Not seeing the disc in the drive

Status
Not open for further replies.
J

Josh_Ross

Posts: 14   +0
hi, i am running windows xp home. lately i have realized i cant access my disc drive when there is a disc in it. it is hooked up properly and i am 90% sure its a virus or malware. ex: i will double click on the drive to play the game (the drive has the icon of the game that is in the drive) it says to make sure the play disc is inserted. it is inserted and its in the correct drive, what should i run to get rid of a problem like this. i will have an attatchment file of Hijack this if that will help you.
 
I have moved your thread to the correct forum.

Your system is infected with quite a few nasties.

You`re not running any antivirus or firewall software, this is very foolish and a huge security risk.

Please follow all the instructions below.

Download and install the free AVG antivirus programme and either the free Zonealarm or Kerio firewall programmes. You can get them HERE, HERE and HERE.

Install whichever firewall you chose, followed by AVG and reboot your system the required number of times. Run the AVG updates.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run a full system scan with AVG and delete whatever it finds. This includes anything in the virus vault.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Then, go HERE and follow all the instructions exactly.

Post fresh HJT and Ewido logs as attachments into this thread, only after doing the above.

Regards Howard :)

This thread is for the use of Josh_Ross only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
ill work on that

Ill, get to work on that it seems like a lot to do lol, umm when i run windows defender i have been comming up with this as a warning. CmdLineCM it says its a high priority iv gotten rid of it before and i looked online about it its from diablo 2, which i have started playing. some people have suggested placing a dumby file, some people think that its a place that malware can stay even if its a dumby file. should i be worrried abot this... is this part of my problem. i do think i have a firewall but im going to install those other programs do what i can
 
Just follow the instructions, then post the logs I asked for.

Don`t delete anything, unless specifically requested to do so.

Regards Howard :)
 
i scanned with both..

the avg file wont upload, it found like... 7 virus's i think it was the same one it just recreated itself or placed itself in different places it originated in, C:\\WINDOWS\system32\ntps.exe i think
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Print Spooler Service (SpoolSvc227)
Time Service (Time)
Microsoft Net API (NETAPI)

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

cjnr4r4qboak.exe
dior4f4kwgpzj.exe
ntps.exe
oxuibl.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [Norton] C:\WINDOWS\system32\oxuibl.exe

O23 - Service: Microsoft Net API (NETAPI) - Unknown owner - C:\WINDOWS\system32\ntps.exe (file missing)

O23 - Service: Print Spooler Service (SpoolSvc227) - Unknown owner - C:\WINDOWS\system32\dior4f4kwgpzj.exe

O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS\system32\cjnr4r4qboak.exe (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\cjnr4r4qboak.exe
C:\WINDOWS\system32\dior4f4kwgpzj.exe
C:\WINDOWS\system32\ntps.exe
C:\WINDOWS\system32\oxuibl.exe

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Now, go HERE and follow the Instructions exactly, this time.

Post fresh HJT and Ewido logs, only after doing the above.

Regards Howard :)

This thread is for the use of Josh_Ross only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
finnaly done

i did everything that you said, when i was deleting files in the system 32 file. i couldnt fine the cjnr4r4qboak.exe but the thing u posted said only if there, also the ntps.exe i didnt find in that spot but i searched it and one thing came up and it was located in C:WINDOWS\Prefetch, do you think thats ok? the two logs are attatched i think that is what you wanted
 
The dodgy services are still there.

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Print Spooler Service
Time Service
Microsoft Net API

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ntps.exe
dior4f4kwgpzj.exe
cjnr4r4qboak.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O23 - Service: Microsoft Net API (NETAPI) - Unknown owner - C:\WINDOWS\system32\ntps.exe (file missing)

O23 - Service: Print Spooler Service (SpoolSvc227) - Unknown owner - C:\WINDOWS\system32\dior4f4kwgpzj.exe (file missing)

O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS\system32\cjnr4r4qboak.exe (file missing)

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

These are the filepaths you need to enter into killbox.

C:\WINDOWS\system32\cjnr4r4qboak.exe
C:\WINDOWS\system32\dior4f4kwgpzj.exe
C:\WINDOWS\system32\ntps.exe

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard :)

This thread is for the use of Josh_Ross only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
going good i guess

ok i did all of that but the only thing that i really did was disable the three things, on hijack this the three things that you sujected to get rid of wasnt there, and for that killer program i typed in the adress's and it said that there wasnt a file there.. maybe thats good i dunno.
 
That`s great, your HJT log is now clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Josh_Ross only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Installing the PlayStation 5 Slim disc drive requires an internet connection
Replies
17
Views
630
Puiu
Puiu
Daniel Sims
DVD-like optical disc could store 1.6 petabits (or 200 terabytes) on 100 layers
2 3
Replies
60
Views
1K
johnsonlam.hk
johnsonlam.hk
Daniel Sims
Swapping PS5 Slim disc drives is easy, partially addressing online DRM concerns
Replies
2
Views
384
EdmondRC
E

Latest posts

Back