Copying UsB Problem

[Closed]
Report
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
-
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
-
Hello,

I am Chinmaya and I am having a problem with my USB. The link to my ZHPDiag report is:

http://speedy.sh/7QQGP/ZHPDiag.txt

There you go!

24 replies

Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,163
Stand-by for my analysis.
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,163
ZHP Diag created three Icons on your desktop.

1. Open ZHP Fix

2. Copy the lines below and then clic on the second button, (clipboard) At the bottom a "Go" button will appear. Click on it.

O4 - HKCU\..\Run: [windows] . (.Microsoft Corporation - Visual Basic Command Line Compiler.) -- C:\Users\Chinmaya\Documents\MSDCSC\msdcsc.exe => Infection Bot (Malware.Bot)
O4 - HKUS\S-1-5-21-3165046482-525462170-2448898062-1001\..\Run: [windows] . (.Microsoft Corporation - Visual Basic Command Line Compiler.) -- C:\Users\Chinmaya\Documents\MSDCSC\msdcsc.exe => Infection Bot (Malware.Bot)
O42 - Logiciel: Yontoo 1.10.03 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} => Infection BT (Adware.Yontoo)
[HKCU\Software\DC3_FEXEC] => Infection Diverse (Malware.Trace)
[HKCU\Software\PopCap] => Infection BT (Adware.PopCap)
O43 - CFD: 23-12-2012 - 13:38:50 - [30.878] ----D C:\ProgramData\PopCap Games => Infection BT (Adware.PopCap)
O43 - CFD: 23-12-2012 - 13:16:59 - [0.011] ----D C:\Users\Chinmaya\AppData\Roaming\dclogs
O44 - LFC:[MD5.C826711D000C71F37D9B4EA5FA4C8F6E] - 28-12-2012 - 17:08:20 ---A- . (...) -- C:\Windows\AutoKMS.ini [184]
O44 - LFC:[MD5.CF7498ADA4AC2F50E5CA72205865D7CE] - 28-12-2012 - 17:07:58 ---A- . (.Unknown owner - Local KMS Host.) -- C:\Windows\KMSEmulator.exe [78848]
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] => Infection BT (Adware.BHO)
[HKLM\Software\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Wow6432Node\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Adware.Yontoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT [HKLM\Software\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}]

3. Close ZHP Fix

4. Download, install and run Malwarebyte which you can find on this site:

https://ccm.net/download/download-105-malwarebytes es-anti-malware

Ensure you make an update.

Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.

If Malwarebyte restarts your system, launch it again to finish the Full scan.

When the scan is completed, delete all items found.

5. Delete all of your ZHP logs, generate a new one and upload the new one on Speedy share. If you still have problems with transfering data, let me know.

Again, do not plug any usb devices in another computer or you may spread the infection.
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
Well I carried out all the steps that you told but still I am having the problem of transferring files. Here's the new ZHPDiag Log link:

http://speedy.sh/5CXXq/ZHPDiag.txt

:/
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,163
to remove the virus and vaccinate your USB against further viruses.


Download UsbFix (créé par El Desaparecido) on your desktop.

http://services.service-webmaster.fr/cpt-clics/clics-30453-6505.html


If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.

Plug in all of your usb devices (Flash drive, pen drive. External HD etc...) don't open them.

Double click sur UsbFix.exe.

Click on deletion

Let the tool work.

At the end of the scan a report will show which you can copy and paste here..

The report is save at the root ( C:\UsbFix.txt ).
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
http://speedy.sh/5C8vq/UsbFix.txt

There you go, but I tried transferring still the problem wasn't solved.

:/
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,163
USB Fix removed most of the infections and there were many!

However there are still some in F and G called autorun:

Try this 1

Click on the below link and download the file "AutorunExterminator"
https://ccm.net/download/download-11613-autorun-exterminator

Extract it --> Double-click on "AutorunExterminator" --> Plug your pendrive now.

This will remove the autorun.inf files from your pendrive and also from drives.
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,163
Hi

So, what's happening?
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
well sorry dude, I couldn't reply earlier as I was off on a vacation.

I tried AutorunExterminator but it quite didn't help. It did not find even a single autorun.inf file and whenever I connected my USB drive it stopped responding.

will be waiting for your further suggestions.

:/
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,163
Please, don't call me Dude, I find it disrespectful. I could have 10 times your age.

You log definately shows autorun files in F and G. There is an autorun.inf in F and autorun.exe in G.

