Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Usbfix ?


titou56

Recommended Posts

Hi,

 

since some time I found that my PC comes slowly... While I have a clever use of surfing with Firefox, an efficient protection with firewall, Antivir Premium, S360 and IA-Squared Pro until S360 comes back to his level of competition, and correctly supported with ASC Pro and Smart Defrag...

 

Then... What's happening ?

 

This morning I read an article regarding a type of infection particular correct version by an utility: USBFIX.

 

"USBFix is a tool which abolishes certain infections USB and cleans the removable peripherals.

It is important to understand the functioning of these infections definitely at the risk of being again infected.

 

Simple fact to open the workstation and to double-click a key USB / contaminated hard HARD DISK installs the infection on your system. All inserted removable mass media will then be infected in their tower to spread the infection in your circle."

 

So ? Do someone here know this soft ? http://usbfix.softonic.fr/

 

I dream about a new "Anti virus-malwares-worms-trojans-dialers-and so" always running inside the web searching and stalking in non-stop way ' knack and things ' to make them steriles ! :twisted:

 

Cheers

Link to comment
Share on other sites

Hi Titou!

 

My French is very limited but, Je parle le Francais com se com sa?

 

I visited the site you linked to: http://usbfix.softonic.fr/

and believe it purports to being something greater than it is.

 

You said that you read something and quoted it:

 

"USBFix is a tool which abolishes certain infections USB and cleans the removable peripherals.

It is important to understand the functioning of these infections definitely at the risk of being again infected.

 

Simple fact to open the workstation and to double-click a key USB / contaminated hard HARD DISK installs the infection on your system. All inserted removable mass media will then be infected in their tower to spread the infection in your circle."

 

Where did you read this?

 

Please clarify!

 

You are running this Usb fix now?? And for how long? Did the slowness of your system happen at the same time??

 

 

My instinct says this USB utility is not the reason for the slowness.

 

 

Thank you Danburrito... utility man Dan!!

Link to comment
Share on other sites

The quote below is from above website, just run through M$ Translator:

 

edit: Especially the parts in bold red font below are not quite trustworthy features in a "security" program.

 

If in doubt, UsbFix eliminates risk of spreading virus cleaner host PC disks and vaccinating against infections removable media.

 

Once your your key or external hard disk connected to the PC, UsbFix analysis automatically all disks of a lengthy scan (10 to 30 minutes on Windows XP). It removes infections that threaten your USB keys and restores security features damaged such as access to the registry, in the Task Manager etc... It also deals with the famous "Bagle" worm.

 

UsbFix is compatible with Windows XP, Vista and 7; Vista users disable user account control to run UsbFix (see tutorial here).

 

It should be noted that if a few anti-virus indicate UsbFix as a worm, is a "false positive": almost all of them validate it as a program course. From our tests on virustotal.com, its use is safe.

 

This program written in the language this Batch interface to the former. Non-commercial, edited by an independent developer community.

 

Protect its USB flash drive or external hard drive is required by time and age... Pull covered with UsbFix, a radical anti-malware.

Link to comment
Share on other sites

Hi titou56,

 

I have installed and tried the software.

 

McAfee (DAT version:5824) has found: C:\UsbFix\Tools\Kill_P.exe

as a PUP (potentialy unwanted program).

 

After running the program, the report is saved to: C:\UsbFix.txt

 

 

The report content summary is as follows:

 

C:\ -> Local Fixed Disk # 74,53 Go (30,57 Go free) # NTFS

D:\ -> Removable Disk

E:\ -> CD-ROM Disc # 24,67 Mo (0 Mo free) [Ara 03 2004] # CDFS

J:\ -> Removable Disk # 1,92 Go (384,44 Mo free) [KINGSTON] # FAT

 

################## | Files # Infected Folders |

C:\WINDOWS\userinit.exe

C:\WINDOWS\System32\3D Windows XP.scr

C:\log.txt

C:\Documents and Settings\User Name\Contig.exe

C:\Contig.exe

################## | Spyware.OnlineGames |

 

################## | Registry # Infected Keys |

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoResolveSearch"

################## | Registry # Mountpoints2 |

 

################## | Cracks / Keygens / Serials |

 

################## | ! End of report # UsbFix V6.059 ! |

 

-----------------------------------------------------------------------

 

 

 

Here is my own analysis and result of the found infections.

 

 

C:\WINDOWS\userinit.exe

Single file scans by IS360, SS&D, MBAM, McAfee are completely clean.

VirusTotal scan Result: 0/41 (0%)

 

C:\WINDOWS\System32\3D Windows XP.scr

Single file scans by IS360, SS&D, MBAM, McAfee are completely clean.

VirusTotal scan Result: 1/40 (2.5%) (eSafe-7.0.17.0-2009.12.06-Win32.Banker)

 

C:\log.txt

Single file scans by IS360, SS&D, MBAM, McAfee are completely clean.

VirusTotal scan Result: 0/41 (0%)

 

C:\Documents and Settings\User Name\Contig.exe

C:\Contig.exe

(Contig.exe version: 1.55.0.0)(The mother of defragmenters from Sysinternals' Mark Russinovich)

Single file scans by IS360, SS&D, MBAM, McAfee are completely clean.

