Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix broke u3 launchpad.


  • Please log in to reply
9 replies to this topic

#1 mydiskdrive

mydiskdrive

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 12 October 2010 - 08:25 AM

I just ran combo fix the other day and now just noticed that my U3 flash drive doesn't launch now.When I try to run launchpad.exe directly it just opens a temp folder.

It seems that ComboFix changed the autostart properties.

I tried running "autofix" http://www.softwarepatch.com/windows/xp-autorun.html and it did confirm this and corrected it, but it still isn't working.

All it does when launchpad is executed is open a temp folder.

Does anyone know something about this or have a fix?

Thanx,
/s

p.s- the U3 drive was not connected when ComboFix was run and the launchpad program is on the cd partition of the flash drive
that is read only, so the flash drive should be unchanged.

Edited by mydiskdrive, 12 October 2010 - 08:29 AM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:31 PM

Posted 12 October 2010 - 08:30 AM

Combofix Usage and Questions.

You will probably need to reinstall your USB Devices and other related software for your USB.

Why did you run Combofix?

#3 mydiskdrive

mydiskdrive
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 12 October 2010 - 08:34 AM

The U3 software for the usb is pre-installed as a read only cd partition of the flash drive.

I ran ComboFix to get the XP repair console to FIXMBR out of paranoia of a bootkit.

Edited by mydiskdrive, 12 October 2010 - 08:35 AM.


#4 killerx525

killerx525

    Bleepin' Aussie


  • Members
  • 7,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Melbourne, Australia
  • Local time:02:31 AM

Posted 12 October 2010 - 08:36 AM

Combofix Usage and Questions.

You will probably need to reinstall your USB Devices and other related software for your USB.

Why did you run Combofix?

Isn't the Malware Team meant to instruct on the use of Combofix?

>Michael 
System1: CPU- Intel Core i7-5820K @ 4.4GHz, CPU Cooler- Noctua NH-D14, RAM- G.Skill Ripjaws 16GB Kit(4Gx4) DDR3 2133MHz, SSD/HDD- Samsung 850 EVO 250GB/Western Digital Caviar Black 1TB/Seagate Barracuada 3TB, GPU- 2x EVGA GTX980 Superclocked @1360/MHz1900MHz, Motherboard- Asus X99 Deluxe, Case- Custom Mac G5, PSU- EVGA P2-1000W, Soundcard- Realtek High Definition Audio, OS- Windows 10 Pro 64-Bit
Games: APB: Reloaded, Hours played: 3100+  System2: Late 2011 Macbook Pro 15inch   OFw63FY.png


#5 killerx525

killerx525

    Bleepin' Aussie


  • Members
  • 7,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Melbourne, Australia
  • Local time:02:31 AM

Posted 12 October 2010 - 08:37 AM

The U3 software for the usb is pre-installed as a read only cd partition of the flash drive.

I ran ComboFix to get the XP repair console to FIXMBR out of paranoia of a bootkit.

You could of used something else easier like Malwarebytes or what i prefer which is Dr Web Free Scanner, which is really effective!

>Michael 
System1: CPU- Intel Core i7-5820K @ 4.4GHz, CPU Cooler- Noctua NH-D14, RAM- G.Skill Ripjaws 16GB Kit(4Gx4) DDR3 2133MHz, SSD/HDD- Samsung 850 EVO 250GB/Western Digital Caviar Black 1TB/Seagate Barracuada 3TB, GPU- 2x EVGA GTX980 Superclocked @1360/MHz1900MHz, Motherboard- Asus X99 Deluxe, Case- Custom Mac G5, PSU- EVGA P2-1000W, Soundcard- Realtek High Definition Audio, OS- Windows 10 Pro 64-Bit
Games: APB: Reloaded, Hours played: 3100+  System2: Late 2011 Macbook Pro 15inch   OFw63FY.png


#6 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:31 AM

Posted 12 October 2010 - 08:47 AM

Isn't the Malware Team meant to instruct on the use of Combofix?


Sorry to interrupt the thread. cryptodan was directing mydiskdrive to BC's Single point of contact for ComboFix help. You are correct in saying that the Malware Response Team members are the only ones allow to request or help with ComboFix.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 killerx525

killerx525

    Bleepin' Aussie


  • Members
  • 7,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Melbourne, Australia
  • Local time:02:31 AM

Posted 12 October 2010 - 08:49 AM

Thanks :thumbsup:

Edited by hamluis, 15 April 2011 - 10:49 AM.
Removed unnecessary quote.

>Michael 
System1: CPU- Intel Core i7-5820K @ 4.4GHz, CPU Cooler- Noctua NH-D14, RAM- G.Skill Ripjaws 16GB Kit(4Gx4) DDR3 2133MHz, SSD/HDD- Samsung 850 EVO 250GB/Western Digital Caviar Black 1TB/Seagate Barracuada 3TB, GPU- 2x EVGA GTX980 Superclocked @1360/MHz1900MHz, Motherboard- Asus X99 Deluxe, Case- Custom Mac G5, PSU- EVGA P2-1000W, Soundcard- Realtek High Definition Audio, OS- Windows 10 Pro 64-Bit
Games: APB: Reloaded, Hours played: 3100+  System2: Late 2011 Macbook Pro 15inch   OFw63FY.png


#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:31 PM

Posted 12 October 2010 - 08:51 AM

Does the flash drive work on another computer?

#9 Gabrial

Gabrial

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 12 October 2010 - 09:51 PM

I would guess your autorun.inf file on the drive was renamed or deleted. Did you check the root directory for a renamed file, or try to use recovery software to scan the flash stick for a deleted file?

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:31 AM

Posted 15 October 2010 - 01:03 PM

Getting back to the initial question.

Keeping Autorun enabled on USB (pen, thumb, jump) and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:

These types of infections usually involve malware that modifies and loads an autorun.inf (text-based configuration) file into the root folder of all drives (internal, external, removable) along with a malicious executable. When removable media such as a CD/DVD is inserted (mounted), autorun looks for autorun.inf and automatically executes the malicious file to run silently on your computer. For flash drives and other USB storage, autorun.ini uses the Windows Explorer's right-click context menu so that the standard "Open" or "Explore" command starts the file. Malware modifies the context menu (adds a new default command) and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.

ComboFix automatically disables autoruns the first time it is used. Since malware writers have begun to exploit the autorun/autoplay feature, the author of ComboFix, in an effort to help protect your computer from becoming infected via that avenue, configured ComboFix to disable it. Many security experts recommend you disable Autorun asap as a method of prevention. Microsoft recommends doing the same.

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...

Microsoft Security Advisory (967940): Update for Windows Autorun

Disabling autorun/autoplay does not prevent you from accessing your media sources. They are still available by opening My Computer and accessing the source drive (CD, DVD, USB or external hard drive). Pictures on a camera can still be accessed through My Pictures and selecting "Get Pictures" from a scanner or camera. Media can be accessed via the program you normally use it with such as music CDs via Media Player, blank CDs via burning software, image handling software provided with the camera. We strongly recommend you leave the autorun feature disabled and get into the habit of accessing your media devices manually.


Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users