Tutorial UsbFix : Search option

[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_checklist icon=”fa-arrow-right” iconcolor=”#1e73be” circle=”no” circlecolor=”” size=”15px” class=”” id=””]

• Download UsbFix on your computer, and execute it
• It will launch automatically, and a shortcut will be created on your desktop
• Connect all your external data sources to your PC (Usb keys, external drives, etc…) Do not open them.
• Choose ” Research ” option.

[/fusion_checklist]

[fusion_separator top=”20″ style=”none”/]

[fusion_imageframe lightbox=”no” lightbox_image=”” style_type=”” hover_type=”zoomin” bordercolor=”#d3d3d3″ bordersize=”0px” border radius=”0″ stylecolor=”” align=”center” link=”” linktarget=”” animation_type=”0″ animation_direction=”down” animation_speed=”0.1″ class=”” id=””] [/fusion_imageframe]

[fusion_separator top=”20″ style=”none”/]

[/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_checklist icon=”fa-arrow-right” iconcolor=”#1e73be” circle=”no” circlecolor=”” size=”15px” class=”” id=””]

•  A pop-up will follow :

[/fusion_checklist]

[fusion_separator top=”20″ style=”none”/]

Connect all your external data sources to your PC (Usb keys, external drives, etc…)

[fusion_separator top=”20″ style=”none”/]

[/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_checklist icon=”fa-arrow-right” iconcolor=”#1e73be” circle=”no” circlecolor=”” size=”15px” class=”” id=””]

• Once you’re ready, click “OK”

[/fusion_checklist]

[fusion_separator top=”20″ style=”none”/]

[fusion_imageframe lightbox=”no” lightbox_image=”” style_type=”” hover_type=”zoomin” bordercolor=”#d3d3d3″ bordersize=”0px” border radius=”0″ stylecolor=”” align=”center” link=”” linktarget=”” animation_type=”0″ animation_direction=”down” animation_speed=”0.1″ class=”” id=””] [/fusion_imageframe]

[fusion_separator top=”20″ style=”none”/]

[/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_checklist icon=”fa-arrow-right” iconcolor=”#1e73be” circle=”no” circlecolor=”” size=”15px” class=”” id=””]

• Wait for the tool to work (It may vary according to the computer)

[/fusion_checklist]

[fusion_separator top=”20″ style=”none”/]

[fusion_imageframe lightbox=”no” lightbox_image=”” style_type=”” hover_type=”zoomin” bordercolor=”#d3d3d3″ bordersize=”0px” border radius=”0″ stylecolor=”” align=”center” link=”” linktarget=”” animation_type=”0″ animation_direction=”down” animation_speed=”0.1″ class=”” id=””] [/fusion_imageframe]

[fusion_separator top=”20″ style=”none”/]

[/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_checklist icon=”fa-arrow-right” iconcolor=”#1e73be” circle=”no” circlecolor=”” size=”15px” class=”” id=””]

• During the scan, the numbers of analysed and infected éléments are displayed

[/fusion_checklist]

[fusion_separator top=”20″ style=”none”/]

[fusion_imageframe lightbox=”no” lightbox_image=”” style_type=”” hover_type=”zoomin” bordercolor=”#d3d3d3″ bordersize=”0px” border radius=”0″ stylecolor=”” align=”center” link=”” linktarget=”” animation_type=”0″ animation_direction=”down” animation_speed=”0.1″ class=”” id=””] [/fusion_imageframe]

[fusion_separator top=”20″ style=”none”/]

[/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_checklist icon=”fa-arrow-right” iconcolor=”#1e73be” circle=”no” circlecolor=”” size=”15px” class=”” id=””]

• Once the scan is over, a report will open.

