Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cd Rom Drawer Problem


  • Please log in to reply
23 replies to this topic

#16 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 24 September 2007 - 11:26 AM

Hi! First of all, the drawer is not stuck. I came home, turned on the computer and pressed the little arrow to open the drawer and it opened fine. then I pressed it again, and the drawer closed fine. The drawer stayed intact until the computer had been on for a couple of hours, then started opening and closing like crazy! I was able to scan with Jotti, the first file and it said this file has 0 bytes. Then, it became too busy so I did all 3 of the files with virustotal.com. I will first of all paste the notepad results for RegSearch:Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.5.0

; Results at 9/24/2007 11:16:05 AM for strings:
; 'autoplay.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55803CC-4D53-404c-8557-FD63DBA95D24}\LocalServer32]
; Contents of value:
; %SystemRoot%\system32\WPDShextAutoplay.exe
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,50,00,\
44,00,53,00,68,00,65,00,78,00,74,00,41,00,75,00,74,00,6f,00,70,00,6c,00,61,\
00,79,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\88]
"FileName"="wpdshextautoplay.exe"

; End Of The Log...

BC AdBot (Login to Remove)

 


#17 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 24 September 2007 - 12:05 PM

Now here is the result of the virustotal scan. the first file said 0 bytes received, the second results are here:Slovenčina | Dansk | Русский | Romnă | Trke | Nederlands | Ελληνικά | Franais | Svenska | Portugus | Italiano | | | Magyar | Deutsch | Česky | Polski | Espaol
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File AutoPlay.exe received on 09.24.2007 18:56:59 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.9.22.0 2007.09.24 -
AntiVir 7.6.0.15 2007.09.24 -
Authentium 4.93.8 2007.09.24 -
Avast 4.7.1043.0 2007.09.24 -
AVG 7.5.0.485 2007.09.24 -
BitDefender 7.2 2007.09.24 -
CAT-QuickHeal 9.00 2007.09.24 -
ClamAV 0.91.2 2007.09.24 -
DrWeb 4.33 2007.09.24 -
eSafe 7.0.15.0 2007.09.23 -
eTrust-Vet 31.2.5159 2007.09.24 -
Ewido 4.0 2007.09.24 -
FileAdvisor 1 2007.09.24 -
Fortinet 3.11.0.0 2007.09.24 -
F-Prot 4.3.2.48 2007.09.23 -
F-Secure 6.70.13030.0 2007.09.24 -
Ikarus T3.1.1.12 2007.09.24 -
Kaspersky 4.0.2.24 2007.09.24 -
McAfee 5125 2007.09.21 -
Microsoft 1.2803 2007.09.24 -
NOD32v2 2547 2007.09.24 -
Norman 5.80.02 2007.09.24 -
Panda 9.0.0.4 2007.09.24 -
Prevx1 V2 2007.09.24 -
Rising 19.42.02.00 2007.09.24 -
Sophos 4.21.0 2007.09.24 -
Sunbelt 2.2.907.0 2007.09.24 -
Symantec 10 2007.09.24 -
TheHacker 6.2.5.067 2007.09.24 -
VBA32 3.12.2.4 2007.09.23 -
VirusBuster 4.3.26:9 2007.09.24 -
Webwasher-Gateway 6.0.1 2007.09.24 -
Additional information
File size: 36864 bytes
MD5: b47dd684b79b4d8887bfe75abae1037a
SHA1: 07be38f83df83d257adb0a4d91225f968cfe31ee


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.


VirusTotal Hispasec Sistemas - Blog - Contact: info@virustotal.com

Edited by mo12, 24 September 2007 - 12:06 PM.


#18 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 24 September 2007 - 12:08 PM

As far as I could see there were no results as to malware. The third file was done too and it said something about 0 bytes received. I will try the third file again with virustotal and let you know the result if anything other than I already said.

#19 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 24 September 2007 - 12:28 PM

Another thing I'll mention. When I started the computer this morning, I got a message about installing new hardware. The installation wizard was asking about installing D4851 CD-R/RW C3.7.7.7.7. I don't know what this means either. The drawer is now opening and closing non-stop!

#20 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:57 AM

Posted 26 September 2007 - 04:08 PM

Hi mo12, :thumbsup:

1. Could you check this advice: 8.5) Drawer operation is erratic

2. Unfortunately none of the files have been scanned. Could you try again please?

If it still doesn't work try this alternative:

Go to uploadmalware.com.

Once there,fill in your username and leave a link to this post.

Click on the browse tab by #1

Navigate to-->

C:\Documents and Settings\loginname\Start Menu\Programs\Startup\AutoPlay.exe

Double Click to upload.

