Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

running combofix kills my card reader autoplay


  • Please log in to reply
5 replies to this topic

#1 bonjonno

bonjonno

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 29 December 2009 - 03:36 PM

I've just dl and run the latest combofix and had a similar result to past releases. It doesn't seem to find anything TOO malicious but deletes a few files. Then when I place a card in my usb card reader to download photos, nothing happens. I have it set up to open the Scanner and Camera Wizard. Can't seem to get that function back without doing a system restore. I have a copy of the combofix log if that would point to what my problem is. I've posted this problem before with no replies. Anyone?

BC AdBot (Login to Remove)

 


#2 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 PM

Posted 29 December 2009 - 05:42 PM

Running combofix disables the Auto-run feature.
Go to start -> my computer
and then select your removable media

#3 bonjonno

bonjonno
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 29 December 2009 - 06:32 PM

well, yes, that is apparent. The first thing I did was try to restore AutoPlay to the card reader. But it was not affected at all. In fact I couldn't find any way to restore AutoPlay short of doing a system restore. So whatever cleanup combofix accomplished is all gone as well.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,935 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:06 PM

Posted 30 December 2009 - 09:10 AM

Keeping Autorun enabled on USB (pen, thumb, jump) and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:These types of infections usually involve malware that modifies and loads an autorun.inf (text-based configuration) file into the root folder of all drives (internal, external, removable) along with a malicious executable. When removable media such as a CD/DVD is inserted (mounted), autorun looks for autorun.inf and automatically executes the malicious file to run silently on your computer. For flash drives and other USB storage, autorun.ini uses the Windows Explorer's right-click context menu so that the standard "Open" or "Explore" command starts the file. Malware modifies the context menu (adds a new default command) and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.

ComboFix automatically disables autoruns the first time it is used. Since malware writers have begun to exploit the autorun/autoplay feature, the author of ComboFix, in an effort to help protect your computer from becoming infected via that avenue, configured ComboFix to disable it. Many security experts recommend you disable Autorun asap as a method of prevention. Microsoft recommends doing the same.

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...

Microsoft Security Advisory (967940): Update for Windows Autorun

Disabling autorun/autoplay does not prevent you from accessing your media sources. They are still available by opening My Computer and accessing the source drive (CD, DVD, USB or external hard drive). Pictures on a camera can still be accessed through My Pictures and selecting "Get Pictures" from a scanner or camera. Media can be accessed via the program you normally use it with such as music CDs via Media Player, blank CDs via burning software, image handling software provided with the camera. We strongly recommend you leave the autorun feature disabled and get into the habit of accessing your media devices manually.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 bonjonno

bonjonno
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 30 December 2009 - 11:21 AM

Thanks quietman7 for the explanation. Makes sense. Tho whenever I download my photos from the SD card I wipe the card clean. Not much chance of malware getting on it ever. But your points are taken and I see the value of turning off autorun. I have always disabled it for my CDROM as it just bugs me. But the Scanner and Camera Wizard is an excellent tool to transfer photos from a card to a specific folder, while rotating them, and is a tough app to start manually. I'll investigate how that can be done.

Edited by bonjonno, 30 December 2009 - 11:21 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,935 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:06 PM

Posted 01 January 2010 - 03:44 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users