Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Immunizing portable HDD

01 Jun 2015   #51
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Okay well it looks like it didn't find the problem. Those detections are all related to non standard settings changes. The only one that I think you should choose to fix is the ShowSuperHidden entry.

Acording to the link posted earlier that worm modifies the following:

Note   Note
modifies the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Advanced
ShowSuperHidden = "0"


So best to fix.

I'm pretty surpised by the results to be honest. Next step - upload UVK scan report. Check it first and remove anything relating to personal files that you don't want us to see. Or await instructions from Cottonball or Jacee.


My System SpecsSystem Spec
.
01 Jun 2015   #52
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

UKV scan finished, scan log attached.

BTW I noticed its display "Number of users: 2." .. but I always have had only 1 user .. so whats the other one?
Also It found "<File/Folder> | D:/\Skypee | 0 bytes | Directory" ... that directory isn't there.


** update, applied fixes in Trend.

@ cottonball

Just ran the USBFix scan and report attached.

It also found the following:

Found! D:\Skypee\AutoIt3.exe
Found! D:\Skypee

I'll try the following fix: WORM_IPPEDO.B - Threat Encyclopedia - Trend Micro USA suggested by Jacee soon


Attached Files
File Type: txt UVK - Ultra Virus Killer Log.txt (162.5 KB, 3 views)
File Type: txt UsbFix_Report.txt (4.1 KB, 2 views)
My System SpecsSystem Spec
01 Jun 2015   #53
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Try Start > Run then type netplwiz and press Enter. How many users shown. Maybe a guest account or hidden admin account is enabled?

Will look at UVK log and see if I can spot anything.

Re: Avast. Looks like you installed Comodo without fully removing Avast. You need to run the Avast removal tool in safe mode if you want to switch AV's.

Sometimes it's not possible to uninstall Avast the standard way - using the ADD/REMOVE PROGRAMS in control panel. In this case, you can use our uninstallation utility avastclear.

Re: USB fix - Well it found a couple of entries. Not sure what the removal process entails for that software. At the moment I's suggest only removing the entries marked "Found" - maybe wait for instructions.
My System SpecsSystem Spec
.

01 Jun 2015   #54
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Okay all I can find is in the attached Fix List. You know how to download it and run it - rename with .uvk extension and run the script in UVK.

When you've done that there are some manual checks to do.

UVK - Fix List.txt

Contents of file:

Code:
     ================ UVK - Ultra Virus Killer Fix List ================

<sDelete>
<File/Folder> | D:/\Skypee | 0 bytes | Directory



    ####################### End of UVK - Ultra Virus Killer Fix List. #######################


My System SpecsSystem Spec
01 Jun 2015   #55
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Check for these registry entries. If you find them report back if you are unsure on what to delete or how to delete.

before modifying your computer's registry.

In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Windows Update = "%System Root%\Google\Windowsupdate.lnk"
In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Windows Update = "%System Root%\Google\Windowsupdate.lnk"
In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
JavaUpdate = "%System Root%\Google\GoogleUpdate.lnk"
In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AdopeUpdate = "%System Root%\Google\GoogleUpdate.lnk"
In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
NewJavaInstall = "%System Root%\Google\AutoIt3.exe /AutoIt3ExecuteScript %System Root%\Google\googleupdate.a3x"
In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AdopeFlash = "%System Root%\Google\AutoIt3.exe /AutoIt3ExecuteScript %System Root%\Google\googleupdate.a3x"

Also check for this folder and report if found:

C:\Windows\Google
My System SpecsSystem Spec
01 Jun 2015   #56
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Will check back here tomorrow!
My System SpecsSystem Spec
01 Jun 2015   #57
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

I checked the users and it seems the window that shows up with netplwiz displays 2 users and when I checked under the user section from windows key > user icon ... it displays one active user but the guest is there ... probably by default .. inactive though ... screenshot attached

Does it means its detecting the inactive user or something else like another hidden admin maybe?

@
Callender
I tried finding those registries but so far no luck ... only thing close to it was ... please see screenshot attached.


