You are here

Weird AutoRun problem...

8 posts / 0 new
Last post
0per4t0r
Offline
Last seen: 13 years 5 months ago
Joined: 2009-03-15 16:42
Weird AutoRun problem...

Well, for some reason, when I use my flash drive on some computers, my autorun disappears, completely. When I try to make a new one, and save it as autorun.inf on the root directory of the drive, it says it can't save because it's a read-only file... It doesn't appear on the drive, and doesn't even show up when I enable viewing of hidden and system files.. When I try to open it using windows explorer, it opens it, but it's encoded with a bunch of weird unicode characters that don't register.. I can't seem to delete the file using any means, including the command prompt...

EDIT: I seem to have been able to delete the conflicting file with Eraser Portable, but do you have any idea what might be causing this???

Also, could somebody upload the standard PortableApps.com autorun file, so I can back it up on my drive, in case this happens again?

Thank You.

John T. Haller
John T. Haller's picture
Offline
Last seen: 5 hours 58 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Viruses

It's usually the result of viruses or malware. They add their file to the USB drive and then change autorun.inf to automatically run it. The autorun.inf is then hidden and marked read-only. You should check your drive for errors.

Sometimes, the impossible can become possible, if you're awesome!

Soulmech
Offline
Last seen: 12 years 5 months ago
Joined: 2010-03-03 10:52
ClamWin Portable can delete

ClamWin Portable can delete most of these kinds of viruses.

Panda USB Vaccine can also put in a dummy autorun file that (usually) can't be overwritten.

SWAG

0per4t0r
Offline
Last seen: 13 years 5 months ago
Joined: 2009-03-15 16:42
Okay...

I'm pretty sure I got a virus, but i'm not sure if it originates from my computer or from the USB Disk itself... It seems there's a file in the "RECYCLER" folder that keeps regenerating whenever i plug my flash drive into my computer.

For some reason, the virus autorun basically just opens windows explorer to view the contents of the drive, and i've looked through the file, and it apparently uses SHELLEXECUTE to use RunDLL to open the regenerating recycler file, and sometimes it throws an error that the file is not found. It's not really harmful, but it's damn annoying.

I'll have to update my ClamWinPortable, and scan my flash drive, and my old PC. Beee

ceciliaFX
ceciliaFX's picture
Offline
Last seen: 8 months 4 weeks ago
Joined: 2007-04-24 14:18
I don't know what you may have but I do know about Ravmon.exe

http://anoop-aravindan.blogspot.com/2007/11/virus-w32rjumpworm-ravmonexe...

http://www.techspot.com/vb/topic75561.html

should give you a taste of the info out there.

RavMon is just one of the bad guys which monkey with autorun

"No one man can terrorize a whole nation unless we are all his accomplices." - Edward R. Murrow

0per4t0r
Offline
Last seen: 13 years 5 months ago
Joined: 2009-03-15 16:42
Yeah, that sounds like what I've got.

I'm pretty sure I have that virus. I'll use that blog entry, and try to get rid of it from my PC. Smile

ceciliaFX
ceciliaFX's picture
Offline
Last seen: 8 months 4 weeks ago
Joined: 2007-04-24 14:18
clamwin should find the files

and quarantine them. but do whatever you have to.

"No one man can terrorize a whole nation unless we are all his accomplices." - Edward R. Murrow

0per4t0r
Offline
Last seen: 13 years 5 months ago
Joined: 2009-03-15 16:42
Got rid of the virus!

Well, not exactly. I couldn't actually quarantine or get rid of the virus, but I found that the virus file is copied to "X:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx"

So, I went to the folder where the virus file was, deleted it, and made a folder that has the same name as the virus. So, now the virus cannot be copied to my drive, and the autorun doesn't get messed up anymore..

I couldn't get rid of the virus, so I just outsmarted it. Blum

Thanks for all your help!

Log in or register to post comments