Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Immunizing portable HDD

31 May 2015   #41
cottonball

Windows 7 Home Premium
 
 

gabe22,

Have you considered using UsbFix 2015 v7.946
Download > Download UsbFix - MajorGeeks
Save to the Desktop.

Next, please, temporarily disable your antivirus software so it does not interfere with the running of USBFix.

Now, right-click the downloaded USBFix file and select: Run as Administrator
At the main console of USBFix, press: Research

As requested, connect your external data sources to your PC (USB keys, external drives, etc…), turn any on if powered, but, do not open any of the connected devices.
Once ready, click: OK

When the scan is over, a report opens on the Desktop. It is also found at C:\UsbFix\Log\UsbFix...

Please post the USBFix [Research] report in your reply.


My System SpecsSystem Spec
.
01 Jun 2015   #42
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

@cottonball
Alright will do as soon the "Trend Micro Anti-Threat Toolkit" scan finishes, stareted lastnight .. at 75% right now lol ... slowest scan ever! ..

@ Callender
Will be running ukv scan as soon the anti-threat scan finishes ...

Also just asking whats the reason for adding geoPlugin to geolocate your visitors and geoplugin.net in host file? are they bad urls(as in maybe urls with infected files .. thats connected to some software running on my system maybe)
My System SpecsSystem Spec
01 Jun 2015   #43
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

Oh btw does anyone know if for instance I'm using Comodo IceDragon(firefox version) or Chromodo(chrome version) or maybe Comodo Dragon(chrome version) would have an impact on browser performance?

I already searched on google but I have yet to find a satisfying answer ... anyone here have experience using Comodo browsers, any of them?
My System SpecsSystem Spec
.

01 Jun 2015   #44
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Quote   Quote: Originally Posted by gabe22 View Post

Also just asking whats the reason for adding geoPlugin to geolocate your visitors and geoplugin.net in host file? are they bad urls(as in maybe urls with infected files .. thats connected to some software running on my system maybe)
According to Trend Micro that worm communicates with those domains.

Note   Note

Other Details
This worm accesses the following URL(s) to get the affected system's location:
Re: USBFix - that's the one that screwed up my registry yesterday. It auto deleted entries as soon as it was launched. Managed to fix it. If you ask me - I'd say backup reg first and use the "research option"
My System SpecsSystem Spec
01 Jun 2015   #45
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

@ Callender

Thanks for the host info and ya thanks again .. . I totally forgot about your previous post regarding usbfix which messedup your system .. I'm not anywhere close to you when it comes to these stuff ... so I suppose I'll be skipping that one.

And I'm really pissed off lol ... this "Trend Micro Anti-Threat Toolkit" still at: 79% ... this is probably slowest scanner I ever saw ... it progressed 4% in last 6hours .. OMG

My system is performing epically slow .. probably slowest ever .. cant do anything and probably stuck till another 12hours ... but I know I have let it finish .. but still ... grrr!
My System SpecsSystem Spec
01 Jun 2015   #46
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

Oh and in the mean time .. I have some questions, probably totally newbie questions .. so go easy on me ..

# I was told by a fried that laptop coolers with multiple fans are rather pointless as they usb ports offer 3.5v and thus using 1/2 or even 4 fans would basically mean they are all sharing the 3.5v ... which basically means 1 fan = faster 2 = bit slower and 4 = even slower but ultimately resulting in about same temperature reduction, is it true?
# Thermal pads, are they better at system temperature reduction than traditional laptop coolers?
# I have been wondering this for a while now, laptop parts are placed in a very confined space and thus heat is an issue .. and assuming almost all parts create some heat, does dvd drives create heat too(even if its 1/2 degree only)?

Also whats the top choices out there for Anti-rootkit software(free priority)? perhaps something better than malwarebytes anti-rootkit (that's the one I had on my system and .. well didn't do the job for me)
My System SpecsSystem Spec
01 Jun 2015   #47
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

If it's ben scanning that long an no threats shown as detected you can probably skip it.

Re: USBFIX

You just have to be careful when you run it to choose the "Research" button rather than let it auto clean anything.
My System SpecsSystem Spec
01 Jun 2015   #48
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

It found 14 threats so far .. should probably wait and see if it finds more in the remaining sections and also what it found so far ...
My System SpecsSystem Spec
01 Jun 2015   #49
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

I know that it's slow but it is a thorough scan. When it's finished you can actually ignore the browser window that opens and look at the results in the program window and decide what you need to remove. Was at work earlier. Will keep an eye on this thread later this evening. As for any suggestions by Cottonball or Jacee - they're pretty much the malware removal experts here and know far more about it than I do. (Plus decent fixes for problems that may remain after malware removal)

I would like to see a UVK scan report if possible as it may contain some useful info.

