Need to clean an external hard drive that's badly infected.

If you are certain that your computer is clean, you can plug that external HD on it. But, before you do that , make sure that your AV and anti-malware software are up-to-date. To be sure on doing that, you can run your scan from Safe Mode.

Also, make sure to verify that your AV settings are indeed set to scan external drives. If it is set up like this, your AV should scan the drive immediately when you plug it in & start trying to disinfect any infections.

jonnyhillow,

Consider using the tool UsbFix:

It can detect and remove infections found on removable devices such as an external hard drive.
Download UsbFix

Press: Download UsbFix Windows Installer- 3.73 MB | version: 7.812

Next, please, temporarily disable your antivirus software so it does not interfere with the running of USBFix.

Next, right-click the downloaded USBFix file and select: Run as Administrator

Connect the external hard drive to your PC, turn it on (if powered), but, do not open it.
At the main console of USBFix, press: Listing

Once a scan is completed, a report is generated. It is normally found at C:\USBFix\Log
Please post the Listing report in your reply.

Once again, run USBFix as Administrator, but, this time, press: Research
Also post the Research report in your reply.

Once you get the files transferred you want to save, wiping the drive is probably the best option. Here is a list of drive erasers:

Five hard disk cleaning and erasing tools - TechRepublic

Also, TDSSKiller is a good rootkit cleaner, but there are others you can try:

Five free portable rootkit removers - TechRepublic

Been away for awhile, sorry guys . Finally got around to doing a few things as requested.



Rapport


############################## | UsbFix V 7.901 | [Research]

User: charles (Administrator) # CHARLES-PC
Updated 25/02/2015 by El Desaparecido - SosVirus
Started at 15:39:59 | 25/02/2015

Website : UsbFix - Official Website
Changelog : Changelog Archives
Support : SosVirus
Live detection : How To Remove ?
Contact : Contact El Desaparecido, UsbFix author

################## | System information |

MB: ASUSTeK Computer Inc. (U56E)
CPU: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
GC: Intel(R) HD Graphics 3000
RAM -> [Total : 6049 Mo | Free : 4658 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Opera : 27.0.1689.76

################## | Security Information |

AV: Kaspersky Anti-Virus [(!) Disabled |Updated]
AS: Kaspersky Anti-Virus [(!) Disabled |Updated]
AS: Windows Defender [(!) Disabled |Updated]
AS: Malwarebytes Anti-Malware : 2.0.4.1028
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 224 Gb (192 Gb free - 86%) [] # NTFS
E:\ -> Fixed disk # 298 Gb (257 Gb free - 86%) [FreeAgent Drive] # NTFS

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
04 - HKLM\..\Run : [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
04 - [x64] HKLM\..\Run : [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
04 - [x64] HKLM\..\Run : [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [x64] HKLM\..\Run : [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
04 - [x64] HKLM\..\Run : [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
04 - [x64] HKLM\..\Run : [IgfxTray] "C:\Windows\system32\igfxtray.exe"
04 - [x64] HKLM\..\Run : [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
04 - [x64] HKLM\..\Run : [Persistence] "C:\Windows\system32\igfxpers.exe"
04 - [x64] HKLM\..\Run : [Everything] "C:\Program Files\Everything\Everything.exe" -startup
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2936650077-4203905920-2493637114-1000\..\Run : [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04GS - Secunia PSI Tray.lnk : C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

################## | Generic Research |


################## | Registry |


################## | UsbFix - Information |

Info : How to remove shortcut virus on flash disk (Video)
Info : Shortcut virus on flash disk, What is it ?
Live detection : How To Remove ?

################## | Hijack |


################## | E.O.F | SosVirus | UsbFix - Official Website |



I don't know if any malware is present by the results , hoping someone can let me know.

jonnyhillow,

Also need the Listing report.

Thanks!

Duplicate - please disregard.