Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My flashdrive is infected


  • This topic is locked This topic is locked
15 replies to this topic

#1 Cameron9_

Cameron9_

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 20 September 2017 - 11:29 PM

So i have my threat removed from my computer however my usb was attacked unfortunately i need to know if there is some usb disinfector or anything to clean my usb

 

 

Thanks in advance  :mellow: ,

 

Cameron9_ 

 

 

 

 

Also shoutouts to JSntgRvr for helping completely heal my pc  :bowdown:  

 



BC AdBot (Login to Remove)

 


#2 Cameron9_

Cameron9_
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 21 September 2017 - 06:17 PM

is anyone gonna help me please? I really don't wanna buy a new usb stick. 

 

 

 

 

 

Summary: Basically my usb became infected and i need to remove the threat



#3 RayS

RayS

  • Malware Study Hall Senior
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:48 AM

Posted 21 September 2017 - 10:38 PM

Hello Cam,

My name is Ray and I'll be assisting you with your issue. Please give me a day to review your question and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#4 Cameron9_

Cameron9_
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 21 September 2017 - 10:45 PM

Hello Ray,

I have school tommorow so can you wait tommorow 4 pm for me to respond or even 4:30 pm

Thanks in advance

#5 RayS

RayS

  • Malware Study Hall Senior
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:48 AM

Posted 22 September 2017 - 03:37 AM

Hello Cam,

Overview

 

Immunize your PC and USB thumb drive to prevent possible infection of your PC from the thumb drive. Do a full format of the thumb drive.


Immunize USB Drive

We need to vaccinate the USB drive to prevent possible infection of your working computer.

Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean working computer.
Note: The download mirror is called MajorGeeks and the download should start automatically. Please do not click any advertisements.

 

Note: Do not insert the USB drive until Panda Research USB Vaccine is fully installed.

  • Double-click USBVaccineSetup.exe to install the program.
  • Select your language. Read and accept the agreement to continue.
  • Place a checkmark next to Automatically vaccinate any new inserted USB key.
  • Click Next then Finish to complete the installation. The Panda Research USB Vaccine window will open.
  • Now, insert your USB flash drive into your clean working computer.
  • Select your USB drive from the list. If it is not already vaccinated, click Vaccinate USB.
  • Click Vaccinate computer. That disables executable items from running automatically on your PC.
  • A message should appear that your USB drive was vaccinated. If you don't see the message, remove the USB key from your PC and re-insert it. If you still don't see a message saying your USB key is vaccinated, please describe the error symptoms including verbatim copies of error messages.

 

 

Full format USB drive

Note: This procedure will destroy all data stored on your USB drive.

  • Open Windows Explorer and navigate to your USB key.
  • Carefully determine the drive letter of your USB key. Note: It is definitely not drive C.
  • Right-click the USB key drive and select Format...
  • Remove any checkmark next to Quick Format.
  • Click Start. Allow the process enough time to complete.
  • Your USB drive is now clean of all malware, and any bad sectors will be made inaccessible so as to avoid future possible corruption of data stored on those sectors.

 

 

Summary

  • Confirm that your USB drive was immunized. If not, describe symptoms and provide error messages (if any).
  • Confirm your USB drive was fully formatted.
  • Tell me whether you have any remaining questions.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#6 Cameron9_

Cameron9_
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 22 September 2017 - 06:08 PM

is that all i had to do? because now my usb did not load the cmds and windows defender did not give me trojan warning

 

 

If so...thanks Ray!



#7 Cameron9_

Cameron9_
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 22 September 2017 - 06:10 PM

I did allow automatic immunity on any drivers and vaccinated the pc and formated the driver to not have quick format 



#8 RayS

RayS

  • Malware Study Hall Senior
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:48 AM

Posted 23 September 2017 - 02:01 AM

Hi Cam,

Thank you for your report.
 

is that all i had to do?


That does clean your USB key, however, I'd like to go a step farther.



Overview

Let's scan with Security Analysis by Rocket Granny. If you need help finding updates for any item(s) it flags, copy and paste the entire log into your reply. Please also consider my suggestions for best practices. Even if you don't need help with items in the scan, please send at least one more reply to let us know we can close this topic.



Security Analysis by Rocket Grannie
Note: You will need to disable your currently installed Anti-Virus. How to do so can be found here.

  • Please download Security Analysis by Rocket Grannie
  • Save it to your Desktop.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer.
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run, if installed elsewhere.
  • Please copy and paste the contents of SALog.txt into your reply.
  • Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.

    Don't forget to re-enable your antivirus when finished!



    Here's some food for thought:


    Guard against ransomware
    A growing trend among cybercriminals is to encrypt all your data and then demand payment for the decryption key. For an example of one variety of ransomware, see the very comprehensive article, CryptoLocker Ransomware Information Guide and FAQ by Lawrence Abrams.

