Immunizing portable HDD

Okay well it looks like it didn't find the problem. Those detections are all related to non standard settings changes. The only one that I think you should choose to fix is the ShowSuperHidden entry.

Acording to the link posted earlier that worm modifies the following:

   Note

modifies the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Advanced
ShowSuperHidden = "0"

So best to fix.

I'm pretty surpised by the results to be honest. Next step - upload UVK scan report. Check it first and remove anything relating to personal files that you don't want us to see. Or await instructions from Cottonball or Jacee.

UKV scan finished, scan log attached.

BTW I noticed its display "Number of users: 2." .. but I always have had only 1 user .. so whats the other one?
Also It found "<File/Folder> | D:/\Skypee | 0 bytes | Directory" ... that directory isn't there.


** update, applied fixes in Trend.

@ cottonball

Just ran the USBFix scan and report attached.

It also found the following:

Found! D:\Skypee\AutoIt3.exe
Found! D:\Skypee

I'll try the following fix: WORM_IPPEDO.B - Threat Encyclopedia - Trend Micro USA suggested by Jacee soon

Try Start > Run then type netplwiz and press Enter. How many users shown. Maybe a guest account or hidden admin account is enabled?

Will look at UVK log and see if I can spot anything.

Re: Avast. Looks like you installed Comodo without fully removing Avast. You need to run the Avast removal tool in safe mode if you want to switch AV's.

Sometimes it's not possible to uninstall Avast the standard way - using the ADD/REMOVE PROGRAMS in control panel. In this case, you can use our uninstallation utility avastclear.

Re: USB fix - Well it found a couple of entries. Not sure what the removal process entails for that software. At the moment I's suggest only removing the entries marked "Found" - maybe wait for instructions.

Okay all I can find is in the attached Fix List. You know how to download it and run it - rename with .uvk extension and run the script in UVK.

When you've done that there are some manual checks to do.

UVK - Fix List.txt

Contents of file:

Code:

     ================ UVK - Ultra Virus Killer Fix List ================

<sDelete>
<File/Folder> | D:/\Skypee | 0 bytes | Directory



    ####################### End of UVK - Ultra Virus Killer Fix List. #######################

Check for these registry entries. If you find them report back if you are unsure on what to delete or how to delete.

before modifying your computer's registry.

In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Windows Update = "%System Root%\Google\Windowsupdate.lnk"
In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Windows Update = "%System Root%\Google\Windowsupdate.lnk"
In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
JavaUpdate = "%System Root%\Google\GoogleUpdate.lnk"
In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AdopeUpdate = "%System Root%\Google\GoogleUpdate.lnk"
In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
NewJavaInstall = "%System Root%\Google\AutoIt3.exe /AutoIt3ExecuteScript %System Root%\Google\googleupdate.a3x"
In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AdopeFlash = "%System Root%\Google\AutoIt3.exe /AutoIt3ExecuteScript %System Root%\Google\googleupdate.a3x"

Also check for this folder and report if found:

C:\Windows\Google

Will check back here tomorrow!

gabe22,

Thanks for posting the UBFix Research report. I expected it to identify much more than what it did.

Let's go the following route and see what it shows. It is a very straight forward and user friendly program that should not take a very long time to run.

Please use the Farbar Recovery Scan Tool Download
Select the version that applies to your system: 64 bit
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens, click Yes to the disclaimer.
Press the Scan button.

When done, the tool makes a log, FRST.txt, in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply.

The first time the tool is run, it also creates another log: Addition.txt
Also post the Addition.txt in your reply.

Re: 2 users detected. Administrator and Guest Accounts detected sounds right but you can also easily check that out using "Quick User Manager" in UVK.

Re: Avast vs Comodo CIS.

I wonder if you mistakelnly installed Comodo CIS & Firewall insted of Comodo Cleaning Essentials? Or did you mean to replace Avast?

Comodo Cleaning Essentials (runs without install)

If you meant to replace Avast you need to remove it in safe mode using the Avast Unistall Tool as posted earlier or see the tutorial here on Seven Forums. Skip step 7 onwards if using the current version of Avast.

Avast - Uninstall Completely

If you mean to keep Comodo CIS & Firewall then you should reinstall it following the steps here:

How to Install Comodo Firewall | Gizmo's Freeware

Follow the guide to the letter and where appropriate - make your choices. Don't install GeekBuddy as it's a paid service.

If you mean to keep Avast then uninstall Comodo! There's no dedicated removal tool for that.

Re: UVK Scan.

Please upload another scan as I think settings were not configured correctly.

Step 1:

Right click UVK shortcut and choose "Run as administrator"

Step 2:

Click "Scan & Create Log

Step 3:

Select "None" so that all choices on the left hand side are cleared.

Step 4:

Check the boxes as shown:

Step 5:

Copy and paste this into the file exts search box

.a3x|

paste it before the first entry.

Step 6:

Include other drives as you did before using the <Dir> command.

Run the scan and upload the results.

If Cottonball spots anything I'm sure that she will help you fix things!

I'll take a look at your UVK scan if you choose to upload it. Other than that - I'll leave matters in Cottonball's hands.