CD-Rom open/close automaticly

[AbdullahSas]

Since a few days the CD-Rom open/close automaticly. I think it should be a malware which cause this Problem.

HiJackThis.log

[Sandor-Helper]

Hi and welcome!
Thank you for the log.
If you need our assistance:

Read carefully: How to make a request for help in the PC cure section

Attach 'Collection-[Date].zip' log created by AutoLogger

Please, note that only members of VIRUSNET-Association are allowed to respond in PC cure topics.
Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge at our free time. If you found our help useful, you can thank us with any amount using this form or you can leave a feedback in Guestbook.

[AbdullahSas]

Hey, thank you.

i really don't know what's the cause of this problem but i think it's a malware. The CD-Rom open and close all the time. Sometimes it do a break of a few minutes but then it's starting again. I dont know how the malware was transfer to my PC.

CollectionLog-2020.03.16-23.35.zip

[Sandor-Helper]

You have several antivirus systems installed:

Avast Free Antivirus
AVG 2014
ByteFence Anti-Malware
McAfee Security Scan Plus
McAfee WebAdvisor

One is enough, other should be uninstalled.

Also uninstall these PUP:

Bing Search Engine
Search the Web (Yahoo)
Super PC Cleaner
System Healer
WebBar Toolbar 6.0.6626.25473
WinZip Driver Updater
WinZip Malware Protector

Fix in HijackThis:
O1 - Hosts: Reset contents to default

Restart PC manually get and attach new CollectionLog using Autologger.

Additionally:
Download AdwCleaner (by Malwarebytes) and save it to Desktop.
Run (it should be run by right-clicking as Administrator), press "Scan" and wait.
At the end of the scan log will be found at:
C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt (where x is any digit).
Attach it to your next post here.

[AbdullahSas]

thank you for help, but the CD-Rom doesn't stop. And i can't uninstall Bing Search Engine, the other ones are uninstalled.

Collection-Log:

CollectionLog-2020.03.17-18.20.zip

AdwCleaner:

AdwCleaner[S01].txt

[Sandor-Helper]

Bing Search try to force uninstall via Geek Uninstaller.

After that:
Run again AdwCleaner (by Malwarebytes) (it should be run by right-clicking as Administrator).
Go to Settings and switch on:

Reset IE policies
Reset Chrome policies

Go to Dashboard, press Scan and after scan ends press Quarantine.
System should be restarted.
After restart log will be found at:
C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt (where x is any digit).
Attach it to your next post here.

Next:
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
• Please attach the logs back here.

[AbdullahSas]

Bing Search is uninstalled.

AdwCleaner:

AdwCleaner[C01].txt

Farbar Recovery Scan:

Addition.txt
FRST.txt

[Sandor-Helper]

Temporarily turn off any antivirus.
Highlight following code:

Start::
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
GroupPolicy: Beschränkung ? <==== ACHTUNG
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
Task: {91C10440-5D18-4F6D-B38B-28FD7DA7292C} - System32\Tasks\{646068FB-D3CB-DF50-92E8-90621D287C20} => C:\ProgramData\{CA729963-7DD9-2EC8-5850-40C6D1C3B5ED}\D567EEB9-62CC-5912-3017-FB4ABA6CEA47.exe <==== ACHTUNG
Task: {A96D5C7F-45EC-4B44-80A3-3F25A9D5D672} - System32\Tasks\Yahoo! Powered lenim => C:\Windows\system32\wscript.exe "C:\ProgramData\{75D4B0B7-FF96-3A71-7950-A433E3122FFD}\dela.txt" "68747470733a2f2f643277763764656e63316a78397a2e636c6f756466726f6e742e6e6574" "//B" "//E:jscript" "--IsErIk" <==== ACHTUNG
Task: C:\WINDOWS\Tasks\Yahoo! Powered lenim.job => C:\Windows\system32\wscript.ex C:\ProgramData\{75D4B0B7-FF96-3A71-7950-A433E3122FFD}\dela.txt <==== ACHTUNG
FF Extension: (Kein Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [nicht gefunden]
CHR DefaultSearchURL: Default -> hxxp://www.go-setting.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> go setting
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKU\S-1-5-21-3103351866-3898477058-3980457425-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKU\S-1-5-21-3103351866-3898477058-3980457425-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
S2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [X]
AlternateDataStreams: C:\Users\Ali\Desktop\havva unterschrift.jpeg:�3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Ali\Desktop\havva unterschrift.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Ali\Desktop\sema Zeugnis 1 Halbjahr HTS.jpeg:�3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Ali\Desktop\sema Zeugnis 1 Halbjahr HTS.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Ali\Desktop\Sema Zeugnis 1 und 2 Halbjahr HTS.jpeg:�3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Ali\Desktop\Sema Zeugnis 1 und 2 Halbjahr HTS.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Ali\Desktop\Sema Zeugnis 1 und 2 Halbjar BBS3.jpeg:�3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Ali\Desktop\Sema Zeugnis 1 und 2 Halbjar BBS3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Ali\Desktop\sema Zeugnis BBS3 1 Halbjar.jpeg:�3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Ali\Desktop\sema Zeugnis BBS3 1 Halbjar.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Ali\Downloads\1.jpeg:�3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Ali\Downloads\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Ali\Downloads\12.jpeg:�3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Ali\Downloads\12.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [470]
EmptyTemp:
Reboot:
End::

Copy highlighted text (right click - Copy).
Run FRST (FRST64) as Administrator.
Press Fix button once and wait. Program will create (Fixlog.txt). Attach it to the next post.

PC will reboot.

[AbdullahSas]

FRS fixlog :
Fixlog.txt

[Sandor-Helper]

Is the problem still exist?

[AbdullahSas]

Yes the problem is still exist

[Sandor-Helper]

You should check CD-Rom's cable connections or as ideal clue - try to connect another one known good CD-Rom. Tell us result please.

[AbdullahSas]

After disconnect the sata connection of CD-Rom and mainboard the problem was still there so I disconnect the power cable too. I haven't another CD-Rom so I can't try it with an other CD-Rom.

thank you for your help

[AbdullahSas]

I close the issue by mistake

[dragokas]

Sorry for late reply.
We think that your problem related to the malfunction of CD-ROM device itself.
For a temprorary walkaround, you can try use CD-ROM locker software such as:
https://sourceforge.net/projects/lockcd/

Good luck!
Do you have any additional questions?

[dragokas]

Closed.
Reason: no answer for 10 days.

You can re-open case if you have any news.