    Prevention is far better than attempting to cure, therefore, I recommend the free version of CryptoPrevent. The Premium version includes some advanced features. Other security companies are developing products in this area as well.


    Manage your passwords
    Use different passwords on each account. Install one of the password managers like LastPass (free or premium version) or KeePass Password Safe.


    Backup your data
    Make frequent backups of all your important files such as documents, spreadsheets, photos, business records, etc. Synchronized files are convenient, but are just as vulnerable as local files. Offline storage is best because malware can infect all machines in a network. Fire and theft can affect all devices in a single physical location. Consider cloud storage, but be sure to encrypt all traffic to and from the cloud and protect your files with strong passwords. Disconnect from the service except when you are actually storing or retrieving files.

    Please also take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

    Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are a few more links you might find of interest:

 

 

 

Summary

  • Copy and paste the entire contents of SALog.txt into the body of your message if you need help with any of its findings.
  • Tell me how your PC is running now.
  • Thank you for placing your trust in BleepingComputer. It was a pleasure serving you.

 

 

Even if you don't need further help, please reply to this post to let us know we can close the topic.

Best regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#9 Cameron9_

Cameron9_
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 23 September 2017 - 12:30 PM

here you are 

Attached Files


Edited by Cameron9_, 23 September 2017 - 12:31 PM.


#10 Cameron9_

Cameron9_
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 23 September 2017 - 12:32 PM

My pc is acting normal no malicous applications running

 

My pc has no threat



#11 Cameron9_

Cameron9_
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 23 September 2017 - 01:13 PM

Well actually i ran mbam this is what i found

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/23/2017
Scan Time: 10:39 AM
Logfile: Malwarebytes-log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.09.23.05
Rootkit Database: v2017.09.13.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Cameron Baha
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333455
Time Elapsed: 26 min, 26 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [e8e90aad9811ca6c1ccf3bbd17eb7987], 
PUP.Optional.WebBar, HKLM\SOFTWARE\MICROSOFT\TRACING\winwb_RASAPI32, Quarantined, [6071ddda7e2b6acc87e547b46c96a060], 
PUP.Optional.WebBar, HKLM\SOFTWARE\MICROSOFT\TRACING\winwb_RASMANCS, Quarantined, [3998cbec208988ae0c60a556c9394bb5], 
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [9d347e392f7a2115717a28d0778be818], 
PUP.Optional.SearchManager, HKU\S-1-5-21-3787855760-3905856180-2873326536-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [ebe686315e4bfd3962465eee639ffa06], 
PUP.Optional.WinYahoo, HKU\S-1-5-21-3787855760-3905856180-2873326536-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [6c65d7e04366b6803cb4a8a2837fe719], 
 
Registry Values: 1
PUP.Optional.WinYahoo, HKU\S-1-5-21-3787855760-3905856180-2873326536-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ansft_17_22_ssg01&param1=1&param2=f[6c65d7e04366b6803cb4a8a2837fe719]D4%26b[6c65d7e04366b6803cb4a8a2837fe719]DIE%26cc[6c65d7e04366b6803cb4a8a2837fe719]Dus%26pa[6c65d7e04366b6803cb4a8a2837fe719]Dwincy%26cd[6c65d7e04366b6803cb4a8a2837fe719]D2XzuyEtN2Y1L1QzuyEtDzz0DyD0CyEyB0BtByC0ByE0DtAyBtN0D0Tzu0StCzyzztDtN1L2XzutAtFtBzytFtAtFyDyBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCtByEtDzyyEtBtDtGyByDtBtDtG0FyEzy0EtGtDyC0CzytGzy0BtCtCyB0AyBtCtD0DyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0Azy0EtCtCzz0CtG0B0FtD0DtGyE0D0C0BtGzztC0F0CtGtAzzyEzy0FyByCtBtAzytC0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCtCzy%26cr[6c65d7e04366b6803cb4a8a2837fe719]D1861319740%26a[6c65d7e04366b6803cb4a8a2837fe719]Dwbf_ansft_17_22_ssg01%26os_ver[6c65d7e04366b6803cb4a8a2837fe719]D10.0%26os[6c65d7e04366b6803cb4a8a2837fe719]DWindowsQuarantinedB10QuarantinedBPro&p={searchTerms}, %4, %5
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3d94298e7d2cde5826b5ca74867a33cd], 
 