Attached Thumbnails
Immunizing portable HDD-acc-2.jpg   Immunizing portable HDD-current_user_googleupdate.jpg  
My System SpecsSystem Spec
01 Jun 2015   #58
cottonball

Windows 7 Home Premium
 
 

gabe22,

Thanks for posting the UBFix Research report. I expected it to identify much more than what it did.

Let's go the following route and see what it shows. It is a very straight forward and user friendly program that should not take a very long time to run.

Please use the Farbar Recovery Scan Tool Download
Select the version that applies to your system: 64 bit
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens, click Yes to the disclaimer.
Press the Scan button.

When done, the tool makes a log, FRST.txt, in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply.

The first time the tool is run, it also creates another log: Addition.txt
Also post the Addition.txt in your reply.
My System SpecsSystem Spec
02 Jun 2015   #59
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Re: 2 users detected. Administrator and Guest Accounts detected sounds right but you can also easily check that out using "Quick User Manager" in UVK.

Re: Avast vs Comodo CIS.

I wonder if you mistakelnly installed Comodo CIS & Firewall insted of Comodo Cleaning Essentials? Or did you mean to replace Avast?

Comodo Cleaning Essentials (runs without install)

If you meant to replace Avast you need to remove it in safe mode using the Avast Unistall Tool as posted earlier or see the tutorial here on Seven Forums. Skip step 7 onwards if using the current version of Avast.

Avast - Uninstall Completely

If you mean to keep Comodo CIS & Firewall then you should reinstall it following the steps here:

How to Install Comodo Firewall | Gizmo's Freeware

Follow the guide to the letter and where appropriate - make your choices. Don't install GeekBuddy as it's a paid service.

If you mean to keep Avast then uninstall Comodo! There's no dedicated removal tool for that.

Re: UVK Scan.

Please upload another scan as I think settings were not configured correctly.

Step 1:

Right click UVK shortcut and choose "Run as administrator"

Step 2:

Click "Scan & Create Log

Step 3:

Select "None" so that all choices on the left hand side are cleared.

Step 4:

Check the boxes as shown:
Immunizing portable HDD-uvk-ultra-virus-killer-2.jpg
Step 5:

Copy and paste this into the file exts search box

.a3x|

paste it before the first entry.

Step 6:

Include other drives as you did before using the <Dir> command.

Run the scan and upload the results.

If Cottonball spots anything I'm sure that she will help you fix things!


My System SpecsSystem Spec
02 Jun 2015   #60
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

I'll take a look at your UVK scan if you choose to upload it. Other than that - I'll leave matters in Cottonball's hands.
My System SpecsSystem Spec
Reply

 Immunizing portable HDD




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Is a USB portable SSD viable?
I mean the speed that an SSD has is accessed through the SATA connexction, but having a portable SSD means using a ISB to connect, will the USB be a huge bottleneck, hugely slowing the transfere rate down?
Hardware & Devices
Are portable apps preferable, even for non-portable use ?
Some software publishers or authors offer both portable and installable versions of their products. (Kee Pass is one of them.) Is it advisable to systematically prefer the portable version, when running it from a fixed drive and not a thumb drive, according to the logic that if it's possible not...
Software
how to create a portable app?
I have an application that I want to make portable. It is free and I have. EXE for it. I also installed the PortableApps start and NSIS portable. I'm stuck in trying to create an application portable. I can not find any detailed instructions at all. I found bits and pieces here and there, but...
Virtualization
USB Win XP Portable
Has anybody make a successful Win XP Portable with a thumb drive? I have read many websites and "How To's" but to no avail... it is one of those things that I tell myself I must learn to do as it would make my life easier for those times when the computer has a virus or help a friend with a...
Installation & Setup
Immunizing Firefox with Spybot S&D
Since re-installing 7 ult x64 about two weeks ago (and, of course, along with it, all my applications), I've noticed that Spybot S&D no longer immunizes firefox (currently 3.6.2). When I update SS&D every Wednesday, and apply the new immunizations, it basically has to do all 13k of the items again...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:08.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App