Scroll down and Click Send File

After that, just follow the rest of the directions.

Follow the same proceudre for the other two files:

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe
C:\Documents and Settings\Default User\Start Menu\Programs\User Startup\AutoPlay.exe

3.

Another thing I'll mention. When I started the computer this morning, I got a message about installing new hardware. The installation wizard was asking about installing D4851 CD-R/RW C3.7.7.7.7. I don't know what this means either.


A few questions:

1. The code isn't familiar to you?
2. Is your CD player new, that is you installed it recently?

#21 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 26 September 2007 - 06:59 PM

The first file when using upload malware said it was 0 bytes and maybe something was preventing it from uploading. The second file was sent, hopefully to you. The third file result was the same, 0 bytes or something was preventing it from uploading. The CD Rom was always a part of my computer. There is nothing new here. It's just the drawer in the tower that came with my computer. One thing I'm not sure of is when you say "navigate to those files" I click browse but can't locate those exact files, so I just typed them in the box and submitted them. I guess I just don't know how to navigate to them and will need more simple instructions as to how to do that. I appreciate all your help. Thanks. Also, I will reread the article you suggested. Maybe I need to spray some canned air into the drawer but I have done that before and the problem just comes back. I never became clear on what the CD icon means when it comes on the screen beside the mouse arrow. Does it mean the computer is searching for a CD that isn't there?

#22 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:57 AM

Posted 27 September 2007 - 01:19 PM

Hi mo12, :thumbsup:

1.

The CD Rom was always a part of my computer. There is nothing new here. It's just the drawer in the tower that came with my computer.


I think it's fair to say that the cd-drive is broken, so ...

2.

I never became clear on what the CD icon means when it comes on the screen beside the mouse arrow. Does it mean the computer is searching for a CD that isn't there?


It means that the player is looking for the CD.

3.

One thing I'm not sure of is when you say "navigate to those files" I click browse but can't locate those exact files, so I just typed them in the box and submitted them. I guess I just don't know how to navigate to them and will need more simple instructions as to how to do that. I appreciate all your help. Thanks


Let's look at an example, which has nothing to do with the files I asked about earlier but that's because those are not present on your computer.

C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

Right-click Start and go to the C-drive > Documents and Settings > Owner > Desktop > hijackthis > HijackThis.exe

Note: '>' means that you place the cursor on the +-sign in front of the folder and click it.

Try it and let me know if you could navigate to HijackThis.exe. I will than post some final instructions.

#23 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 27 September 2007 - 02:09 PM

Yes, I was able to navigate to HijackThis.exe. So when I navigate to the files requested do I click or double click on them to submit them for scanning by jotti? If you think the problem is a mechanical one, maybe I'll just take it in to a computer repair shop and have it looked at. I just find it strange that this only happens after the computer has warmed up. Thanks for all your help and I will try any of your suggestions.

#24 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:57 AM

Posted 28 September 2007 - 11:10 AM

Hi mo12, :thumbsup:

Yes, I was able to navigate to HijackThis.exe. So when I navigate to the files requested do I click or double click on them to submit them for scanning by jotti?



You navigate to the file as instructed: click the file once, so the text reads in bold and next Submit. As said before no need to do that now since the files we tried before are not present on your computer.

If you think the problem is a mechanical one, maybe I'll just take it in to a computer repair shop and have it looked at. I just find it strange that this only happens after the computer has warmed up.


Yes I do think it's a mechanical problem and no malware is involved here. If you want to be sure I suggest you ask around at the Software and Hardware Subforums. Oncer there do tell people about this thread.

Okay so I think you're ready to go.

Remove previous restore points and set a new one to purge any malware that may have been backed up:

Click Start>Help and Support>Undo changes to your computer with System Restore
Click Create A Restore Point then click Next. Give it a name it and then click Create

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

This will remove all previous restore points except the newly created one.

You may re-enable hidden files now: Open Windows Explorer >Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is unchecked. Also check "Hide protected operating system files" and tick "Hide extensions for known file types" . Now click "Apply to all folders", >Apply then OK.

In order to prevent future infections follow these recommendations:

a. Visit Windows Update on a regular basis to stay current with critical updates.

b. Install and run the following free programs:

* Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here!

* Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found
here! Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

* SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here!

* SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here!

* IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Keep all these programs (including your anti-virus) up-to-date and run them regularly.
If you do not update regularly they will not be able to catch any of the new variants that may come out.

c. I recommend you to read Tony Klein's excellent article: So how did I get infected in the first place?

d. If you want to fight back the Malware Writers, please take a look here!

Glad I was able to help and if there are any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BleepingComputer Forums, we also help people with other computer problems! Do not forget to tell your friends about us!

Good luck!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users