Jump to content
Gazray4699

ComboFix causing Autorun issues.

Recommended Posts

Hello,

I'm posting because I went through ComboFix procedures to repair my PC and ensure it was clean from infection. After satisfied it was clean, I removed ComboFix via the uninstall I was instructed to do. My issue is this - autorun wasn't re-enabled and after following LDTate's advice (Such as the autorun fix from Windows, checking my registry and editing registry settings), Autorun was re-enabled with a remaining issue.

When a game CD or in fact, any CD is inserted, it automatically defaults to a Windows Explorer window showing all files within the disk. The "Autorun" selection on the right click menu is no longer there and game Autorun exe files no longer activate unless I find them and double click them - tedious to say the least, what with game developer file arrangement. Any suggestions on how to get this back?

Thanks in advance.

Share this post


Link to post
Share on other sites

Hi -

Did you follow all the directions left at the end of the post by LDTate ?

This can cause the problem you mention - If not you can re-contact an ADMIN or MOD and ask for your post to be reopened -

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Share this post


Link to post
Share on other sites

Hello,

Yes, I used Defogger but followed the procedures stated when everything was fixed. It said my emulation drivers were enabled - however that was on the Admin user name in safe mode, I tried running it in my user account but it stated it "Could not open file". My operating system is Windows XP SP3, if you were wondering.

It might be Defogger... there was no log posted to my desktop at all. When I ran Defogger to begin with, it disabled my drivers but did not reboot my system - nor asked to.

Share this post


Link to post
Share on other sites

None of those methods worked - however I have determined it seems to be an issue involving emulation. My ghost drive on Daemon Tools no longer autoplays, even when following the previous methods and repairing the turned off features. It doesn't even come up with a Windows explorer window. Nothing.

Share this post


Link to post
Share on other sites

You can try installing / uninstalling Defogger with the Admin user and then your login.

Share this post


Link to post
Share on other sites

If that didn't work, try this

1. launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.

Save in: Desktop

File Name: fixme.reg

Save as Type: All files

Click: Save

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveAutoRun"=-

2. Save this text as fixme.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

3. Double-click on fixme.reg. When it asks you to merge the information to the registry click Yes.

Share this post


Link to post
Share on other sites

Installing/Uninstalling Defogger? Do you mean using it to disable and renable the drivers on both accounts? If so, I've already tried that. As for the registry fix, you've suggested it to me already and it didn't work.

Share this post


Link to post
Share on other sites

My only other suggestion would be to uninstall the CD drive and re-install it if you have the drivers for it.

If you look at your topic where combofix was run, it didn't remove autorun.ini.

Share this post


Link to post
Share on other sites

I've tried uninstalling it and reinstalling it and it now autoruns to display a Windows Explorer box but no sign of an autorun feature. I'm debating whether or not to reinstall SP3 and see if this fixes it as it should return all settings to default.

Share this post


Link to post
Share on other sites

Is there a difference between autoplay and autorun? Because it seems to me, autoplay is working just fine but autorun is nowhere to be found and I believe it is autorun that uses the shell files to initiate a pre-programmed file such as on a game disc which loads a GUI for the disc?

Share this post


Link to post
Share on other sites

I know but the Autoplay is working and the Autorun is not running. This seems to point to a problem running the autorun file on the disc more than autoplay itself. Something somewhere isn't communicating.

Share this post


Link to post
Share on other sites

Open My Computer > Right Click on the CD/DVD drive > select Sharing and Security > select Autoplay

What does it show?

Share this post


Link to post
Share on other sites

It shows autoplay is running but only gives me a selection of options of what to do for different content... nothing about linking the CD drive to autorun files on the disc.

Share this post


Link to post
Share on other sites

To increase security, MS changed Autorun functionality with Windows 7 & earlier this year rolled out an update (KB971029) to affect the change in other OS's (Incuding XP SP3) too.

http://blogs.technet.com/b/srd/archive/2009/04/28/autorun-changes-in-windows-7.aspx

http://blogs.msdn.com/b/e7/archive/2009/04/27/improvements-to-autoplay.aspx

From the DDS attach.txt supplied in your malware removal topic you have KB971029 installed.

http://support.microsoft.com/kb/971029

Share this post


Link to post
Share on other sites

Well that explains the occurences with my USB and such and I accept that. However it also states that the autorun will not be operation for non-optical media.

How does this explain why my CDs do not have the autorun option? They detect game CDs as mixed content CDs and allows me to browse - no ability to run the autorun file upon the CD. It also doesn't even give me an option to choose what to do. Each and every time a CD is inserted, it automatically opens the file browser - no choice is offered to me despite the autoplay properties of my CD drive set to prompt me.

Share this post


Link to post
Share on other sites
They detect game CDs as mixed content CDs and allows me to browse - no ability to run the autorun file upon the CD. It also doesn't even give me an option to choose what to do. Each and every time a CD is inserted, it automatically opens the file browser - no choice is offered to me despite the autoplay properties of my CD drive set to prompt me.

That is default action for Mixed Content.

th_autoplay.png

Share this post


Link to post
Share on other sites

So why won't the autorun features on the CD/DVD run? According to that Microsoft update, CD/DVDs aren't affected and can still run autorun extensions when inserted?

Share this post


Link to post
Share on other sites

Let us take a look at the settings.

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :reg
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom /s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /s


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 11:06 on 29/10/2011 by Gareth

Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom]

"DependOnGroup"="SCSI miniport"

"ErrorControl"= 0x0000000001 (1)

"Group"="SCSI CDROM Class"

"Start"= 0x0000000001 (1)

"Tag"= 0x0000000002 (2)

"Type"= 0x0000000001 (1)

"DisplayName"="CD-ROM Driver"

"ImagePath"="system32\DRIVERS\cdrom.sys"

"AutoRun"= 0x0000000001 (1)

"AutoRunAlwaysDisable"="NEC MBR-7 NEC MBR-7.4 PIONEER CHANGR DRM-1804X PIONEER CD-ROM DRM-6324X PIONEER CD-ROM DRM-624X TORiSAN CD-ROM CDR_C36"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom\Enum]

"0"="IDE\CdRom_NEC_DVD_RW_ND-3500AG___________________2.88____\5&2819fc14&0&0.1.0"

"Count"= 0x0000000002 (2)

"NextInstance"= 0x0000000002 (2)

"1"="DTSOFTBUS&Rev1\DTCDROM&Rev1\1&2d12bed1&1&00"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"HonorAutoRunSetting"= 0x0000000001 (1)

"NoDriveAutoRun"= 0x0003ffff17 (67108631)

"NoDriveTypeAutoRun"= 0x0000000091 (145)

"NoDrives"= 0x0000000000 (0)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"= 0x0000000143 (323)

"NoDrives"= 0x0000000000 (0)

-= EOF =-

Share this post


Link to post
Share on other sites

Hi

Backup the Registry:

Modifying the Registry can create unforseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.(System registry & Current user registry)
  • Click on OK
  • When the Question pop-up appears click on Yes to create the folder.
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Then do this:

Warning. Please note that this fix is specific for this poster and should not be used by anyone else:

  • Open Notepad & copy the contents of the Code Box below to Notepad.
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "NoDriveAutoRun"=dword:03ffffb7
    "NoDrives"=dword:00000000


  • Make sure there are NO blank lines before REGEDIT4
  • Go to File > save As...
  • Name the file name as fix.reg
  • Change the Save as Type to All Files
  • Save it on the desktop
  • Close Notepad.

At the desktop, double-click on the fix.reg file, and when it prompts to merge say yes.

REBOOT

SystemLook

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :reg
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom /s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.