0

ok chaky.
i understood,
is this the same in the case where you local drives work fine,.... and the problem is with removable drives only ???

0

Dear: All

Ive tried to solve the problem using various types of Antiviruses (Norton,Avast,Avg,Kaspersky), ive changed my Operating system for several times but the problem still exists , whenever i tried to open My Drive (D) the choose program list appears to choose the appropriate program to (open with) , to open the Drive ive used the (Windows+E) to open the Drive (D) insted of double clicking on it inside My Comouter. Finally today morning i was very fed up ive choosed to open the Drive choosing the Internet Explorer icon from the choose program list.. the result was very amazing ive found an (Autorun file) inside my D:/ Drive ive deleted the file immediately and everything is ok now.

Thanks

Loay Ahmed Dirar
Kharoum, Sudan

0

Registry setting goes for all drives.

If the problem is with some, and not all drives, then I would suspect that those drives (I'm not talking about CD/DVDs) contain file named "autorun.inf" in their roots (that would be "D:\autorun.inf" for drive D). I suggest deleting them. Usually, autorun.inf is hidden, system or read-only (file attributes, not the real state), so in order to make them visible you will need to make some changes in Folder options (Open or explore my computer, click on "tools"/folder options"/"view" tab).
There are 1 checkbox and 1 radio button that would make every file visible. Set "show hidden files or folders" and uncheck "hide protected operating system files(Recommended)".
Now they are visible in the windows explorer and can be deleted normally. Don't get scared of warnings saying that it is system file and that your system might not work afterwards... That's because the FILE ATTRIBUTE (mealy part of the file's name, nothing more) is marked as "system file". As, ANY file can be marked "system file".

I suggest that you change those settings back to the prior state once you delete "autorun.inf" files.

One more thing regarding USB drives... You might need to "take the ownership" (permission/sharing settings thing, XP pro only).

0

hey chaky,
i was trying to explain this thing only...
but i think, you misunderstood me earlier...
iwas talking abt individiual drives... :)

here's what u get inside autorun.inf files...

1.

[Autorun]
Open=mspaint.exe
Shellexecute=mspaint.exe
Shell\Open\Command=mspaint.exe
Shell=Open

2.

[Autorun]
Open(0)=mspaint.exe
Shellexecute=mspaint.exe
Shell\Open(0)\Command=mspaint.exe
Shell=Open(0)

u can have any executable file instead of mspaint.exe

0

You were right, I was in 5-year-old mode. I thought that I was replying to flamereaver. Sorry about that.
Anyway, my personal opinion is that there should not be any autorun.inf on local drive's root. Not even the USB drives, unless you dedicate them for single purpose. (clips, pics etc)

For the record:
I've just plugged in another HD (internal) and after reboot the system tried to find appropriate program on each new volume. (3 partitions)
I've canceled the process and it never repeated again. Not even after I've unplugged the HD and plugged it in on another SATA channel. That's how the system should behave.

0

hey u know what,
i copied a autorun.inf file in my D:\ drive, and i've targetted it to open E:\ drive,...

my friends come and say why u have full 40 gb of same music on both D: and E: drive...
.. then i say thats the backup man!
lol.....lol....lol....


but 1 thing wrong is that the targetted E:\ drive opens in a new window...
any solution...?

0

the most effective thing is to delete autorun file and restart and then open the drives :D and if u have kasper make scan my computer

0

in the mean time my brother once got a viruse that deleted all his file associations and permissions and he could only launch .exe's and open folders/drives/etc... by R click and selecting Run as... and using the administrator account...
This is an extream example and the easy fix was of course a repartition, backup to logical D:\ and Format/Reinstall WinXP on C:\

0

Thanks very much Chaky you've saved my day! The problem was when I tried to double click C:\ or D:\ it always open cmd (command window). The REG_SZ value was null (nothing) I've just put (none) as the value and everything is alright now. Many many thanks to you and all the knights of this wonderful forum. Cheers mate from Sydney.

