UsbFix tutorial : Search option. Scan your USB peripherals.

Download UsbFix on your computer, and execute it
It will launch automatically, and a shortcut will be created on your desktop
Connect all your external data sources to your PC (Usb keys, external drives, etc…) Do not open them.
Choose ” Research ” option.

A pop-up will follow :

Connect all your external data sources to your PC (Usb keys, external drives, etc…)

Once you’re ready, click “OK”

Wait for the tool to work (It may vary according to the computer)

During the scan, the numbers of analysed and infected éléments are displayed

Once the scan is over, a report will open.

You can find a copy of this report on your desktop, and another at C:\UsbFix\Log\UsbFix [Scan 1] Your PC.txt.
Copy/paste it on the board you’ve asked for help.
If you are not taken care, we invite you to create a subject on the forum of disinfection SosVirus and to transmit the report for analysis.

Free Support

Forum SosVirus

Help UsbFix

[sdonations]1[/sdonations]

Rate this tutorial

(3 votes, average: 4.33 out of 5)

Her is an example of a report showing an infection :

############################## | UsbFix V 7.164 |

[Research]

User: SosVirus (Administrator) # VMWARE
Updated 05/02/2014 by El Desaparecido – Team SosVirus
Started at 11:04:45 | 14/02/2014

Website : https://www.usb-antivirus.com/
Changelog : https://www.usb-antivirus.com/changelog/
Support : https://www.sosvirus.net/en/
Contact : https://www.usb-antivirus.com/contact/
Contact : https://how-to-remove.us/

PC: Intel Corporation (440BX Desktop Reference Platform)
CPU: AMD FX(tm)-8150 Eight-Core Processor
RAM -> [Total : 2047 Mo| Free : 1262 Mo] Bios: Phoenix Technologies LTD
Boot: Normal boot

OS: Microsoft Windows 8.1 Pro (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16384

SC: Security Center [Enabled] WU: Windows Update [Enabled] AV: Windows Defender [(!) Disabled | Updated] AS: Windows Defender [(!) Disabled | Updated] FW: Windows FireWall [(!) Disabled]

C:\ (%systemdrive%) -> Fixed drive # 60 Gb (46 Mb free – 77%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 15 Gb (15 Mb free – 99%) [UsbFix] # NTFS

################## | Active Processes |

C:\Windows\system32\wininit.exe (ID: 492 |ParentID: 428)
C:\Windows\system32\winlogon.exe (ID: 540 |ParentID: 484)
C:\Windows\system32\lsass.exe (ID: 604 |ParentID: 492)
C:\Windows\system32\svchost.exe (ID: 664 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 720 |ParentID: 596)
C:\Windows\system32\dwm.exe (ID: 812 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 892 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 924 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 1000 |ParentID: 596)
C:\Windows\System32\svchost.exe (ID: 344 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 760 |ParentID: 596)
C:\Windows\System32\spoolsv.exe (ID: 1056 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 1080 |ParentID: 596)
C:\Windows\system32\dashost.exe (ID: 1300 |ParentID: 344)
C:\Windows\system32\svchost.exe (ID: 1580 |ParentID: 596)
C:\Windows\System32\WUDFHost.exe (ID: 1700 |ParentID: 344)
C:\Windows\System32\svchost.exe (ID: 1996 |ParentID: 596)
C:\Windows\system32\taskhostex.exe (ID: 2592 |ParentID: 924)
C:\Windows\Explorer.EXE (ID: 2732 |ParentID: 2712)
C:\Windows\system32\DllHost.exe (ID: 2844 |ParentID: 664)
C:\Windows\system32\SearchIndexer.exe (ID: 1728 |ParentID: 596)
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (ID: 2660 |ParentID: 344)
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (ID: 2556 |ParentID: 2660)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2636 |ParentID: 596)
C:\Windows\system32\taskhost.exe (ID: 1888 |ParentID: 924)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 920 |ParentID: 664)
C:\Windows\System32\WUDFHost.exe (ID: 1236 |ParentID: 344)
C:\Users\SosVirus\AppData\Local\Temp\svchots.exe (ID: 1172 |ParentID: 2092)
C:\Users\SosVirus\AppData\Roaming\Systwm.exe (ID: 3508 |ParentID: 1616)
C:\Users\SosVirus\AppData\Roaming\trsa.exe (ID: 3056 |ParentID: 2380)
C:\Windows\system32\SearchProtocolHost.exe (ID: 1824 |ParentID: 1728)
C:\Windows\system32\SearchFilterHost.exe (ID: 3804 |ParentID: 1728)
C:\Windows\servicing\TrustedInstaller.exe (ID: 3108 |ParentID: 596)
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_fa1dc1539b4180d8\TiWorker.exe (ID: 944 |ParentID: 664)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2904 |ParentID: 664)

