Immunizing portable HDD

Page 5 of 9 FirstFirst ... 34567 ... LastLast

  1. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #41

    gabe22,

    Have you considered using UsbFix 2015 v7.946
    Download > Download UsbFix - MajorGeeks
    Save to the Desktop.

    Next, please, temporarily disable your antivirus software so it does not interfere with the running of USBFix.

    Now, right-click the downloaded USBFix file and select: Run as Administrator
    At the main console of USBFix, press: Research

    As requested, connect your external data sources to your PC (USB keys, external drives, etc…), turn any on if powered, but, do not open any of the connected devices.
    Once ready, click: OK

    When the scan is over, a report opens on the Desktop. It is also found at C:\UsbFix\Log\UsbFix...

    Please post the USBFix [Research] report in your reply.
      My Computer
    Quote Quote

  3. gabe22
    Posts : 146
    Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
    Thread Starter
       New #42

    @cottonball
    Alright will do as soon the "Trend Micro Anti-Threat Toolkit" scan finishes, stareted lastnight .. at 75% right now lol ... slowest scan ever! ..

    @ Callender
    Will be running ukv scan as soon the anti-threat scan finishes ...

    Also just asking whats the reason for adding geoPlugin to geolocate your visitors and geoplugin.net in host file? are they bad urls(as in maybe urls with infected files .. thats connected to some software running on my system maybe)
      My Computer
    Quote Quote

  4. gabe22
    Posts : 146
    Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
    Thread Starter
       New #43

    Oh btw does anyone know if for instance I'm using Comodo IceDragon(firefox version) or Chromodo(chrome version) or maybe Comodo Dragon(chrome version) would have an impact on browser performance?

    I already searched on google but I have yet to find a satisfying answer ... anyone here have experience using Comodo browsers, any of them?
      My Computer
    Quote Quote

  6. Callender
    Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       New #44

    gabe22 said:

    Also just asking whats the reason for adding geoPlugin to geolocate your visitors and geoplugin.net in host file? are they bad urls(as in maybe urls with infected files .. thats connected to some software running on my system maybe)
    According to Trend Micro that worm communicates with those domains.

       Note

    Other Details
    This worm accesses the following URL(s) to get the affected system's location:


    Re: USBFix - that's the one that screwed up my registry yesterday. It auto deleted entries as soon as it was launched. Managed to fix it. If you ask me - I'd say backup reg first and use the "research option"
    Last edited by Callender; 01 Jun 2015 at 07:48.
      My Computer
    Quote Quote

  7. gabe22
    Posts : 146
    Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
    Thread Starter
       New #45

    @ Callender

    Thanks for the host info and ya thanks again .. . I totally forgot about your previous post regarding usbfix which messedup your system .. I'm not anywhere close to you when it comes to these stuff ... so I suppose I'll be skipping that one.

    And I'm really pissed off lol ... this "Trend Micro Anti-Threat Toolkit" still at: 79% ... this is probably slowest scanner I ever saw ... it progressed 4% in last 6hours .. OMG

    My system is performing epically slow .. probably slowest ever .. cant do anything and probably stuck till another 12hours ... but I know I have let it finish .. but still ... grrr!
      My Computer
    Quote Quote

  8. gabe22
    Posts : 146
    Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
    Thread Starter
       New #46

    Oh and in the mean time .. I have some questions, probably totally newbie questions .. so go easy on me ..

    # I was told by a fried that laptop coolers with multiple fans are rather pointless as they usb ports offer 3.5v and thus using 1/2 or even 4 fans would basically mean they are all sharing the 3.5v ... which basically means 1 fan = faster 2 = bit slower and 4 = even slower but ultimately resulting in about same temperature reduction, is it true?
    # Thermal pads, are they better at system temperature reduction than traditional laptop coolers?
    # I have been wondering this for a while now, laptop parts are placed in a very confined space and thus heat is an issue .. and assuming almost all parts create some heat, does dvd drives create heat too(even if its 1/2 degree only)?

    Also whats the top choices out there for Anti-rootkit software(free priority)? perhaps something better than malwarebytes anti-rootkit (that's the one I had on my system and .. well didn't do the job for me)
      My Computer
    Quote Quote

  10. Callender
    Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       New #47

    If it's ben scanning that long an no threats shown as detected you can probably skip it.

    Re: USBFIX

    You just have to be careful when you run it to choose the "Research" button rather than let it auto clean anything.
      My Computer
    Quote Quote

  11. gabe22
    Posts : 146
    Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
    Thread Starter
       New #48

    It found 14 threats so far .. should probably wait and see if it finds more in the remaining sections and also what it found so far ...
      My Computer
    Quote Quote

  12. Callender
    Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       New #49

    I know that it's slow but it is a thorough scan. When it's finished you can actually ignore the browser window that opens and look at the results in the program window and decide what you need to remove. Was at work earlier. Will keep an eye on this thread later this evening. As for any suggestions by Cottonball or Jacee - they're pretty much the malware removal experts here and know far more about it than I do. (Plus decent fixes for problems that may remain after malware removal)

    I would like to see a UVK scan report if possible as it may contain some useful info.

