The Coder Posted December 30, 2005 Share Posted December 30, 2005 I picked out a VCD movie at 7/11 and it has turned into a nightmare. As usual, I went to play it in the computer which has TV out. To my astonishment, the act of plugging in the VCD automatically installed some very nasty programs without asking me (5MB autorun.exe file). Worse yet, I can't get rid of them. It installed some sort of copy protection programs and runs something called VLC Media Player to play it. You cannot use Windows media player or anything else to play the VCD as it fails. And if you so much as browse into a folder on the VCD, poof!, the window is instantly killed. This trojan stuff has been a real problem because it has caused my computer just within the few hours after to have system restart hangups, a random blue screen, and is constantly hammering the crap out of the DVD drive with commands, chewing up battery life and CPU power regardless if there is a disc in the drive or not; I calculated it is bombarding it with over 1 million commands every day. I am running XP SP2. Anyone have any idea how I can get rid of all the stuff it installed? There is nothing new in add/remove programs, if I press ctrl+alt+delete there is no other applications listed running, and restarting doesn't help. Link to comment Share on other sites More sharing options...
thaiflyer1 Posted December 30, 2005 Share Posted December 30, 2005 Can't help you much only to say VLC Media Player is a fairly standard media player..........nothing special there. Presumably by restarting you mean "system restore" do you? Link to comment Share on other sites More sharing options...
Guest endure Posted December 30, 2005 Share Posted December 30, 2005 I can't help you remove the problem software but might I suggest you use gpedit.msc to turn off Autoplay on all drives when you've sorted your problems out. Link to comment Share on other sites More sharing options...
francois Posted December 30, 2005 Share Posted December 30, 2005 hi' you have been hijacked do you scan for virus when insert anything in your machine that comes from outside? blame yourself basicaly, it must be a video viewer, loaded with a load of crap ... media player disabled and so on ... restart in safe mode as an admin and uninstall this viewer that should be in the list of installed progs in the control panel section. if not, it must be in prog files on C drive, delete and then search in the registry for it's name or company name, note all this once you find the culprit! and search ... can take a little time, depends how many times this sh1t replicated itself ... otherway, more simple but... , use system restore to go back to the day before you bought this video. this is valid if the system restore was on before all this happened. francois Link to comment Share on other sites More sharing options...
briley Posted December 30, 2005 Share Posted December 30, 2005 Has this anything to do with the Sony copy protection debacle? Is so the sony web site has some information, as has Microsoft, on how to remove it. Link to comment Share on other sites More sharing options...
TizMe Posted December 30, 2005 Share Posted December 30, 2005 Simple solution: Simply restore your machine from the backup that you took last weekend. You do take backups, don't you? Link to comment Share on other sites More sharing options...
The Coder Posted December 30, 2005 Author Share Posted December 30, 2005 Simple solution:Simply restore your machine from the backup that you took last weekend. You do take backups, don't you? <{POST_SNAPBACK}> I make regular backups using the XP backup utility. I fail to see how restoring my files is going to wipe away any of the new stuff that got installed. I determined this is not the Sony XCP copy protection as I ran the uninstaller for that, but it said it was not present. Given the ridiculous quality, it would seem thai's decided to make their own cheap clone of this type technology. Link to comment Share on other sites More sharing options...
cdnvic Posted December 30, 2005 Share Posted December 30, 2005 You tried microsoft's malicious software removal tool? Zonealarm Pro stops this sort of thing and so would many anti-spyware programs who guard against registry changes. Follow Francois' advice, in safe mode this program's protection will be disabled. cv Link to comment Share on other sites More sharing options...
Guest endure Posted December 30, 2005 Share Posted December 30, 2005 hi'you have been hijacked do you scan for virus when insert anything in your machine that comes from outside? blame yourself basicaly, it must be a video viewer, loaded with a load of crap ... media player disabled and so on ... <{POST_SNAPBACK}> I'll agree with you that he's got some sort of malware but VLC is not likely to be the source of his problems. VLC is a widely respected media player. It runs on multiple operating systems (including Linux, OS X and BSD) and you can even get the source code Also I suspect that media player hasn't been 'disabled but the associations have been changed. Link to comment Share on other sites More sharing options...
