Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix and Autorun


  • Please log in to reply
5 replies to this topic

#1 travists

travists

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 10 February 2011 - 12:46 PM

First of all please pass my thanks on to the author of Combofix. Where I work it has proved to be an invaluable tool as people seldom bring computers in until the infection has festered greatly. Secondly, the decision to set it up to work on Vista, 7 and 64bit systems is great. There are two issues I need to resolve that may be related to combofix, however. One, Autorun is not working. Two, The cd-specific icon does not show up.

Now, I understand the reasons for turning off autoplay and such, but it’s problematic at times too. Especially when installing a program that requires multiple disks. I recently needed to clean my home computer, which included running combofix to catch anything that was hiding (it finds stuff that others just can’t). Resetting the clock from 24-hour to 12-hour is easy. Microsoft has a utility called “autofix” that does a great job restoring autoplay. I’m trying to restore autorun with no luck. I’ve gone through the registry with every turn auto-whatever on and off I can dig up. I have also run TweakUI to try to change the setting. Autofix allowed the cd to open up automatically, but only to show contents. What am I missing?


Thanks

Edited by boopme, 10 February 2011 - 12:56 PM.
Moved to appropriate forum,Antivirus...and Protection Methods


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:46 PM

Posted 10 February 2011 - 01:35 PM

IMPORTANT!: If you ran or want to run ComboFix on your own due to malware infection, please be aware that using it is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary. ComboFix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for viruses.

Further, when issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

With that said, ComboFix automatically disables autoruns the first time it is used. Since malware writers have begun to exploit the autorun/autoplay feature, the author of ComboFix, in an effort to help protect your computer from becoming infected via that attack vector, configured ComboFix to disable the autorun feature. Many security applications disable this feature as well and even Microsoft recommends doing the same.

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 967715

Microsoft Security Advisory (967940): Update for Windows Autorun
Microsoft Article ID: 971029: Update to the AutoPlay functionality in Windows

Note: If using Windows 7, be aware that in order to help prevent malware from spreading, the Windows 7 engineering team made important changes and improvements to AutoPlay so that it will no longer support the AutoRun functionality for non-optical removable media.

Disabling autorun/autoplay does not prevent you from accessing your media sources. They are still available by opening My Computer and accessing the source drive (CD, DVD, USB or external hard drive). Pictures on a camera can still be accessed through My Pictures and selecting "Get Pictures" from a scanner or camera. Media can be accessed via the program you normally use it with such as music CDs via Media Player, blank CDs via burning software, image handling software provided with the camera. We strongly recommend you leave the autorun feature disabled and get into the habit of accessing your media devices manually.

If you are insistent on enabling Autorun again, please refer to Microsoft Article ID: 330135 - The AutoRun feature does not work.

Edited by quietman7, 10 February 2011 - 01:37 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 travists

travists
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 10 February 2011 - 03:52 PM

Thanks for the reply. Yes, I'm aware that it is only part of the solution. Ran anti-malwarebites and my AV to make sure. I use Combofix all of the time, just not on my computer. Only reason I'm trying to re-enable autorun is a multi-disk install is being stubborn. I already looked at that kb item, but will run through it again. Just to be clear, the steps contained there will reverse what combofix does?

***EDIT: By the way, reading disks works fine, autorun is not showing up in the context menu (right click).

Edited by travists, 10 February 2011 - 03:54 PM.


#4 travists

travists
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 11 February 2011 - 03:45 PM

One final note: I found a workaround for my install issue, so I'll likely leave well enough alone.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:46 PM

Posted 11 February 2011 - 04:39 PM

:thumbup2:

Stay safe and have a malware free day.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Whacky98

Whacky98

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 02 January 2012 - 10:02 AM

These replies for a work around for combofix disabling autoplay/run need to be tested. I am a computer tech and run combofix on a lot of machines seems like everyone lately has disabled autoplay on windows xp. I have tried the registry fixes, tweakui, and much more. The only one that seems to work is Microsofts Autofix tool but having to do this is tedious. I have to run it 2 times per drive letter and that does not include if they have a drive letter on another device I do not have in my shop at the time. Yes, I know autorun can be dangerous do to infections on flash drives and external drives but that is not the point. My clients want autorun working as they are to stubborn if a screen does not pop up asking them to scratch before they sniff. Anyone have a less tedious work around. As I have fake antiviruses daily I am always willing to try a fix as one is needed until then I will continue to use Microsoft tool. If it helps Microsofts tool error is Local Polices on computer that it has to repair for each drive letter I want to enable autorun for.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users