    If you want to run the suggested USBFix then don't make the same mistake that I did. Just plug in your drives and choose the "research" button. Then you get a log of what was found and it doesn't remove anything that way. You can upload the log of "Found" items.

    Immunizing portable HDD-usbfix.jpg

    What it removed on my when I launched it - custom registry entries that I suppose it detected as non-standard! Had to replace them.

    Code:
    [HKEY_USERS\S-1-5-21-165181766-1597162493-719806621-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"DisallowRun"=dword:00000001

[HKEY_USERS\S-1-5-21-165181766-1597162493-719806621-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
"1"="SecurityScan_Release.exe"
"2"="apn stub.exe"
"3"="AdobeUpdater.exe"
"4"="CLUpdater.exe"
"5"="AdobeUpdater.dll"
"6"="AdobeUpdaterApp.dll"
"7"="mconduitinstaller.exe"
"8"="ieLogic.exe"
"9"="ExPromo.exe"
"10"="PhyDMACC.dll"
"11"="rkinstall.exe"
"12"="ocsetuphlp.dll"
    and

    Code:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apn stub.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Ask Toolbar1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\askbarsetup.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Ask Toolbar2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\babylon.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Babylon 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\babylonagent.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Babylon 2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\babylonTC.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Babylon 3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\babylontoolbarsrv.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Babylon Serv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmng.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Cltmng"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Conduit_AppsToolbarHelper.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Conduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieLogic.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:OpenCandy2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mconduitinstaller.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Conduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe]
"Debugger"="\"C:\\Program Files\\EmEditor\\EmEditor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OCSetupHlp.dll]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:OpenCandy 3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Offercast2802_DEMOTB_.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Ask Toolbar Installer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Toolbar1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Search_SpinToolbarHelper.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Toolbar2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Search_SpinToolbarHelper1.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Toolbar3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityScan_Release.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:McAfee Scan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinloadToolbarHelper1.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:Toolbar4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmsoemon.exe]
"Debugger"="\"C:\\Program Files (x86)\\Smart-X\\AppLocker\\AppLocker.exe\" /locked:MyWebSearch"
    Re: Your question on cooling fans. Don't know much about it. For my old laptop I had a cooling stand for ventilation underneath. For my current laptop - it started running hot with no sign of data intensive tasks running. I took it apart and cleaned inside and around the vent and the fan. That helped for a while. Eventually I just replaced the fan and it's fine. When I did used to run data intensive apps I used a process manager that can throttle user defined processes and include or exclude any process to keep things a little cooler.
    Last edited by Callender; 01 Jun 2015 at 12:28. Reason: add info
      My Computer
    Quote Quote

  13. gabe22
    Posts : 146
    Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
    Thread Starter
       New #50

    The Scan just completed .. Screenshot attached:

    I'm not sure what to fix/igonre ... I aonly understood the first one which is windows update (its set to manual) and 3rd one which is windows firewall disabled by Comodo I think ..
    Also what are these Internet explorer start pages (multiple entries), its detecting desktop wallpaper as an issue ..
    Attached Thumbnails Attached Thumbnails Immunizing portable HDD-trend1.jpg   Immunizing portable HDD-trend2.jpg  
      My Computer
    Quote Quote

 
Page 5 of 9 FirstFirst ... 34567 ... LastLast

  Related Discussions
Is a USB portable SSD viable?
in Hardware & Devices

I mean the speed that an SSD has is accessed through the SATA connexction, but having a portable SSD means using a ISB to connect, will the USB be a huge bottleneck, hugely slowing the transfere rate down?
Some software publishers or authors offer both portable and installable versions of their products. (Kee Pass is one of them.) Is it advisable to systematically prefer the portable version, when running it from a fixed drive and not a thumb drive, according to the logic that if it's possible not...
USB Win XP Portable
in Installation & Setup

Has anybody make a successful Win XP Portable with a thumb drive? I have read many websites and "How To's" but to no avail... it is one of those things that I tell myself I must learn to do as it would make my life easier for those times when the computer has a virus or help a friend with a...
Since re-installing 7 ult x64 about two weeks ago (and, of course, along with it, all my applications), I've noticed that Spybot S&D no longer immunizes firefox (currently 3.6.2). When I update SS&D every Wednesday, and apply the new immunizations, it basically has to do all 13k of the items again...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 06:16.
Find Us