[/fusion_checklist]

[fusion_separator top=”20″ style=”none”/]

[fusion_imageframe lightbox=”no” lightbox_image=”” style_type=”” hover_type=”zoomin” bordercolor=”#d3d3d3″ bordersize=”0px” border radius=”0″ stylecolor=”” align=”center” link=”” linktarget=”” animation_type=”0″ animation_direction=”down” animation_speed=”0.1″ class=”” id=””] [/fusion_imageframe]

[fusion_separator top=”20″ style=”none”/]

[/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_checklist icon=”fa-arrow-right” iconcolor=”#1e73be” circle=”no” circlecolor=”” size=”15px” class=”” id=””]

• You can find a copy of this report on your desktop, and another at C:\UsbFix\Log\UsbFix [Scan 1] Your PC.txt.
• Copy/paste it on the board you’ve asked for help.
• If you are not taken care, we invite you to create a subject on the forum of disinfection SosVirus and to transmit the report for analysis.

[/fusion_checklist]

[fusion_separator top=”40″ style=”shadow”/]

[/fusion_builder_column][fusion_builder_column type=”1_2″ last=”no” class=”” id=””][fusion_imageframe lightbox=”no” style_type=”none” bordercolor=”#d1d1d1″ bordersize=”0px” stylecolor=”#ffffff” align=”center” link=”” linktarget=”_self” animation_type=”0″ animation_direction=”” animation_speed=”0.1″ class=”” id=””] [/fusion_imageframe][/fusion_builder_column][fusion_builder_column type=”1_2″ last=”yes” class=”” id=””][fusion_text]

Free Support

[/fusion_text][fusion_button link=”https://www.sosvirus.net/en/” color=”custom” size=”large” type=”shake” shape=”square” target=”_blank” title=”Free support” gradient_colors=”transparent|” gradient_hover_colors=”rgba(000,000,000,.05)|” accent_color=”#a0ce4e” accent_hover_color=”#96c346″ bevel_color=”” border_width=”2px” shadow=”no” icon=”fa-star” icon_position=”left” icon_divider=”yes” modal=”” animation_type=”0″ animation_direction=”up” animation_speed=”1″ alignment=”” class=”” id=””]Forum SosVirus[/fusion_button][/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_separator style_type=”shadow” top_margin=”40″ bottom_margin=”40″ sep_color=”” icon=”” width=”” class=”” id=””/][/fusion_builder_column][fusion_builder_column type=”1_2″ last=”no” class=”” id=””][fusion_text]

[/fusion_text][/fusion_builder_column][fusion_builder_column type=”1_2″ last=”yes” class=”” id=””][fusion_title size=”3″ content_align=”left” style_type=”” sep_color=”” class=”” id=””]Rate this tutorial[/fusion_title][fusion_separator style_type=”none” top_margin=”20″ bottom_margin=”” sep_color=”” icon=”” width=”” class=”” id=””/]
[fusion_text][ratings][/fusion_text][/fusion_builder_column]

[fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_separator style_type=”shadow” top_margin=”40″ bottom_margin=”40″ sep_color=”” icon=”” width=”” class=”” id=””/]

Her is an example of a report showing an infection :

[fusion_separator style_type=”none” top_margin=”10″ bottom_margin=”10″ sep_color=”” icon=”” width=”” class=”” id=””/]

############################## | UsbFix V 7.164 | [/fusion_builder_column][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][Research]

User: SosVirus (Administrator) # VMWARE
Updated 05/02/2014 by El Desaparecido – Team SosVirus
Started at 11:04:45 | 14/02/2014

Website : https://www.usb-antivirus.com/
Changelog : https://www.usb-antivirus.com/changelog/
Support : https://www.sosvirus.net/en/
Contact : https://www.usb-antivirus.com/contact/
Contact : https://how-to-remove.us/

PC: Intel Corporation (440BX Desktop Reference Platform)
CPU: AMD FX(tm)-8150 Eight-Core Processor
RAM -> [Total : 2047 Mo| Free : 1262 Mo]
Bios: Phoenix Technologies LTD
Boot: Normal boot

OS: Microsoft Windows 8.1 Pro (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16384

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
FW: Windows FireWall [(!) Disabled]

