at start up.
I will keep looking but pesimistic so far.

[oldman]

I don't think it would show up as an autorun. It should appear as a program closing at the same time as the autoplay disappears from the screen.

When the autoplay appears, is there any lights or sounds from your cd/dvd? Do you have any usb storage devices attatched.

I'm thinking of what you posted about your cd.

[RajaValor]

I don't think it would show up as an autorun. It should appear as a program closing at the same time as the autoplay disappears from the screen.

When the autoplay appears, is there any lights or sounds from your cd/dvd? Do you have any usb storage devices attatched.

I'm thinking of what you posted about your cd.

I never notice any sounds from the CD player when the autoplay runs, nor have I noticed any lights. I will check for thoes from now on.

I do use a USB mouse but even at that I have disconnected the mouse and still had the autoplay run many times be4.

The autoplay ran with the manager list open again; I still didnt notice any programs going in an out while it was running other than the rundll32's like said be4.

[oldman]

hi RajaValor

We're leaning twoward the possibility of a corrupt cd driver or a failing drive. In light of what you posted about disks being shown as full when in fact they are not and the right click menu.

You can try, with tweakui to turn autoplay/autorun off, as you did with the other drives. If the autoplay search goes away, we're on the right track.

[RajaValor]

hi RajaValor

We're leaning twoward the possibility of a corrupt cd driver or a failing drive. In light of what you posted about disks being shown as full when in fact they are not and the right click menu.

You can try, with tweakui to turn autoplay/autorun off, as you did with the other drives. If the autoplay search goes away, we're on the right track.

Alright I have disabled the autorun for the CD/DVD drive; now just to wait and see.
What do these autorun files do anyway?
Are they suppose to start up programs when you sign in? B/c Ive used the Tweakit like you said to disable them and I still get programs starting up with XP like I did be4 the fix.

[oldman]

Autoruns do exactly what they sound like, they run without any user input. In your case, it looks like a drive is trying to run, though it either can't start or can't find the information for starting. As mentioned, it may be your cd drive/driver. This is not acting like a typical infection.

[RajaValor]

Autoruns do exactly what they sound like, they run without any user input. In your case, it looks like a drive is trying to run, though it either can't start or can't find the information for starting. As mentioned, it may be your cd drive/driver. This is not acting like a typical infection.

Well good news bad news.
Good:
Disabling the autoplays for the CD/DVD drive has stoped the random autoplays; yay.

Bad:
I plugged in my webcam after being signed in for an hour and windows said "system error" and turned the computer off instantly and restarted. It allowed the cam to work after signing back in and everything but the "insto-kill" scared the crap out of me.

Im asuming that was b/c autoplay is disabled.

[oldman]

It's been narrowed down to yiu cd. I don't know if it's corrupt drivers or a failed drive. Can you access the drive through windows explorer with a disk in and read the disk?

Check in device manager and see if windows sees the drive there.

Right click on My Computer . . Select Manage . . Device Manager

No exclaimation marks? Also check the properties there.

Why you had a system error by plugging in your camera, I don't know. A camera is just a storage device. Unless there is some sort of autorun built into the camera.

DavaidR is going to have to join in here. I can't find the link for repairin the xp cd drivers. If I come across them I will post it here.

[RajaValor]

It's been narrowed down to yiu cd. I don't know if it's corrupt drivers or a failed drive. Can you access the drive through windows explorer with a disk in and read the disk?

What on earth does that mean?

I did the manage bit on the My Computer section, but there isnt any "right click, properties" on Device Manager.
I did add a screen shot of the Device Manager Listing as an attachment.

My computer guy also said that it might be the CD/DVD driver and that I could possible unistall the one I have and get another from HPs website; but iunno anything about that or if thats nessasary.
He was rather confused about the virus himself.

[oldman]

What I meant, is open windows explorer. Put a cd in your drive and double click the drive. Does it open?

