Jump to content

Sneaky Vcd Infected My Computer


The Coder

Recommended Posts

I picked out a VCD movie at 7/11 and it has turned into a nightmare. As usual, I went to play it in the computer which has TV out. To my astonishment, the act of plugging in the VCD automatically installed some very nasty programs without asking me (5MB autorun.exe file). Worse yet, I can't get rid of them. It installed some sort of copy protection programs and runs something called VLC Media Player to play it. You cannot use Windows media player or anything else to play the VCD as it fails. And if you so much as browse into a folder on the VCD, poof!, the window is instantly killed. This trojan stuff has been a real problem because it has caused my computer just within the few hours after to have system restart hangups, a random blue screen, and is constantly hammering the crap out of the DVD drive with commands, chewing up battery life and CPU power regardless if there is a disc in the drive or not; I calculated it is bombarding it with over 1 million commands every day. I am running XP SP2. Anyone have any idea how I can get rid of all the stuff it installed? There is nothing new in add/remove programs, if I press ctrl+alt+delete there is no other applications listed running, and restarting doesn't help.

Link to comment
Share on other sites

I can't help you remove the problem software but might I suggest you use gpedit.msc to turn off Autoplay on all drives when you've sorted your problems out.

Link to comment
Share on other sites

hi'

you have been hijacked :D

do you scan for virus when insert anything in your machine that comes from outside? blame yourself :o

basicaly, it must be a video viewer, loaded with a load of crap ...

media player disabled and so on ...

restart in safe mode as an admin and uninstall this viewer that should be in the list of installed progs in the control panel section.

if not, it must be in prog files on C drive, delete and then search in the registry for it's name or company name, note all this once you find the culprit!

and search ... can take a little time, depends how many times this sh1t replicated itself ...

otherway, more simple but... , use system restore to go back to the day before you bought this video.

this is valid if the system restore was on before all this happened.

francois

Link to comment
Share on other sites

Simple solution:

Simply restore your machine from the backup that you took last weekend.

You do take backups, don't you?

I make regular backups using the XP backup utility. I fail to see how restoring my files is going to wipe away any of the new stuff that got installed.

I determined this is not the Sony XCP copy protection as I ran the uninstaller for that, but it said it was not present. Given the ridiculous quality, it would seem thai's decided to make their own cheap clone of this type technology.

Link to comment
Share on other sites

You tried microsoft's malicious software removal tool?

Zonealarm Pro stops this sort of thing and so would many anti-spyware programs who guard against registry changes.

Follow Francois' advice, in safe mode this program's protection will be disabled.

cv

Link to comment
Share on other sites

hi'

you have been hijacked :D

do you scan for virus when insert anything in your machine that comes from outside? blame yourself :D

basicaly, it must be a video viewer, loaded with a load of crap ...

media player disabled and so on ...

I'll agree with you that he's got some sort of malware but VLC is not likely to be the source of his problems. VLC is a widely respected media player. It runs on multiple operating systems (including Linux, OS X and BSD) and you can even get the source code :o

Also I suspect that media player hasn't been 'disabled but the associations have been changed.

Link to comment
Share on other sites

I had a similar problm a couple of months ago but system restore was not able to remove it. For some reason the malicious files remain even after performing a system restore.

Go to ewido .net and download Ewido security suite. It did the trick for me.

If I remember correctly you may have to disable System restore to remove malicious files such such as you have.

Good luck.

Link to comment
Share on other sites

VLC is a fine little program, and is used because it includes all its own codecs - meaning that the program should be able to open just about anything without you having to connect to the internet.

I find it ironic that VCD suppliers in Thailand worry about copyright - I bet it was a Thai movie and not a hollywood one.

Best way of removal is to go to

http://www.trendmicro.com/en/home/global/enterprise.htm

and run a virus and malware scan - it is free to do online, and anything that it picks up you can right click and if if cannot remove automatically, it will give you detailed instructions of how to reboot into safe mode, remove certain files, and then readjust your registry. It can take time though if it is particularly devious.

Link to comment
Share on other sites

Simple solution:

Simply restore your machine from the backup that you took last weekend.

You do take backups, don't you?

I make regular backups using the XP backup utility. I fail to see how restoring my files is going to wipe away any of the new stuff that got installed.

I determined this is not the Sony XCP copy protection as I ran the uninstaller for that, but it said it was not present. Given the ridiculous quality, it would seem thai's decided to make their own cheap clone of this type technology.

Ah, then you don't really take backups....

And now you will have to pay the price.

Link to comment
Share on other sites

Simple solution:

Simply restore your machine from the backup that you took last weekend.

You do take backups, don't you?

I make regular backups using the XP backup utility. I fail to see how restoring my files is going to wipe away any of the new stuff that got installed.

I determined this is not the Sony XCP copy protection as I ran the uninstaller for that, but it said it was not present. Given the ridiculous quality, it would seem thai's decided to make their own cheap clone of this type technology.

Ah, then you don't really take backups....

Can you explain that please?

Link to comment
Share on other sites

  • 1 month later...

If the previous suggestions prove to be unsuccessful then maybe your computer has become "rooted" by something called a "rootkit". A rootkit is a piece of code, like a trojan, frequently used by a third party after gaining access to a computer. These bits of code are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge. A computer with a rootkit on it is called a rooted computer.

This term "rootkit" came to public awareness in the 2005 Sony CD copy protection controversy, in which Sony BMG music CDs placed a rootkit on Microsoft Windows PCs.

Try this to detect and remove your rootkit.

Rookit Detector

Link to comment
Share on other sites

He already wrote that he ran a remover and that wasn't it.

In anyway, trendmicros online-scan 'housecall' will do the trick...

No. He said that he ran the uninstaller for Sony XCP copy protection. This is a small piece of software dedicated to this particular rootkit. "Housecall" might identify the problem and it might be able to remove it but, on the other hand, it might not. Rootkits are very subtle and pernicious bits of code and some experts believe that the only way to rid a PC of these insidious things is to reformat. Sounds drastic doesn't it?

Link to comment
Share on other sites

Anyway, let's hope that "Housecall" does the trick. If it doesn't then he could download a smart piece of software called "Blacklight Rootkit Eliminator" available from the F-Secure Corporation Website. I've attached a capture of the installation start.

post-3503-1140483346_thumb.jpg

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...