VirusTotal scan Result: 0/41 (0%)

 

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]

REG_SZ Value is not set as (Default) for this Registry entry.

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoResolveSearch"

REG_DWORD Value is set to (1) in the Registry

 

Prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut. By default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file. If you enable this setting, the system does not conduct the final drive search. It just displays a message explaining that the file is not found.

 

 

Although it scanned all the attached peripheral drives, after all that, I can not say that it is perfect, can I ?

I didn't like it, as it is installed to root folder, and the GUI is command prompt, not giving much information during scan.

 

Here is the VirusTotal Result:

 

File Kill_P.exe received on 2009.12.06 20:32:27 (UTC)

Current status: finished

Result: 6/41 (14.64%)

 

It should be noted that if a few anti-virus indicate UsbFix as a worm, is a "false positive": almost all of them validate it as a program course. From our tests on virustotal.com, its use is safe.

 

You decide the validity of the above quote!!!

 

So, one more security software is tested.

 

Cheers.

Link to comment
Share on other sites

very good --i tried this..and well very reveling..

 

################## | Files # Infected Folders |

 

J:\RunDll32.exe <<<<<<<<<<<<<<<<<and this...

 

################## | Spyware.OnlineGames |

 

E:\wlsetup-web.exe <<<<<<<<<<<<<<<<<<<<i dont play on line!

 

################## | Registry # Infected Keys |

 

 

################## | Registry # Mountpoints2 |

 

 

################## | Cracks / Keygens / Serials |

 

thank you for the link..i like this.

 

itsmejjj

Link to comment
Share on other sites

Hi Melvin

 

You have done much good work here Enoskype

 

It's a noble and honorable thing you do... investing your time and resources so selflessly!

 

You and Solbjerg are my heroes on this forum!!

 

Thanks!!

 

I'll second that. Lets have a vote. They get my vote.---garybear

Link to comment
Share on other sites

Thanks

 

Hi,

 

Thank you Enoskype for your devotion and the kindness with which you answer to our messages...

 

Thank you also to those who tested USBFIX and made a feedback.

 

I make the same vote as you my friends all over the world! My heroes are those that I cross most often: Enoskype, Solbjerg, Itsmejjj, Melvin Deal, Maxxwire, GaryBear, Wozofoz... and recently Danburrito.

 

I would not forget my special thanks to Krissy, the pretty Iobit girl who often helped me...

 

I introduce you my best regards.

 

 

And what about my dream ? ("I dream about a new "Anti virus-malwares-worms-trojans-dialers-and so" always running inside the web searching and stalking in non-stop way ' knack and things ' to make them steriles !") Same propagation method as viruses... global response against the web parasites

 

sincerely

Link to comment
Share on other sites

Thank you for all good words and wishes guys, you are spoiling us.:oops:

 

We are all here for the purpose of trying to be helpful to the users of the Forum. We wouldn't be here if we didn't enjoy it though.

 

Although we had a bit of a headache in the last month, we have won many great talents, helpers and friends, and the solidarity is really appreciable.

 

Thank you to you all for making this forum great.:-D

 

Cheers.

Link to comment
Share on other sites

Hi Enoskype,

 

I know that there is a lot of money from web protection at the time and that i'll be difficult to proceed but I dream about a new "Anti virus-malwares-worms-trojans-dialers-and so" always running inside the web searching and stalking in non-stop way ' knack and things ' to make them steriles ! Same propagation method as viruses... global response against the web parasites.

 

it's as if we were going to search a bread every day and that the baker puts a poisoned broad bean... Must everybody take an antidote or they must close the bakery and take the bread elsewhere? or made the poison inoffensive in its flacon ...

 

sincerely

Link to comment
Share on other sites

Hi Maxxwire :grin:

 

Thank you for the link ! The interface seems a little more delightful, isn't it ! he he

 

But what are doing all these softwares in our computers, i mean : Antivir Premium, ASC Pro, S360 Pro, A-squared pro, is a basic autorun.inf comes and seeds confusion ?

 

And what about my wishes, Maxxwire ? What is your opinion ?

 

Sincerely,

Link to comment
Share on other sites

Hi Gang,

"under some very unlikely conditions some applications could stop working."

 

That disclaimer sounds like it could fit any one of 100's of different applications that I have tried and never had a problem with. I wonder how many 0's it would take lined up behind a decimal point to adequately describe "very unlikely conditions"?

 

As for the Panda USB Vaccine it was finally able to stop the persistent, nagging and annoying Auto Run feature on my computer which had always been completely useless to me and took so many hours of my time over the years defeating every time I plugged a USB device in...

 

"Panda USB Vaccine is a free solution designed to protect against this threat. It offers a double layer of preventive protection, allowing users to disable the AutoRun feature on computers as well as on USB drives and other devices:

 

Vaccine for computers: This is a ‘vaccine' for computers to prevent any AutoRun file from running, regardless of whether the device (memory stick, CD, etc.) is infected or not.

