Issues

[guestolo]

When your inserting the SD Cards, does the computer freeze right away
Or when you try to open them through MyComputer?

[Everlasting Death]

only when I try to open it through my computer

[guestolo]

Do you still have Flash_Disinfector?

[Everlasting Death]

yes, i do

[guestolo]

Close down ALL open windows, this includes MyComputer

Ensure that Flash_Disinfector.exe is on your desktop

Right click on Avast icon by the clock and Stop On Access Protections

Insert one of your Flash cards into the computer
But DO NOT try to open it through my Computer
Leave all windows closed

    *  Double on Flash_Disinfector.exe to run it. If you receive a prompt, please allow it.
    *At the prompt to insert any Flash drives, just skip it, you already have one inserted
        * Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
    * When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
    * Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Let me know if that works

[Everlasting Death]

I still have SDFix up and stalled...do u want me to exit and do Flash disinfecter?

[guestolo]

See if SDFix will run to completion,
When we're running any of these tools they should be run uninterrupted from other tools and Security software

[Everlasting Death]

here is the SDFix report, now I will do flash_disinfector

SDFix: Version 1.240
Run by James on Mon 12/15/2008 at 09:54 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\James\LOCALS~1\Temp\tmp21.tmp - Deleted





Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 22:40:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Rapid PHP 2007\\rapidphp.exe"="C:\\Program Files\\Rapid PHP 2007\\rapidphp.exe:*:Enabled:Rapid PHP 2007"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Mozilla Firefox 3 Beta 1\\firefox.exe"="C:\\Program Files\\Mozilla Firefox 3 Beta 1\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(tm) Platform SE binary"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"="C:\\Program Files\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War(tm)"
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty® - World at War(tm)"
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"="C:\\Program Files\\Java\\jre6\\bin\\java.exe:*:Enabled:Java(tm) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 13 Apr 2008     1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 13 Apr 2008        60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Fri  9 Nov 2007         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon  1 Oct 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

Flash Disinfecter appears to have done nothing

[guestolo]

Flash Disinfecter appears to have done nothing

What do you mean by that?

It won't be a long fix
What exactly did it do?

[Everlasting Death]

it did it's process, I got the done screen, i hit ok and the SD still freezes

and looking on the SD card on another computer, there is no autorun.inf folder

also, I changed the DNS server and the internet is working now

[guestolo]

Autorun.inf is a hidden folder, you would have to properly set Windows to show hidden files/folders
When you inserted the flash drive in another computer
Can you scan it with an updated virus scanner

[Everlasting Death]

i have set it to show hidden files/folders and i can try to virus scan it, is avast ok?

[guestolo]

You would have to set to hide hidden files/folders
and unhide Protected operating system files

Why not just scan the whole flash drive?
I'm not even sure what your doing right now
Which computer do you have this flash drive put in?

Scan it and get back to me

[Everlasting Death]

I have the SD card in an external card reader in the infected computer and am scanning it currently with Avast, the internal card reader will freeze, but the external one will not. I can see the autorun.inf folder on my C drive but not on the SD card

[guestolo]

Did you virus scan the whole flash drive?
What was the results??

[Everlasting Death]

I did scan the whole thing, and it came up with nothing

[guestolo]

Ensure that
Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Now, with the Flash card in the external drive
Run Flash_Disinfector.exe again
Afterwards, when you open your Flash drive thru MyComputer
You should see the Auto.inf folder
Inside that folder, you should see a file created by Flash Disinfector, leave the folder/file alone
It will help from future infections
Remove that flash card, insert another and again run Flash_Disinfector

Besides the Autorun.inf folder we're creating, do you see any other files on the Flash drives with autorun.inf names?
Ensure to Scan each drive with Avast, ensure avast is right up to date

[Everlasting Death]

both cards have the autorun.inf folder and no other autorun.inf files, and no viruses were picked up by avast

[guestolo]

How long have you had Nero installed for Drive Image support?

[Everlasting Death]

I've had it installed for quite a while, couple years or so, but only started using it within the past month. The drives are currently disabled.