This is the standard procedure to delete the Autorun.inf file

Normally when a virus infects a windows system which causes a drive opening problem, it automatically creates a file named autorun.inf in the root directory of each drive.

This autorun.inf file is a read only ,hidden and a system file and the folder option is also disabled by the virus. This is deliberately done by the virus in order to protect itself. autorun.inf initiates all the activities that the virus performs when you try to open any drive.

You have to just delete this file and restart your system to correct this problem.

Follow the set of commands below to show and delete the autorun.inf

1. Go to Start then Run and type cmd and press enter. This will open a command prompt window. On this command prompt window type the following steps.

2. type cd\ press enter

3. type attrib -r -h -s autorun.inf press enter
please note the spacing: no space between the dash and the letter & a space after the r h and s

4. type del autorun.inf press enter
if the PC returns a "file not found" message - check the spelling for autorun.inf

in step 4 above, if its displays Could Not Find D:\autorun.inf thats mean the autorun.inf doesn't exist in that drive

5. if you have a d drive: type d: and press enter for d: drive partition. Now repeat steps 3 and 4. Similarly repeat step 5 for all your hard disk partition.

Restart your system and your trouble will be fixed. Except the program that caused the problem is still in your computer.

Make sure you are connected to the Internet. and download Malwarebytes' Anti-Malware program.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish. MBAM will automatically start and you will be asked to update the program
before performing a scan. If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
Well sir,

I followed your steps to delete autorun.inf and I found something strange:

http://speedy.sh/nFsYr/Capture.PNG

In this picture I want to draw your attention towards the commands under drive F: and G:

Both say the AUTORUN.inf access is denied.

Could this be the problem?

I also want to tell you that F: is my CD ROM drive and G: is a drive that is created by a software called Daemon Tools. This mounts images and helps making copying of CDs. Kindly look into this matter and guide me if this was just me or is there something wrong in these drives.
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,163
Hi

Have you deleted:

G:\Razor1911\The_Sims_3_Keygen.exe ?
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,163
1. Open my computer

2. Go to tools, folder options

3. Select "show hidden files"

4. Uncheck "show system files"

5. Go to each drive by right clicking Explore only. DO NOT double click drives.

6. Delete the file with the name "autorun.inf"

7. Restart computer
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
Well sir,

I found out that there were folders with the name of Autorun.inf in each drive and contained a file named "lpt1.UsbFix" . When I tried to delete this folder it asked for administrator permission. After permitting, the folders deleting progress got completed but the folder is still there in each drive.

:/
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,163
I will transfer that case to a good friend of mine. He has more expertise than I on removing autorun. His user name is jack4rall.

P.S. I told you they were present in F and G.
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020

Hello,

Thank you my friend "Ambucias".

Try this 1

The "Autorun.inf" folders are created by the USBFIX application in all the drives.

The reason behind this is to stop the malicious autorun.inf file from getting copied

itself to the drives. With the existing of the "Autorun.inf" folder, there is a less

chance for the autorun.inf file with code of running malicious application to exist

in the drive. At the end of performing the operation by clicking on the "Deletion"

button in the USBFIX, you should have noticed a a log file. At the end of that log

file it will mention that it had created a "Autorun.inf" folders in all the drives. The

log file will be saved in your C drive. In case you want to remove it then enter the

below commands.

Here I assume you drive letter as "F". The text with bold letters

are the commands.

F:\> attrib -r -s -h autorun.inf ---> Press Enter.

This will remove the read-only, system and hidden attributes from the folder.

F:\>del autorun.inf --> Press Enter.

When it prompts for confirmation, press "Y" key and press "Enter".

This will delete all the files within the folder.

F:\>rd autorun.inf ---> Press Enter.

This will remove the directory "Autorun.inf".

Repeat the above commands for the remaining drives also.

Good Luck.
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
Well thank you Ambucias and jack4rall for the help.

I followed your steps jack4rall but the autorun.inf folder didn't get deleted. I also tried to transfer files but still no progress. :/

Kindly help :)
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020

Hello,
Let me know the error message when you are trying to delete it manually.
Good Luck.
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
Well, sir I am not getting any error message as such. It just shows the deletion progress bar completed and still the file remains.

Moreover, I somehow think that this not the thing that is causing the problem :/

Also I wanted to draw your attention to the fact that my windows clock also doesn't work properly :)

Kindly help.
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
Sir??? Any further help>? would be much appreciated...
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
No sir, none of your solutions worked :/

I am still having the same problems in both the cases...
Posts
35445
Registration date
Wednesday December 17, 2008
Status
Security contributor
Last seen
May 5, 2017

Sir,

Have you tried that solution ? https://ccm.net/forum/affich-681277-copying-usb-problem#21
This is a simple solution for remove the "Autorun.inf" folders created by USBFIX ...