C:\ (%systemdrive%) -> Fixed drive # 60 Gb (46 Mb free – 77%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 15 Gb (15 Mb free – 99%) [UsbFix] # NTFS

################## | Active Processes |

C:\Windows\system32\wininit.exe (ID: 492 |ParentID: 428)
C:\Windows\system32\winlogon.exe (ID: 540 |ParentID: 484)
C:\Windows\system32\lsass.exe (ID: 604 |ParentID: 492)
C:\Windows\system32\svchost.exe (ID: 664 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 720 |ParentID: 596)
C:\Windows\system32\dwm.exe (ID: 812 |ParentID: 540)
C:\Windows\System32\svchost.exe (ID: 892 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 924 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 1000 |ParentID: 596)
C:\Windows\System32\svchost.exe (ID: 344 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 760 |ParentID: 596)
C:\Windows\System32\spoolsv.exe (ID: 1056 |ParentID: 596)
C:\Windows\system32\svchost.exe (ID: 1080 |ParentID: 596)
C:\Windows\system32\dashost.exe (ID: 1300 |ParentID: 344)
C:\Windows\system32\svchost.exe (ID: 1580 |ParentID: 596)
C:\Windows\System32\WUDFHost.exe (ID: 1700 |ParentID: 344)
C:\Windows\System32\svchost.exe (ID: 1996 |ParentID: 596)
C:\Windows\system32\taskhostex.exe (ID: 2592 |ParentID: 924)
C:\Windows\Explorer.EXE (ID: 2732 |ParentID: 2712)
C:\Windows\system32\DllHost.exe (ID: 2844 |ParentID: 664)
C:\Windows\system32\SearchIndexer.exe (ID: 1728 |ParentID: 596)
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (ID: 2660 |ParentID: 344)
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (ID: 2556 |ParentID: 2660)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2636 |ParentID: 596)
C:\Windows\system32\taskhost.exe (ID: 1888 |ParentID: 924)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 920 |ParentID: 664)
C:\Windows\System32\WUDFHost.exe (ID: 1236 |ParentID: 344)
C:\Users\SosVirus\AppData\Local\Temp\svchots.exe (ID: 1172 |ParentID: 2092)
C:\Users\SosVirus\AppData\Roaming\Systwm.exe (ID: 3508 |ParentID: 1616)
C:\Users\SosVirus\AppData\Roaming\trsa.exe (ID: 3056 |ParentID: 2380)
C:\Windows\system32\SearchProtocolHost.exe (ID: 1824 |ParentID: 1728)
C:\Windows\system32\SearchFilterHost.exe (ID: 3804 |ParentID: 1728)
C:\Windows\servicing\TrustedInstaller.exe (ID: 3108 |ParentID: 596)
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_fa1dc1539b4180d8\TiWorker.exe (ID: 944 |ParentID: 664)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2904 |ParentID: 664)

################## | Regedit Run |

04 – HKCU\..\Run : [bc417da8242d899d911d46b52a2aa2c2] “C:\Users\SosVirus\AppData\Local\Temp\svchots.exe” ..
04 – HKCU\..\Run : [0ed9b0dd4f968cc32d4e7c0293ea9e57] “C:\Users\SosVirus\AppData\Roaming\Systwm.exe” ..
04 – HKCU\..\Run : [b463fa29ba63b297b9177c677944ff44] “C:\Users\SosVirus\AppData\Roaming\trsa.exe” ..
04 – HKLM\..\RunOnce : []
04 – HKLM64\..\RunOnce : [BrowserChoice] C:\Windows\BrowserChoice\browserchoice.exe
04 – HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\..\Run : [bc417da8242d899d911d46b52a2aa2c2] “C:\Users\SosVirus\AppData\Local\Temp\svchots.exe” ..
04 – HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\..\Run : [0ed9b0dd4f968cc32d4e7c0293ea9e57] “C:\Users\SosVirus\AppData\Roaming\Systwm.exe” ..
04 – HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\..\Run : [b463fa29ba63b297b9177c677944ff44] “C:\Users\SosVirus\AppData\Roaming\trsa.exe” ..