################## | Regedit Run |

04 – HKCU\..\Run : [bc417da8242d899d911d46b52a2aa2c2] “C:\Users\SosVirus\AppData\Local\Temp\svchots.exe” ..
04 – HKCU\..\Run : [0ed9b0dd4f968cc32d4e7c0293ea9e57] “C:\Users\SosVirus\AppData\Roaming\Systwm.exe” ..
04 – HKCU\..\Run : [b463fa29ba63b297b9177c677944ff44] “C:\Users\SosVirus\AppData\Roaming\trsa.exe” ..
04 – HKLM\..\RunOnce : [] 04 – HKLM64\..\RunOnce : [BrowserChoice] C:\Windows\BrowserChoice\browserchoice.exe
04 – HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\..\Run : [bc417da8242d899d911d46b52a2aa2c2] “C:\Users\SosVirus\AppData\Local\Temp\svchots.exe” ..
04 – HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\..\Run : [0ed9b0dd4f968cc32d4e7c0293ea9e57] “C:\Users\SosVirus\AppData\Roaming\Systwm.exe” ..
04 – HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\..\Run : [b463fa29ba63b297b9177c677944ff44] “C:\Users\SosVirus\AppData\Roaming\trsa.exe” ..

################## | Generic Research |

Found ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0ed9b0dd4f968cc32d4e7c0293ea9e57.exe
Found ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b463fa29ba63b297b9177c677944ff44.exe
Found ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bc417da8242d899d911d46b52a2aa2c2.exe
Found ! E:\My Picture.SCR
Found ! E:\set.vbs
Found ! C:\Users\SosVirus\AppData\Roaming\trsa.exe
Found ! C:\Users\SosVirus\AppData\Roaming\trsa.exe.tmp
Found ! E:\0ed9b0dd4f968cc32d4e7c0293ea9e57.exe
Found ! E:\29d6ad028fa7e9945b60c9f480764362.zip.lnk
Found ! E:\3dcedd76b1f542ec14094a9afe39a1b2.zip.lnk
Found ! E:\8bf5931005ec23184864abaa42a2cd18.zip.lnk
Found ! E:\b114764aa3567a0bb3a22a8374b3d46b.zip.lnk
Found ! E:\set.vbs.lnk
Found ! C:\Users\SosVirus\AppData\Local\Temp\svchots.exe
Found ! C:\Users\SosVirus\AppData\Roaming\Systwm.exe
Found ! C:\Users\SosVirus\Desktop\29d6ad028fa7e9945b60c9f480764362\set.vbs
Found ! C:\Users\SosVirus\Desktop\3dcedd76b1f542ec14094a9afe39a1b2\bc417da8242d899d911d46b52a2aa2c2.exe
Found ! C:\Users\SosVirus\Desktop\8bf5931005ec23184864abaa42a2cd18\b463fa29ba63b297b9177c677944ff44.exe
Found ! C:\Users\SosVirus\Desktop\b114764aa3567a0bb3a22a8374b3d46b\0ed9b0dd4f968cc32d4e7c0293ea9e57.exe

################## | Registry |

Found ! HKCU\Software\0ed9b0dd4f968cc32d4e7c0293ea9e57
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\0ed9b0dd4f968cc32d4e7c0293ea9e57
Found ! HKCU\Software\b463fa29ba63b297b9177c677944ff44
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\b463fa29ba63b297b9177c677944ff44
Found ! HKCU\Software\bc417da8242d899d911d46b52a2aa2c2
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\bc417da8242d899d911d46b52a2aa2c2
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|0ed9b0dd4f968cc32d4e7c0293ea9e57
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|0ed9b0dd4f968cc32d4e7c0293ea9e57
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|b463fa29ba63b297b9177c677944ff44
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|b463fa29ba63b297b9177c677944ff44
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|bc417da8242d899d911d46b52a2aa2c2
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|bc417da8242d899d911d46b52a2aa2c2
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|0ed9b0dd4f968cc32d4e7c0293ea9e57
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|0ed9b0dd4f968cc32d4e7c0293ea9e57
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|b463fa29ba63b297b9177c677944ff44
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|b463fa29ba63b297b9177c677944ff44
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|bc417da8242d899d911d46b52a2aa2c2
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|bc417da8242d899d911d46b52a2aa2c2

################## | UsbFix – Information |

UsbFix has detected on your computer, an infection which a Keylogger function.
After cleaning with UsbFix, please modify all your passwords.
If you made purchases on Internet,
please contact your bank to enviseager an opposition on your bank card.

Info : https://www.usb-antivirus.com/2014/03/remove-shortcut-virus-usb/
Info : https://www.usb-antivirus.com/2014/03/infections-spreading-usb-peripherals/

################## | Vaccin |

################## | E.O.F |