If you want to run the suggested USBFix then don't make the same mistake that I did. Just plug in your drives and choose the "research" button. Then you get a log of what was found and it doesn't remove anything that way. You can upload the log of "Found" items.
Immunizing portable HDD-usbfix.jpg
What it removed on my when I launched it - custom registry entries that I suppose it detected as non-standard! Had to replace them.

Code:
[HKEY_USERS\S-1-5-21-165181766-1597162493-719806621-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"DisallowRun"=dword:00000001

[HKEY_USERS\S-1-5-21-165181766-1597162493-719806621-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
"1"="SecurityScan_Release.exe"
"2"="apn stub.exe"
"3"="AdobeUpdater.exe"
"4"="CLUpdater.exe"
"5"="AdobeUpdater.dll"
"6"="AdobeUpdaterApp.dll"
"7"="mconduitinstaller.exe"
"8"="ieLogic.exe"
"9"="ExPromo.exe"
"10"="PhyDMACC.dll"
"11"="rkinstall.exe"
"12"="ocsetuphlp.dll"
and

Code:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apn stub.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Ask Toolbar1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\askbarsetup.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Ask Toolbar2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\babylon.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Babylon 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\babylonagent.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Babylon 2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\babylonTC.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Babylon 3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\babylontoolbarsrv.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Babylon Serv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmng.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Cltmng"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Conduit_AppsToolbarHelper.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Conduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieLogic.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:OpenCandy2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mconduitinstaller.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Conduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe]
"Debugger"="\"C:\\Program Files\\EmEditor\\EmEditor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OCSetupHlp.dll]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:OpenCandy 3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Offercast2802_DEMOTB_.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Ask Toolbar Installer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Toolbar1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Search_SpinToolbarHelper.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Toolbar2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Search_SpinToolbarHelper1.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Toolbar3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityScan_Release.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:McAfee Scan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinloadToolbarHelper1.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Toolbar4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmsoemon.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:MyWebSearch"
Re: Your question on cooling fans. Don't know much about it. For my old laptop I had a cooling stand for ventilation underneath. For my current laptop - it started running hot with no sign of data intensive tasks running. I took it apart and cleaned inside and around the vent and the fan. That helped for a while. Eventually I just replaced the fan and it's fine. When I did used to run data intensive apps I used a process manager that can throttle user defined processes and include or exclude any process to keep things a little cooler.


My System SpecsSystem Spec
01 Jun 2015   #50
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

The Scan just completed .. Screenshot attached:

I'm not sure what to fix/igonre ... I aonly understood the first one which is windows update (its set to manual) and 3rd one which is windows firewall disabled by Comodo I think ..
Also what are these Internet explorer start pages (multiple entries), its detecting desktop wallpaper as an issue ..


Attached Thumbnails
Immunizing portable HDD-trend1.jpg   Immunizing portable HDD-trend2.jpg  
My System SpecsSystem Spec
Reply

 Immunizing portable HDD




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Is a USB portable SSD viable?
I mean the speed that an SSD has is accessed through the SATA connexction, but having a portable SSD means using a ISB to connect, will the USB be a huge bottleneck, hugely slowing the transfere rate down?
Hardware & Devices
Are portable apps preferable, even for non-portable use ?
Some software publishers or authors offer both portable and installable versions of their products. (Kee Pass is one of them.) Is it advisable to systematically prefer the portable version, when running it from a fixed drive and not a thumb drive, according to the logic that if it's possible not...
Software
how to create a portable app?
I have an application that I want to make portable. It is free and I have. EXE for it. I also installed the PortableApps start and NSIS portable. I'm stuck in trying to create an application portable. I can not find any detailed instructions at all. I found bits and pieces here and there, but...
Virtualization
USB Win XP Portable
Has anybody make a successful Win XP Portable with a thumb drive? I have read many websites and "How To's" but to no avail... it is one of those things that I tell myself I must learn to do as it would make my life easier for those times when the computer has a virus or help a friend with a...
Installation & Setup
Immunizing Firefox with Spybot S&D
Since re-installing 7 ult x64 about two weeks ago (and, of course, along with it, all my applications), I've noticed that Spybot S&D no longer immunizes firefox (currently 3.6.2). When I update SS&D every Wednesday, and apply the new immunizations, it basically has to do all 13k of the items again...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 17:23.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App