################## | Generic Research |

Found ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0ed9b0dd4f968cc32d4e7c0293ea9e57.exe
Found ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b463fa29ba63b297b9177c677944ff44.exe
Found ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bc417da8242d899d911d46b52a2aa2c2.exe
Found ! E:\My Picture.SCR
Found ! E:\set.vbs
Found ! C:\Users\SosVirus\AppData\Roaming\trsa.exe
Found ! C:\Users\SosVirus\AppData\Roaming\trsa.exe.tmp
Found ! E:\0ed9b0dd4f968cc32d4e7c0293ea9e57.exe
Found ! E:\29d6ad028fa7e9945b60c9f480764362.zip.lnk
Found ! E:\3dcedd76b1f542ec14094a9afe39a1b2.zip.lnk
Found ! E:\8bf5931005ec23184864abaa42a2cd18.zip.lnk
Found ! E:\b114764aa3567a0bb3a22a8374b3d46b.zip.lnk
Found ! E:\set.vbs.lnk
Found ! C:\Users\SosVirus\AppData\Local\Temp\svchots.exe
Found ! C:\Users\SosVirus\AppData\Roaming\Systwm.exe
Found ! C:\Users\SosVirus\Desktop\29d6ad028fa7e9945b60c9f480764362\set.vbs
Found ! C:\Users\SosVirus\Desktop\3dcedd76b1f542ec14094a9afe39a1b2\bc417da8242d899d911d46b52a2aa2c2.exe
Found ! C:\Users\SosVirus\Desktop\8bf5931005ec23184864abaa42a2cd18\b463fa29ba63b297b9177c677944ff44.exe
Found ! C:\Users\SosVirus\Desktop\b114764aa3567a0bb3a22a8374b3d46b\0ed9b0dd4f968cc32d4e7c0293ea9e57.exe

################## | Registry |

Found ! HKCU\Software\0ed9b0dd4f968cc32d4e7c0293ea9e57
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\0ed9b0dd4f968cc32d4e7c0293ea9e57
Found ! HKCU\Software\b463fa29ba63b297b9177c677944ff44
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\b463fa29ba63b297b9177c677944ff44
Found ! HKCU\Software\bc417da8242d899d911d46b52a2aa2c2
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\bc417da8242d899d911d46b52a2aa2c2
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|0ed9b0dd4f968cc32d4e7c0293ea9e57
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|0ed9b0dd4f968cc32d4e7c0293ea9e57
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|b463fa29ba63b297b9177c677944ff44
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|b463fa29ba63b297b9177c677944ff44
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|bc417da8242d899d911d46b52a2aa2c2
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|bc417da8242d899d911d46b52a2aa2c2
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|0ed9b0dd4f968cc32d4e7c0293ea9e57
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|0ed9b0dd4f968cc32d4e7c0293ea9e57
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|b463fa29ba63b297b9177c677944ff44
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|b463fa29ba63b297b9177c677944ff44
Found ! HKU\S-1-5-21-3326037888-2103832623-3606209763-1001\Software\Microsoft\Windows\CurrentVersion\Run|bc417da8242d899d911d46b52a2aa2c2
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|bc417da8242d899d911d46b52a2aa2c2

################## | UsbFix – Information |

UsbFix has detected on your computer, an infection which a Keylogger function.
After cleaning with UsbFix, please modify all your passwords.
If you made purchases on Internet,
please contact your bank to enviseager an opposition on your bank card.

Info : https://www.usb-antivirus.com/2014/03/remove-shortcut-virus-usb/
Info : https://www.usb-antivirus.com/2014/03/infections-spreading-usb-peripherals/

################## | Vaccin |

################## | E.O.F |

[fusion_separator style_type=”shadow” top_margin=”40″ bottom_margin=”40″ sep_color=”” icon=”” width=”” class=”” id=””/]

[fusion_separator top=”40″ style=”none”/]
[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]