Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Can I "firewall" a hard drive?
New Posts  All Forums:Forum Nav:

Can I "firewall" a hard drive?

post #1 of 6
Thread Starter 
My girlfriend just got some sort of fake antivirus on her computer. I'm not with her now so I don't remember what it's called, but it's kind of nasty. Persists in safe mode, evaded Avira (though her guard was disabled when I checked; not sure if that's her doing or the virus'), and whatnot. I found a guide online for taking out all the files and registry entries but I'm afraid that as long as I'm booted into Windows, it'll just regenerate itself like a krogan. I feel like the easiest thing to do would be to pop it into my external enclosure and browse for the stuff manually, but I'm afraid of contaminating my computer with it. Is there a way to disable writing to my system drives from all external media temporarily? Also, can I edit registry entries this way?
Monolith
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 4790k AsRock z97 Extreme6 Gigabyte R9 290X GDDR5-4GB 2xDVI/HDMI/DP OC  G.SKILL F3-2400C10D-8GTX 
RAMHard DriveHard DriveHard Drive
G.SKILL F3-2400C10D-8GTX Crucial M4 128 GB Spinpoint 1 TB TB Seagate 7200 
Optical DriveCoolingOSMonitor
LG blu ray, TSSCorp DVD Corasir H70 Windows 10 x64 Vizio SV370XVT (37" 1080p TV) 
KeyboardPowerCaseMouse
Generic hp multimedia keyboard SeaSonic SS-750KM3 750W ATX12V NZXT Phantom Black Razer Naga 
Mouse Pad
None 
  hide details  
Reply
Monolith
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 4790k AsRock z97 Extreme6 Gigabyte R9 290X GDDR5-4GB 2xDVI/HDMI/DP OC  G.SKILL F3-2400C10D-8GTX 
RAMHard DriveHard DriveHard Drive
G.SKILL F3-2400C10D-8GTX Crucial M4 128 GB Spinpoint 1 TB TB Seagate 7200 
Optical DriveCoolingOSMonitor
LG blu ray, TSSCorp DVD Corasir H70 Windows 10 x64 Vizio SV370XVT (37" 1080p TV) 
KeyboardPowerCaseMouse
Generic hp multimedia keyboard SeaSonic SS-750KM3 750W ATX12V NZXT Phantom Black Razer Naga 
Mouse Pad
None 
  hide details  
Reply
post #2 of 6
go safe mode install malwarebytes and that usuall does the job for me even with nasty viruses.

By the way there had been times that I've had to run malwarebytes like 3-5 times before all viruses are removed and stop recontaminating.
SC2 Phantom
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500k @ 4.5Ghz  Asus P8P67 Pro Saphire 7950 3GB 8GB G.SKILL Ripjaws X Series 
Hard DriveOptical DriveOSMonitor
Temp slow hdd None Win7 Pro 64bit Asus 24 VE248H  
KeyboardPowerCaseMouse
Alien XFX 850 Silver 80 Plus NZXT Phantom Black Razer Darthbender 
Mouse Pad
Thermaltake LED 
  hide details  
Reply
SC2 Phantom
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500k @ 4.5Ghz  Asus P8P67 Pro Saphire 7950 3GB 8GB G.SKILL Ripjaws X Series 
Hard DriveOptical DriveOSMonitor
Temp slow hdd None Win7 Pro 64bit Asus 24 VE248H  
KeyboardPowerCaseMouse
Alien XFX 850 Silver 80 Plus NZXT Phantom Black Razer Darthbender 
Mouse Pad
Thermaltake LED 
  hide details  
Reply
post #3 of 6
I've gotten things like that before - If you have the name of the "antivirus" you can usually find a guide on how to get rid of that specific virus online.

Could you by any chance find the name of it?
    