Files: 15
Adware.Yelloader, C:\Users\Cameron Baha\AppData\Local\Temp\1502082143\s5-20170325.zip, Quarantined, [1ab713a4a405c17534a7c23bb749a957], 
Trojan.Clicker, C:\Users\Cameron Baha\AppData\Local\Temp\1502082144\s5m_install_325.zip, Quarantined, [8b4612a565442115a97fb8c71de4e51b], 
PUP.Optional.AnonymizerGadget, C:\Users\Cameron Baha\AppData\Local\Temp\197656875\ic-0.1df1ae970b435.exe, Quarantined, [eae7eacda90057dfcf4d9bab54ac60a0], 
PUP.Optional.AppTrailers, C:\Users\Cameron Baha\AppData\Local\Temp\197656875\ic-0.1edf34946b7cb8.exe, Quarantined, [8f42b9fe7b2e8aac9c4d3d02926e9c64], 
Adware.DotDo.Generic, C:\Users\Cameron Baha\AppData\Local\Temp\197656875\ic-0.a9baecbd0578c8.exe, Quarantined, [bc1532852f7a30065060b79a45bc13ed], 
PUP.Optional.OnlineIO, C:\Users\Cameron Baha\AppData\Local\Temp\197656875\ic-0.ba00cad783931.exe, Quarantined, [775ae2d58722300690995a3ab54c36ca], 
PUP.Optional.InstallCore, C:\Users\Cameron Baha\Downloads\SteamSetup.exe, Quarantined, [18b94572d9d0a98dab1bd2be4db3946c], 
PUP.Optional.BundleInstaller, C:\Users\Cameron Baha\Downloads\Super Mario 64 (U) [!]_0777724643.exe, Quarantined, [3998ab0c7c2d1a1c1d870eddad54a45c], 
PUP.Optional.InstallCore, C:\Users\Cameron Baha\Downloads\MinecraftInstaller.exe, Quarantined, [04cde1d6a30691a53195dfb11ee241bf], 
PUP.Optional.AnonymizerGadget, C:\Users\Cameron Baha\AppData\Roaming\AGData\bin\AGLoader.dll, Quarantined, [834eb3049b0ed66035e7f3535aa64ab6], 
PUP.Optional.AnonymizerGadget, C:\Users\Cameron Baha\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe, Quarantined, [0bc64572abfea78f68b4a2a4ba46718f], 
PUP.Optional.OnlineIO, C:\Windows\Installer\SourceHash{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [fdd44077d3d6fa3c34c06cd205fba957], 
PUP.Optional.SearchManager, C:\Users\Cameron Baha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarantined, [b51ce3d48c1d9a9cb4275c9f4db5b24e], 
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [3d94298e7d2cde5826b5ca74867a33cd], 
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [3d94298e7d2cde5826b5ca74867a33cd], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 RayS

RayS

  • Malware Study Hall Senior
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:48 AM

Posted 23 September 2017 - 04:55 PM

Hi Cam,

 

Thank you for the Security Analysis log. Windows Live Essentials is no longer supported, and, without security updates, some of its components are prone to malware threats. See How to Replace Windows Essentials 2012 After Support Ends in January by Walter Glenn on July 6th, 2017.

 

All the threats detected by MalwareBytes Anti-Malware (MBAM) have been quarantined and are safe to delete. Please launch MBAM again and click History > Quarantine. Place a checkmark next to all items listed in the Quarantine window and click Delete All.

 

Please let me know if you have any questions about deleting or replacing Windows Live Essentials or if you have any problem deleting all items in MBAM quarantine. Otherwise, give me one more reply to let us know this topic can be closed.

 

Again, it was a pleasure working with you and I thank you for placing your trust in Bleeping Computer.

 

Best regards,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#13 Cameron9_

Cameron9_
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 24 September 2017 - 04:58 PM

Hello Ray before you close this topic is there any decent anti ransomware for my pc I need a decent anti ransomware for machine

 

 

THanks in advance,

 

Cameron9_



#14 RayS

RayS

  • Malware Study Hall Senior
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:48 AM

Posted 25 September 2017 - 09:57 AM

Hi Cam,
 


Hello Ray before you close this topic is there any decent anti ransomware for my pc...

You are right to be concerned about ransomware. No product will ever be 100% effective in blocking all malware, including those malicious programs that encrypt your data and demand a fee for the decryption key. The very best defense is off line backups. Any file that is continuously accessible to your computer is also reachable by ransomware.
 
You can, however, block some of the malicious operators. Please re-read the advice I gave you in Post #8. It is all valid except my recommendation for CryptoPrevent. That program which I recommended was an early defense against ransomware. As techniques have evolved, other products have come to the forefront. I am now recommending Malwarebytes Anti-Ransomware 0.9.18.807 instead of CryptoPrevent. This is a free program for home users and it doesn't conflict with other antivirus products which are running on your PC.
 
Please let me know if you have any other questions about your PC. Otherwise, please reply one more time to let us know it's OK to close this topic.
 
Regards,
 
Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#15 Cameron9_

Cameron9_
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 26 September 2017 - 09:07 AM

Your the best!


Oh btw I have some very good defense system on my pc just need to add this anti ransom ware and my pc is basically protected


Now you can close the forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users