Beware: Possible spyware, adware, virus (??) put on players
Hi all,
I was testing an MPx player for a friend of mine. It's a Sigmatel board player, Nano clone. Full details, firwmare etc... will be posted soon. However, I've just discovered something VERY interesting and would like to warn you all and see if you have this on your player. Here's what I did: 1. DISABLE autorun on my computer (I disable it all the time). You can do this with a registry hack. Have a look here: http://www.google.co.nz/search?sourc...run+in+windows 2. Plug the MPx player through the USB cable into my computer. 3. After auto detecting it, go the drive of your MPx player (usually labelled "Removable Disk"). 4. Make sure you have "Show hidden files and folders" ticked in Windows Explorer. You can do this by click on [Tools] then [Folder Options] from Windows Explorer. Click on the [View] tab at the top. Scroll down to where you see "Show hidden files and folders" and put a tick in there. 5. Once enabled, you will now see a folder called "RECYCLER". This usually points to your "Recycle Bin". 6. Right mouse click on the "autorun.inf" and choose "Open With" and NOT "Open" as you don't want to execute it. http://www.mympxplayer.com/images/po...gy_autoinf.png 7. Once open, my autorun.inf file looks like this: http://www.mympxplayer.com/images/po...y_autoinf2.png Now, if you look closely at the commands on the autorun.inf, it's instructing Windows to execute "autorun.exe" if you have autorun enabled. Unfortunately, I didn't have that file in the "RECYCLER" on the drive of the MPx player so I couldn't scan it for possible viruses/spyware/adware etc... But that looks very suspcious if you ask me..... If you all have time, try the steps I did and see if you have that on your player. Would be interested to know. |
Quote:
I've seen once a guy listed his c: drive in the file list of a driver disk. my driver disk what came with the player for example is totally empty.lmao. so I never really had a problem to execute any kinds of funny files lol |
hmm.. i dont understand what the virus/spyware is? is it the "autorun.exe' the virus?
|
passbyer,
An autorun.ini contains a set of instructions that are carried out when you access the drive. Like when you put a a DVD into your drive it will automatically start playing the DVD. This can sometimes be used to install viruses on your PC if the autorun.ini contains instructions to install a virus or spyware program when you plug your player. In this case the autorun.ini contained instructions to run the autorun.exe which was hidden in the recycler folder. Autorun.exe could have been a worm, virus , trojan or adware that would have been installed on your PC. |
hmmm.....well under a folder named "recycler" embedded 2 folders deep there is something suspicious about it, if a program was to be autorun usually it is in the root folder or one folder deep. A decent antivirus program, I use "Antivir", would tell you if it is a virus before it gets autorun or just run a scan on it as you have autorun disabled or......you could be a devil....and run it
|
thinking about it, having one of those would be quite desirable, because you could edit that to do whatever when you plug it in, for example save all contents of "my documents". I have tried for ages to get an mp3 player to autorun and only found that you need special ones made. Sounds like a plus point if its editable
|
Yep, that's the Virus I got, as I said earlier:
http://www.mympxplayer.com/viewtopic.php?t=985 It was easy to kill, not very dangerous when it infects your PC either. |
BEWARE!!! I just bought an infected player on eBay and it totally TRASHED two of my computers to the point where one is garbage and the on i'm on now is barely useable!!! My infected player is in a black box and is NO NAME. It reads "DIGITAL MP3/4 Audio Player" and it has a small yellow ribbon hanging off of it! BEWARE OF THESE PLAYERS!!!
|
Re: Beware: Possible spyware, adware, virus (??) put on play
Would it be possible that the person shipping these MP4 players out are updating the firmware, etc, with an infected computer?
|
camra88
That's a good point. I had the same thought the other day too. I think maybe they don't know their computer is infected as it's sitting in the "Recycler" instead and I've found the "autorun.exe" is not on all players, only some. To all, Another post which mentions about 'dodgy' software being installed from included cd's with MPx players. http://www.mympxplayer.com/viewtopic.php?p=3322 And another post: http://www.mympxplayer.com/viewtopic.php?t=1261 |
| All times are GMT -7. The time now is 4:11 pm. |
Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 RC 2