PDA

View Full Version : Do recovery partitions usually have autorun.inf files in them?



Speedy Gonzales
01-12-2008, 11:34 PM
I'm helping jbmcgee in here, (remotely with teamviewer), with his/her prob (trying to get HDMI audio to work) and not getting far lol

I did a scan with trojan remover and its picked up info.exe and autorun.inf, which it detects as suspicious

Ive left both there for now, just in case they need to restore it or make a cd/dvd (and both maybe needed)

Any ideas guys / gals?

I wouldnt have a clue, I've never had to use a recovery partition

Blam
02-12-2008, 01:17 AM
Open the autorun.inf file in notepad and copy and paste here.
Sometimes they can get infected but once you open it with notepad you can see clearly what it is.

Speedy Gonzales
02-12-2008, 07:47 AM
I tried that trick, but all it did, was bring up a window saying warning. It was the recovery partition and changing things (in other words) could screw things up

And no matter what I did it didnt change / or open (the partition). So, I cant see whats in the autorun.inf file

nofam
02-12-2008, 08:13 AM
How about booting from an Ubuntu boot cd so the recovery partition isn't mounted? You should be able to open it from within that?

Speedy Gonzales
02-12-2008, 08:32 AM
They could try, they'll have to download it first.

The main prob at the mo, is trying to get the ATI HDMI Audio drivers to work!

The drivers that they've installed SHOULD work (well the drivers install the HDMI Audio drivers on this).

Only diff is, this PC has Realtek HD Audio, theirs is AC97.

So, I dont know if thats why HDMI Audio isnt working (because their system is AC97, not HD Audio)

Chilling_Silence
02-12-2008, 09:15 AM
No they dont usually from what Ive seen on Acer / HP / Asus machines... that said Ive never looked terribly hard to try and find them, but still... ;)

Speedy Gonzales
02-12-2008, 09:23 AM
Hmm ok this is a Emachines AMD system.

I'll check the specs once he/she comes back online.

I downloaded SP3 for it last night (Its got XP Home on it).

I did a check with the VB script, (thats checks if its affected / checks the Intelppm entry in the registry, it was fine).

It was disabled. This was confirmed, when jbmcgee did get back into XP, after SP3 had finished installing

I dont know where (or how) trojan remover picked autorun.inf up.

It wasnt from the partition itself. (I didnt scan the partition itself).

It was calling it (autorun.inf), from somewhere in the registry

blanco
02-12-2008, 09:59 AM
Speedy, auto.inf is the virus which caused me so much
hassle for the past few weeks. It hijacked my PC and
messed up IE7, Backup/Restore and all updates. Thanks to
your support, I have returned all to normal by following your
instructions re HJT log and by deleting a corrupt reg file which
contained no User Value (Vista) You have to blow the bastard
to Kingdom Come - Get Rid Of It !
If you Google auto.inf you will see how many people worldwide
are in trouble because of it and some advice.

Speedy Gonzales
02-12-2008, 10:05 AM
Yup thats what I was thinking.

BUT since its in a recovery partition (which I cant open right now, it wont let me)!

I cant see whats in it, and if I remove it and info.exe using trojan remover.

If this person uses it (to make a cd / dvd, it may not work)

blanco
02-12-2008, 10:29 AM
Why can you not open the the recovery partition - probably D ?
Normally, you could explore this. Have you been to regedit and
looked at what's contained ?

Speedy Gonzales
02-12-2008, 11:37 AM
Why can you not open the the recovery partition -

probably D ?

Normally, you could explore this. Have you been to regedit and
looked at what's contained ?

If I knew that I wouldnt have asked :banana

Yup it is D, and no normally you cant explore a recovery partition. Since if you muck around with it, and you screw your system up, and you've changed something, it wont work. If you decide to restore your system

Nope havent been in the registry. Whatever is there is probably encrypted. So, wouldnt know what it says anyway

Chilling_Silence
02-12-2008, 12:12 PM
Could always try booting something like Damn Small Linux and mucking around with it like that? Its a 50MB download ...

blanco - Unforunately most recovery partitions cant be "explored" like regular partitions. 9 outta 10 home users probably wouldnt even know their PC HAS one for that matter ;)