CPUMotherboardGraphicsGraphics
3930k Sabertooth X79 hd7850 hd7850 
RAMHard DriveHard DriveCooling
32gb kingston ddr3 1333 kingston v+100 ssd wd6400aaks corsair h60 
OSMonitorKeyboardPower
win 7 pro 3x Insignia 24" Filco Majestouch Tenkeyless Corsair AX 760 
CaseMouseMouse Pad
Pink NZXT Phantom Zalman FPSGUN1000 who? 
  hide details  
Reply
    
CPUMotherboardGraphicsGraphics
3930k Sabertooth X79 hd7850 hd7850 
RAMHard DriveHard DriveCooling
32gb kingston ddr3 1333 kingston v+100 ssd wd6400aaks corsair h60 
OSMonitorKeyboardPower
win 7 pro 3x Insignia 24" Filco Majestouch Tenkeyless Corsair AX 760 
CaseMouseMouse Pad
Pink NZXT Phantom Zalman FPSGUN1000 who? 
  hide details  
Reply
post #4 of 6
Thread Starter 
Quote:
Originally Posted by Dsfyu View Post
I've gotten things like that before - If you have the name of the "antivirus" you can usually find a guide on how to get rid of that specific virus online.

Could you by any chance find the name of it?
Hey, I don't want to appear rude or disrespectful; thanks for giving me an answer. However,

Quote:
Originally Posted by Danja View Post
My girlfriend just got some sort of fake antivirus on her computer. I'm not with her now so I don't remember what it's called, but it's kind of nasty. Persists in safe mode, evaded Avira (though her guard was disabled when I checked; not sure if that's her doing or the virus'), and whatnot. I found a guide online for taking out all the files and registry entries but I'm afraid that as long as I'm booted into Windows, it'll just regenerate itself like a krogan. I feel like the easiest thing to do would be to pop it into my external enclosure and browse for the stuff manually, but I'm afraid of contaminating my computer with it. Is there a way to disable writing to my system drives from all external media temporarily? Also, can I edit registry entries this way?


I'll try the malwarebytes too and see if that helps. Just for my future reference though, is what I described in the OP possible?
Monolith
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 4790k AsRock z97 Extreme6 Gigabyte R9 290X GDDR5-4GB 2xDVI/HDMI/DP OC  G.SKILL F3-2400C10D-8GTX 
RAMHard DriveHard DriveHard Drive
G.SKILL F3-2400C10D-8GTX Crucial M4 128 GB Spinpoint 1 TB TB Seagate 7200 
Optical DriveCoolingOSMonitor
LG blu ray, TSSCorp DVD Corasir H70 Windows 10 x64 Vizio SV370XVT (37" 1080p TV) 
KeyboardPowerCaseMouse
Generic hp multimedia keyboard SeaSonic SS-750KM3 750W ATX12V NZXT Phantom Black Razer Naga 
Mouse Pad
None 
  hide details  
Reply
Monolith
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 4790k AsRock z97 Extreme6 Gigabyte R9 290X GDDR5-4GB 2xDVI/HDMI/DP OC  G.SKILL F3-2400C10D-8GTX 
RAMHard DriveHard DriveHard Drive
G.SKILL F3-2400C10D-8GTX Crucial M4 128 GB Spinpoint 1 TB TB Seagate 7200 
Optical DriveCoolingOSMonitor
LG blu ray, TSSCorp DVD Corasir H70 Windows 10 x64 Vizio SV370XVT (37" 1080p TV) 
KeyboardPowerCaseMouse
Generic hp multimedia keyboard SeaSonic SS-750KM3 750W ATX12V NZXT Phantom Black Razer Naga 
Mouse Pad
None 
  hide details  
Reply
post #5 of 6
you won't contaminate your system without clicking on things. Your good don't worry about it!
SuperMegaPwnsauce
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 4770k Asus Z87-PRO MSI GTX 1080 Gaming X Gskill Ripjaws X 19200 16GB 
Hard DriveCoolingOSMonitor
Samsung 850 EVO 500GB SSD BeQuiet! Dark Rock Pro 3 Windows 10 Home 64Bit  Dell S2716DG 2K 144hz G-Sync 
KeyboardPowerCaseMouse
Logitech G910 Orion Spectrum Seasonic Flagship PRIME TITANIUM 650W Fractal Design Define R5 W/ 3 Phanteks PH-F140S... Logitech G Pro 
Mouse PadAudioAudio
PC Gaming Master Race Glorious XXXL Pad & Razer... Creative Sound Blaster Z & Schiit M&M 2 Uber/Mu... HifiMan HE400i & Antlion ModMic 4.0 
  hide details  
Reply
SuperMegaPwnsauce
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 4770k Asus Z87-PRO MSI GTX 1080 Gaming X Gskill Ripjaws X 19200 16GB 
Hard DriveCoolingOSMonitor
Samsung 850 EVO 500GB SSD BeQuiet! Dark Rock Pro 3 Windows 10 Home 64Bit  Dell S2716DG 2K 144hz G-Sync 
KeyboardPowerCaseMouse
Logitech G910 Orion Spectrum Seasonic Flagship PRIME TITANIUM 650W Fractal Design Define R5 W/ 3 Phanteks PH-F140S... Logitech G Pro 
Mouse PadAudioAudio
PC Gaming Master Race Glorious XXXL Pad & Razer... Creative Sound Blaster Z & Schiit M&M 2 Uber/Mu... HifiMan HE400i & Antlion ModMic 4.0 
  hide details  
Reply
post #6 of 6
Follow this steps