0

Thanks for the tips...specially to Chaky ...who bothered to shift to five year old mode:)


I tried most of the tips but it seems I had a different cause for my problem. What solved it is when I temporarily transferred the content of my removable disc to my laptop hdd and format it.

After formatting the removable disc, it became accessible again thru double click including my other removable drives.

Thanks guys:)

0

Thanks Piyush and Chaky.
Had this problem for a couple of days....n now its cleared.
Just registered to show my appreciation to the advice.Thanks guyz.:)

0

I hate to repeat my self.

Well, here's for the 5-year-olds:

- click "run" in your start menu and type in "regedit". That should start the registry editor.
- if there are expanded branches in your first run, collapse them all and expand one called "HKEY_CLASSES_ROOT". First one from the top.
- find key called "drive" on the next level. Expand it and click on the "shell" sub-key. (pic no. 1)
The picture shows what your registry should look like. Note the status bar at the bottom says "My Computer\HKEY_CLASSES_ROOT\Drive\shell" - exact location of where you should look. Also note on the right side "default REG_SZ none". You can ignore REG_SZ part. Important thing there is that default - none. That is what it should read on your PC. Let's say that in my case the default value says "ACDBrowse", then the picture No. 3 shows what exactly would be activated ("C:\Program Files\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1") on the double-click. ACDSee would start. Also, on the right click, first (bold text) item would be what the picture No 2 shows "Browse with ACDSee Pro" - user-friendly name of "ACDBrowse" sub-key.


The conclusion: In the "HKEY_CLASSES_ROOT\Drive\shell" key the default value should be "none". (as text, not empty)


One more thing:

DO NOT DELETE ANY KEYS!
ONLY CHANGE THE DEFAULT VALUE OF THE ABOVE KEY!
THERE IS NO UNDO FUNCTION IN REGISTRY EDITOR!

ok so i have done this and it works, however my avg is screwed, its says i dont have access to enable the firewall. i dont know if its a result of my trying to screw around with the registry. Any help? this is my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 2:12:55 AM, on 10/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Candy\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.224.5:8080
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

0

First things first.. let's get rid of couple of nasties there.

Run the hijackthis do a system scan only and check the following lines

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZK

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

Once you checked those, hit "fix checked".

Now, try to figure out (I never used AVG, so I can't tell you) where to turn on and off the features in AVG. If you can't enable the firewall there (that looks enabled in a hijackthis log), then you have to uninstall AVG and install it again. No skipping reboots.

0

i think i shud come up with my own tools.. :)
for these small problems...

wt guys can't u just delete 1 file using cmd.....

0

Hey i had these same problem too until i used disk heal, got rid of the problem in just a few clicks..all you need to do is open the application go to the fix tab type the drive letter and click fix then just restart the pc and you are done!

ps i've linked the word 'disk heal' to its home page donno if it'll be removed coz of the spam rule...if so just google 'disk heal' and download it off the homepage.

-1

A_MEMBER
no need even to restart the pc dude,
just end task explorer and new task explorer.. u r done... ; )
wt all these samll s/w do is that, they delete the autorun.inf files thats all...

COMPLETEPC
even u can delete the autorun.inf files and make things work again.. : )

Votes + Comments
no
0

Hey Guys,
Don't mess up your time for above mention ideas. Try this..
Go to Start>Run>Type CMD and hit ok then in black screen type followings commands:
For c drive type
cd\ and hit enter then type dir /ah
same for D,E and for your flash drives then you will see hidden infected files like autorun.inf and USBFlash.exe or else..
so to remove them
Type In same command window
attrib -s -h -r c:\autoru.inf
attrib -s -h -r c:\USBFlash.exe
This two command to disable these hidden files.Do same for other drives..Next step to delete these infected files manually.
for c drives
del c:\autorun.inf
del c:\USBFlash.exe

And resart your Pc and enjoyyyyy!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.