Cordially,

Juju666 - Security Contributor
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020

Hello chinmayathebest,
Try this 1
Follow the instructions given by Juju666.
Regarding the date and time, double-click on the time at the bottom-right --> "Date and Time Properties" will be opened --> Click on the "Time Zone" tab and select GMT +5:30 Chennai ...
since you are from INDIA and then click on "Internet Time" and check the check box "Automatically synchronize with internet time server".
Good Luck
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
No sir jack4all your solution doesn't work... :/
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020

Hello,
Try this 1
Open the Date and Time Properties window this time go to Internet Time, uncheck the check box "Automatically synchronize with internet time server" --> Set the correct date and time --> Click on OK.
Good Luck
Posts
35445
Registration date
Wednesday December 17, 2008
Status
Security contributor
Last seen
May 5, 2017

Hi all,

For remove the vaccination use this tool : Make Kill Vaccin by El_Desaparecido.

This tool remove the vaccination created by USBFix

Run this, plug in all of your usb devices and click "Supprimer la vaccination"
Look this : http://speedy.sh/zJysp/MKV.PNG

Please be patient, I'm french. Thx :)

Cordially,

Juju666 - Security Contributor
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
Thank you juju666 for the solution. I am sorry to inform you that it didn't help me as I am still having problems while copying files and also the Autorun.inf folder is now not accessible.

Well I also want to ask you to rather concentrate on the transfer problem instead of the vaccine folder.

Kind Regards

Chinmaya
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020

Greetings,
Please do let us know the complete error message and the issue you are having in brief to you help further.
Regards
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
jack4all, when I try to transfer a file the Windows copy bar opens up but it remains 0% and the "Time Remaining" remains "Calculating..."

For a clearer view:

http://speedy.sh/b4z9H/Problem.jpg

Kindly help :)
Posts
35445
Registration date
Wednesday December 17, 2008
Status
Security contributor
Last seen
May 5, 2017

Greeting,
I don't understand why "MKV" does not work...
I'll ask the designer.
For your problem of copy, is the original Windows copier tool ?
Cordially
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020

Hello,
Try this 1
While copying your files check your CPU & RAM usage in the Task Manager.
Try to repair the Windows. Follow the below steps since you are using a Windows 8.
1)When the "Start" window appears with the tile icons, Press "Windows Key" + F key for the search option. Another way is to place the mouse pointer at the top-right corner. You can see a small "Zoom Icon" tool, click on it.
2) In the "Search" box, type advance and select the option "Settings".
3) Now select the option "Advanced Startup Options" at the left.
4) When "PC Settings" window appears, at the left side, scroll down for the "Advanced Startup" option and click on "Restart Now" button.
5) When the "Choose an option" window appears, select the option "Troubleshoot".
6) When the "Troubleshoot" window appears, select the option "Advanced Option".
7) When the "Advanced Option" window appears, select the option "Automatic Repair".
8) Now the "Preaparing Automatic Repair" message will appears and after that it will prompt you to choose your "User account" and to enter the password.
9) Then a message "Diagnosing your PC" will appear and wait for the process to get
completed.

Regarding date and time, are you sure that the time zone is set according to your location. Let me know when the time is getting change? Will the location of time zone is same even after and before the changes made. Let me know when the problem had started. Did you made any changes before having a copying and Date & Time changing problem ?

Good Luck
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
I tried your solution sir jack4all but the Automatic Repair failed with a log (download link below).

P.S. I have already reinstalled and installed new windows many times after the failure but still no benefit. So maybe it isn't in the windows.

@juju666 I am sorry I did not understand the last sentence you wrote.

http://speedy.sh/RANAg/SrtTrail.txt (log download link)

Kind Regards

Chinmaya
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
Guess u haven't lost the link to the problem again, sir...
Posts
28
Registration date
Wednesday November 28, 2012
Status
Member
Last seen
February 21, 2013
2
Dear Sir(s),

Many people have suggested me to COMPLETELY format my hard disk and then install fresh Windows.

What do you have to say about this.. ?? Will it solve my problem.. ??

Or have you got a better solution.

P.S. Kindly keep in mind that I will suffer a lot of data loss while formatting my HDD. If you have a better solution kindly let me know.

Warm Regards

Chinmaya