Uninstall Multiple Protection Applications. Only one 1 AV and only 1 firewall on your system. Any other remove them

Go to your uninstaller look for these if they are there remove them

MyWay or MyWay Search Assistant
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Viewpoint Toolbar (Remove Only)

Uninstall ALL old Sun Java versions
Empty ALL Quarantine type folders for antivirus and antispyware applications.

Download and run CCleaner. Clean out all your temp files

Enable viewing of hidden files, system files and file extensions

Then Click Start and type RUN in the Start Search box and hit enter, then in the RUN box type msconfig and hit enter.
Select the General tab and select Normal Startup.
Then click Apply and OK and reboot PC before continuing.
Remain in this Normal Startup mode while your PC is being cleaned of malware.

Disable or uninstall any disk emulation software like Daemontools etc VERY IMPORTANT

You need to download the following utilities

Super Antispyware
http://www.superantispyware.com/down...NTISPYWAREFREE

Malwarebytes Anti-Malware
https://store.malwarebytes.org/342/c...&product=29945

IMPORTANT Rename the downloaded mbam-setup.exe file to mb.exe

Download Combofix (do not run)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

MGTOOLS
http://forums.majorgeeks.com/chaslang/files/MGtools.exe

Disable UAC

Click Start, and then click Control Panel.
Click User Accounts and Family Safety
In the User Accounts and Family Safety window click Change User Account Control Settings
Then move the Slider all the way to the bottom to Never Notify
Click OK and then Yes to the popup warning that you are turning off UAC
If it is already unchecked, then you should also notice a red shield with an X in it located in your system tray. Ignore any mesages about UAC being disabled.
Click Restart Now to apply the change right away. (Restart even if you did not make the above change, we need to be sure that a reboot has occurred since the first time that UAC was disabled.)


Download TDskiller
http://support.kaspersky.com/downloa...tdsskiller.zip

Save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure
If a suspicious file is detected, the default action will be Skip
It may ask you to reboot the computer to complete the process. Click on Reboot Now

Then Install
SUPERAntiSpyware and run it.
Malwarebytes
Combofix
MGtools

While running the MGtools procedure UAC was disabled. To turn it on again.
navigate into the \\MGTools folder just created in the root of your Windows boot drive.
locate the EnableUAC.reg file and double click on it and allow it to be added to the registry.

Reboot

Disable System Restore
Now reboot your PC
Now Enable System Restore again

Run CCleaner when done. Update your AV and your adobe flash.
Run a full system scan with your av

When your done get the following apps

Sandboxie

These add ons for Firefox Chrome
WOT
No Script
AD block plus
Better Privacy
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Can I "firewall" a hard drive?