Guest endure Posted December 30, 2005 Share Posted December 30, 2005 Have your anti-virus or anti-spyware programs reported anything amiss? Link to comment Share on other sites More sharing options...
phuketsiam Posted December 30, 2005 Share Posted December 30, 2005 It could be that VLC has been altered, however if you have a restore point, running sytem restore should do the trick Link to comment Share on other sites More sharing options...
chang35baht Posted December 31, 2005 Share Posted December 31, 2005 I had a similar problm a couple of months ago but system restore was not able to remove it. For some reason the malicious files remain even after performing a system restore. Go to ewido .net and download Ewido security suite. It did the trick for me. If I remember correctly you may have to disable System restore to remove malicious files such such as you have. Good luck. Link to comment Share on other sites More sharing options...
Abandon Posted December 31, 2005 Share Posted December 31, 2005 VLC is a fine little program, and is used because it includes all its own codecs - meaning that the program should be able to open just about anything without you having to connect to the internet. I find it ironic that VCD suppliers in Thailand worry about copyright - I bet it was a Thai movie and not a hollywood one. Best way of removal is to go to http://www.trendmicro.com/en/home/global/enterprise.htm and run a virus and malware scan - it is free to do online, and anything that it picks up you can right click and if if cannot remove automatically, it will give you detailed instructions of how to reboot into safe mode, remove certain files, and then readjust your registry. It can take time though if it is particularly devious. Link to comment Share on other sites More sharing options...
TizMe Posted December 31, 2005 Share Posted December 31, 2005 Simple solution:Simply restore your machine from the backup that you took last weekend. You do take backups, don't you? I make regular backups using the XP backup utility. I fail to see how restoring my files is going to wipe away any of the new stuff that got installed. I determined this is not the Sony XCP copy protection as I ran the uninstaller for that, but it said it was not present. Given the ridiculous quality, it would seem thai's decided to make their own cheap clone of this type technology. Ah, then you don't really take backups.... And now you will have to pay the price. Link to comment Share on other sites More sharing options...
Guest endure Posted December 31, 2005 Share Posted December 31, 2005 Simple solution:Simply restore your machine from the backup that you took last weekend. You do take backups, don't you? <{POST_SNAPBACK}> I make regular backups using the XP backup utility. I fail to see how restoring my files is going to wipe away any of the new stuff that got installed. I determined this is not the Sony XCP copy protection as I ran the uninstaller for that, but it said it was not present. Given the ridiculous quality, it would seem thai's decided to make their own cheap clone of this type technology. <{POST_SNAPBACK}> Ah, then you don't really take backups.... <{POST_SNAPBACK}> Can you explain that please? Link to comment Share on other sites More sharing options...
TizMe Posted February 17, 2006 Share Posted February 17, 2006 Can you explain that please? This explains everything Link to comment Share on other sites More sharing options...
Artisan Posted February 20, 2006 Share Posted February 20, 2006 If the previous suggestions prove to be unsuccessful then maybe your computer has become "rooted" by something called a "rootkit". A rootkit is a piece of code, like a trojan, frequently used by a third party after gaining access to a computer. These bits of code are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge. A computer with a rootkit on it is called a rooted computer. This term "rootkit" came to public awareness in the 2005 Sony CD copy protection controversy, in which Sony BMG music CDs placed a rootkit on Microsoft Windows PCs. Try this to detect and remove your rootkit. Rookit Detector Link to comment Share on other sites More sharing options...
TAWP Posted February 20, 2006 Share Posted February 20, 2006 He already wrote that he ran a remover and that wasn't it. In anyway, trendmicros online-scan 'housecall' will do the trick... Link to comment Share on other sites More sharing options...
Artisan Posted February 20, 2006 Share Posted February 20, 2006 He already wrote that he ran a remover and that wasn't it.In anyway, trendmicros online-scan 'housecall' will do the trick... No. He said that he ran the uninstaller for Sony XCP copy protection. This is a small piece of software dedicated to this particular rootkit. "Housecall" might identify the problem and it might be able to remove it but, on the other hand, it might not. Rootkits are very subtle and pernicious bits of code and some experts believe that the only way to rid a PC of these insidious things is to reformat. Sounds drastic doesn't it? Link to comment Share on other sites More sharing options...
Artisan Posted February 21, 2006 Share Posted February 21, 2006 Anyway, let's hope that "Housecall" does the trick. If it doesn't then he could download a smart piece of software called "Blacklight Rootkit Eliminator" available from the F-Secure Corporation Website. I've attached a capture of the installation start. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now