In device manger, you should be able to right click on the drive in the right hand panel. In your case Philips cdrw/dvd. Double click will also work. It should bring up the properties box. Is there a message in the lower part of that box?

I said before, I don't think this is malware. A driver issue or a failing drive.

Try uninstalling it.

[RajaValor]

What I meant, is open windows explorer. Put a cd in your drive and double click the drive. Does it open?

In device manger, you should be able to right click on the drive in the right hand panel. In your case Philips cdrw/dvd. Double click will also work. It should bring up the properties box. Is there a message in the lower part of that box?

I said before, I don't think this is malware. A driver issue or a failing drive.

Try uninstalling it.

Ok I stuck a CD in it and did what you said; it brought up an error message saying "This file dose not have a program associated with it for performing this action. Creat an association in the Folder Options control panel. I opened Windows Media Player manually and tried to play the CD, and it would not work. I then opened iTunes and the CD worked just fine. I have an older version of WMP b/c it gave me an error message with the newer model just recently and I just re-installed the older one of MS main page. I didnt have any problem with the newer model again till recently and not to long ago I had just ripped a song off a CD with the older version I have right now.

I also clicked the drive in the Computer Manager and it reported that it was working correctly.
I think its in denail.

I would not know how to uninstall the driver or how to reinstall it afterword.

[oldman]

For file association, see if this helps.

http://support.microsoft.com/kb/307859

[DavidR]

I have been following this since oldman came on board to try to root out any possible malware. I'm convinced (as he is) that this isn't some autoPlay virus as the symptoms of the autorun.inf infection simply aren't there.

Disabling the autoplay on the CD drove removes the symptoms you were getting, but that then takes us into why they were happening in the first place.

There would really have to be a CD in the tray for the windows autoplay function to kick in and then an autorun.inf file on it to launch any programs.

Now if it were failing hardware or driver it might indicate that there is a CD in the drive and autoplay tries to run but cant find any files so can't make an association as to what to run. However, with autoplay disabled and you put a CD in the drive it won't start to play as before, you would normally get a pop-up with options.

I have just put a media disk in my CD drive and I get a pop-up asking what to do, see image. I think you should have got that also (As the autoplay is disabled.) ?

From there I chose which Media player to use in my case Windows Media Player and it started playing, if however you choose a media player that doesn't support the media you have on the CD/DVD it will fail as it doesn't the codec necessary to play the media.  As you have mentioned iTunes it will use a proprietary media codec that isn't available in WMP.

[RajaValor]

I have been following this since oldman came on board to try to root out any possible malware. I'm convinced (as he is) that this isn't some autoPlay virus as the symptoms of the autorun.inf infection simply aren't there.

Disabling the autoplay on the CD drove removes the symptoms you were getting, but that then takes us into why they were happening in the first place.

There would really have to be a CD in the tray for the windows autoplay function to kick in and then an autorun.inf file on it to launch any programs.

Now if it were failing hardware or driver it might indicate that there is a CD in the drive and autoplay tries to run but cant find any files so can't make an association as to what to run. However, with autoplay disabled and you put a CD in the drive it won't start to play as before, you would normally get a pop-up with options.

I have just put a media disk in my CD drive and I get a pop-up asking what to do, see image. I think you should have got that also (As the autoplay is disabled.) ?

From there I chose which Media player to use in my case Windows Media Player and it started playing, if however you choose a media player that doesn't support the media you have on the CD/DVD it will fail as it doesn't the codec necessary to play the media.  As you have mentioned iTunes it will use a proprietary media codec that isn't available in WMP.

Yes I normaly would of gotten that same pop up window for deciding which media player the CD would of gone into; but disabling the auto play options like we have; I no longer have it as an option. Could it also be that I had to downgrade WMP and that the drive is no longer prompting for that window b/c it was assoicated with the newer version and it didnt switch back? Just an ideal.

When I manually opened the CD in WMP thought; it did read the CD and told me the name of the songs on it.. just when I clicked play it would say play and then stop itself right after.