Tech Support needed... USB stick loading has been disabled!!!

Hi everyone,

Does anybody know what "<insert specific drive letter>:\resycled\boot.com is not a valid Win32 application" means?

I know that I did something naughty and tried to get a keygen for some software... which turned out to be a file called "sexvid" when unzipped *cough*... which I did NOT install (I made **** sure I hit Cancel installation)...

This downloaded file was saved to my USB stick from the internet. Now whenever I insert a USB stick and try to click on the icon for it to open, I get the above message coming up. I can only see the files on the stick if I choose to "explore" it. It's really annoying that I can no longer click on the stick anymore.

Windows Defender detected a Trojan in my windows System folder (I know I should have a REAL anti-virus and security program but my Norton 2009 hasn't arrived in the post yet!)

Any ideas anyone? Has anybody ever come across that error message before, or a general disabling of the click-to-open?


EDIT: I've tried two other USB sticks and they won't open by clicking the USB stick icon either. Same error message.

 

Well you compromised your system... And you don't have an antivirus (Windows defender is an anti-spyware and does a shoddy job at being one)... Format and Reinstallation of Windows for you dear Lady...

 

You have a virus on the flash drive. Go to folder options, then check "show hidden files and folders" and uncheck "hide protected operating system files"

Right click autorun.inf and do edit. Any files referenced there will be on your flash drive. Delete those files, then delete autorun.inf.

Finally, get Avira anti-virus, it's free, and 100000000000 times better than Norton 2009 (Norton 2009 wins my award for worst anti virus of all time in fact!). Then run a full system scan.

Nah, cleaning viruses is a very simple thing to do if you know what you're doing. Hijack This + Process Explorer + CCleaner + Combofix + BDWebcan + Malwarebytes Anti-Malware + SUPERAntiSpyware are all the tools you need. There are more, those are the minimum IMO.

 

Well, you could try some free anti-virus programs ( reputable ones) such as Avast! and Avira while waiting for Norton to show up and see if one of them can fix the trojan. If not, wait till Norton shows up and see if it helps. If it can't and the free stuff can't either, it probably is time to reformat.

I'm guessing you opened this while your Windows was running and that's how it got infected? If not, you may want to format the USB drive from Explorer to wipe out everything on it.

 

Well, I guess you'll all be proud of me (I'm a girl and just trawled through my registry and deleted the stuff that was compromising my system).
I'm not used to editing system registry, and this is the online guide from somebody that I found at http://www.precisesecurity.com/blogs/2008/09/20/resycledbootcom/ that helped me remove this worm completely from both HDD and USB sticks (just to help anyone else that may end up with this):

"Majestyk October 15th, 2008 at 11:50 pm 25

Here’s the REAL way to clean this off your system. You should do these steps after a fresh reboot or in safe mode.

1) Navigate to the problem drive(s) via the Explore option.

2) Click on TOOLS -> FOLDER OPTIONS

3) Click the button which says ‘Show hidden files and folders.

4) UNCHECK the following boxes:
Hide extensions for known file types
Hide protected operrating system files

5) Find and delete the autorun.ini file and the resycled folder on the root directory of all affected drives.

6) Check “c:\windows\system32\dllcache” for boot.com file and delete it if present.

7) Check “c:\windows\prefetch” for boot.com file and delete if present.

8) Delete all files from c:\windows\temp
(Some files may not delete, that’s ok, they’re in use by the system and not virus files.)

9) Delete all files from c:\Documents and Settings\[USER PROFILE]\Local Settings\Temp
(Again, a couple files may not delete, don’t worry.)

10) Run Regedit

11) Make sure you are at the very first entry of the registry hive. (y Computer should be hilighted) then click EDIT -> FIND

12) Search for “boot.com”. If it finds an entry, delete it. Keep hitting F3 until you’ve deleted all instances of boot.com in the entire registry.

13) Scroll the left comumn back up to the top and hilight the My Computer again at the top of the registry hive.

14) Click Edit -> Find again and search for ‘resycled’ and repeat as in step 13, deleting the entries as it finds them. (I found 2 of each)

15) Close registry editor and try opening the infected drives. They should work now.
Worked for me at least. I ran NAV2008 2 times on it and it was able to find the files but unable to remove them for some reason. Doing this, seems to have completely resolved the issue for me.

Good luck!
-Maj"


Thanks for everyone's suggestions as I was desperately trying to fix things though. You're all extremely helpful.


+ Rep to all

 

I ran into the exact same file when I was trying to find printer drivers. Trojan was detected and my usb devises just shut out and quit working. =/ easiest fix was just to reformat.