 

Vaccine for USB devices: This is a ‘vaccine' for removable USB devices, preventing the AutoRun file from becoming a source of infection. The tool disables this file so it cannot be read, modified or replaced by malicious code.

 

This is a very useful tool as there is no simple way of disabling the AutoRun feature in Windows. This provides users with a simple way of disabling this feature, offering a high degree of protection against infections from removable drives and devices."

 

~Maxx~

Link to comment
Share on other sites

The word that bothered me was the word "irreversible" used in relation to vaccinating the USB drive itself. I have a 8GB drive that I use daily at home and at work and I use the autorun.inf file to launch truecrypt and a tracking agent. According to the help file if I had vaccinated the USB I could no longer have used it the same way. Not sure what "vaccinating" the USB even means since autorun.inf is just a text file. I may have to play with it on a spare drive.

 

edit: Also just read that support for an NTFS drive is experimental and mine is formatted NTFS.

Link to comment
Share on other sites

Just Dave- I recreated an experiment I had done before when I was also curious about the permanence of the Panda USB Vaccine. My A Data B 16 GB FAT 32 format USB Flash Drive had been Vaccinated with Panda USB as shown in the first screenshot. The second screenshot shows the same USB Drive after a quick reformat and the 16 byte Panda USB Vaccine code is completely gone.

 

~Maxx~

Link to comment
Share on other sites

in win 7 Vista,XP, iffa ya want to turn this of ,or back on

 

i don't worry about it .and leave it on .but you may..

 

my way of thinking if you are at home ,and the only user why would one want this of? unless others plug in a usb..or cd...but yes you can do this if wanted just follow the cap instructions..

 

 

 

itsmejjj

Link to comment
Share on other sites

in win 7 Vista,XP, iffa ya want to turn this of ,or back on

 

i don't worry about it .and leave it on .but you may..

 

my way of thinking if you are at home ,and the only user why would one want this of? unless others plug in a usb..or cd...but yes you can do this if wanted just follow the cap instructions..

 

 

 

itsmejjj

 

There are/used to be ways around that, itsmejjj.

 

Thinking about it, by plugging in an USB stick or popping in a CD/DVD, anything running automatically has got to be started by an autorun.inf file.

 

I cannot remember where I've seen that trick, but in Vista/XP you could enter a key into the registry, so it would not work anymore:

 

Such as:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist123321456654789987"

 

This makes the system think there is no autorun.inf, therefore cannot be run automatically. :mrgreen:

 

 

Somebody correct me, if this is complete bull. (It worked on my Vista and XP machines)

Link to comment
Share on other sites

There are/used to be ways around that, itsmejjj.

 

Thinking about it, by plugging in an USB stick or popping in a CD/DVD, anything running automatically has got to be started by an autorun.inf file.

 

I cannot remember where I've seen that trick, but in Vista/XP you could enter a key into the registry, so it would not work anymore:

 

Such as:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist123321456654789987"

 

This makes the system think there is no autorun.inf, therefore cannot be run automatically. :mrgreen:

 

 

Somebody correct me, if this is complete bull. (It worked on my Vista and XP machines)

 

 

Open Notepad and copy/paste the following into a text file:

 

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]

@="@SYS:DoesNotExist"

 

Save the file as something.reg. (You have to be sure to change the "Save File as Type" to "All Files" before saving, or Windows will try to save it as a .txt even if you typed in .reg.

 

Locate the file you just saved and double-click the file to run it. You will receive a prompt asking if you want to add the data to the registry. Click yes to allow the modification.

 

The above method nulls any request for auto run.inf and works on XP Home or Pro, as well as Windows Vista.

 

yes you are right..

but if ya want this..like i say follow the introductions of my caps..so as to undone this ..as i show on page -post 19.but yes there are different tweaks that can and do the same,if one really find this need to turn it of...

 

 

itsmejjj

Link to comment
Share on other sites

Just turning autorun off, can be circumvented by malware. Rather easily, too.

 

E.g. If you'd turn it off, autorun would still work for USB devices you previously had plugged into your computer, since that information is still in the registry and is being remembered. At least that is how I remember it from about a year ago, when I read about USB devices and malware distribution and spreading with said devices.

Link to comment
Share on other sites

Just turning autorun off, can be circumvented by malware. Rather easily, too.

 

E.g. If you'd turn it off, autorun would still work for USB devices you previously had plugged into your computer, since that information is still in the registry and is being remembered. At least that is how I remember it from about a year ago, when I read about USB devices and malware distribution and spreading with said devices.

 

Yes Dan, infected USB drives were one of the main culprits in spreading the Conficker Worm during that time period which is why for those who do not want to muck around editing the registry can use the Panda USB Vaccine to both turn off autorun in the computer which is reversible on demand and also to place a simple and removable 16 byte code on each USB drive that prevents it from using the autorun on any computer too and each of these operations only requires one click of the mouse.

 

As a side benefit for me is that I no longer have the annoying autorun GUI that I never use popping up each and every time I plug in one of my 9 USB Drives.

 

~Maxx~

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...