toadstew2016

Scan backup drive

Recommended Posts

Certain scan options (detect PUPs, scan for malware traces, etc) will automatically check certain areas on the system drive (C: in your case). If you want to avoid it, then turn off all the scan options on the left side under Scan Objects, turn off the option to detect PUPs on the right side, and then try running your scan.

Share this post


Link to post
Share on other sites

In custom scan where drives are listed I am clicking on D drive,but still wants to scan C drive.Could you show me with a screen shot what I should be doing to scan drive D.I am not getting something here.

Share this post


Link to post
Share on other sites

I've never used EEK... but if its GUI is the same as the EIS one, underneath the section where you specify drives to be scanned there's two columns of options dictating what sorts of things will be looked for on your whole machine, as well as the drives you nominate.  As GT500 said, some of those things, if ticked, will always look on your system drive - and on your machine that means some scanning of some parts of C:\ will happen if you've got those options ticked.

You need to look at each of the tickable things in turn and decide whether you want them active.

Share this post


Link to post
Share on other sites

Unticked everything except malware traces clicked D drive and still scans C drive.Maybe it is not possible to scan external drive this way.Maybe add to right click context menu,or use Command Line feature?I still think there is something I am not getting though.What about settings and folder areas,does something have to be added to scan D drive?

Share this post


Link to post
Share on other sites

In EIS, the pop-up help for "Malware Traces" says that means the registry and configuration files will be looked at... obviously that's going to include the system drive.  But I don't see what your problem is.  If you tick these systemy things, locations of system files on C will get looked at, and after that, the ordinary files elsewhere on your nominated drive(s) will be examined.  Are you stopping each of your test scans before processing of the ordinary files starts?  

Share this post


Link to post
Share on other sites

In custom scan where drives are listed I am clicking on D drive,but still wants to scan C drive.Could you show me with a screen shot what I should be doing to scan drive D.I am not getting something here.

Share this post


Link to post
Share on other sites

No oridnary forum user (eg me) can see the files you attached, though Emsisoft staff will be able to.    If there's nothing private in them, c&p their contents into posts.

Depending on what options each scan ran with,  presumably what was examined will be

  "C drive only"  - system files on C, plus user files on C

  "D drive only"  - system files on C,  plus user files on D

Share this post


Link to post
Share on other sites

Ok the logs show a very small difference in files scanned.but you should be able to click on D drive(indicated by blue highlite similar to copy and paste) or am I wrong on this.Hate not knowing why things will not work if you know what I mean.Lets wait to see if one of the staff can figure this out.Thanks.

Share this post


Link to post
Share on other sites
21 hours ago, toadstew2016 said:

Could you show me with a screen shot what I should be doing to scan drive D

EEK_Scan_Options_to_Turn_Off_to_Only_Sca

 

Keep in mind that the above is not actually necessary to scan your D: drive. All you have to do to scan it is add it to the list of folders right under "Custom Scan", and remove any folders/drives you don't want scanned. You only need to do the above if you do not want to see things on the C: drive being scanned before things on your D: drive get scanned.

 

Edit: Earlier you said you were clicking on your D: drive to select it. If you mean in the list at the top, right below where it says "Custom Scan", then note that everything in this list will be scanned (regardless of what is selected/highlighted). If you do not want a drive in the list to be scanned, then click on it to select it, and then click the Remove folder button to remove it.

Share this post


Link to post
Share on other sites

Thanks for info.I will rescan it just to be sure.Scan times indicate it was scanned though.Log info will show you the backdoor Kevin Zoll checked out for me.I think it was put there by online tech support(was having sign in problems).I am not totally sure so just wanna be safe and make sure backups are clean.Hope to be able to do all the tech stuff myself one day.

scan_170103-221526.txt

Share this post


Link to post
Share on other sites

In custom scan where drives are listed I am clicking on D drive,but still wants to scan C drive.Could you show me with a screen shot what I should be doing to scan drive D.I am not getting something here.

Share this post


Link to post
Share on other sites

I have Toshiba.I do not suspect them,but I do suspect hotel Wifi or a reset of windows update components batch file.Batch came from source on Bleeping Computer.I did scan it,but not with EEK.I am using Cyberghost.99% of the time.What are the odds backdoor was a false positive?Bleeping guys have high integrity so highly doubt it was that batch.

Share this post


Link to post
Share on other sites
9 hours ago, toadstew2016 said:

In custom scan where drives are listed I am clicking on D drive,but still wants to scan C drive.Could you show me with a screen shot what I should be doing to scan drive D.I am not getting something here.

You've already been given a screenshot of what's necessary.  So if that didn't help you, we're not understanding your problem.  Maybe you need to show us a screenshot of what you are actually asking EEK to do. 

Arthur's made the point that ALL THE DRIVES listed in the top section of the panel get scanned.   Earlier you said "but you should be able to click on D drive (indicated by blue highlite similar to copy and paste"... which makes me wonder if in the list of several drives you're clicking (turning blue) the entry for D:\   ?    From what Arthur said, that will NOT just ask EEK to scan D alone.  Did you follow his advice to remove the other drives from that list?

Share this post


Link to post
Share on other sites

Followed instructions and scanned D drive.EEK found nothing.I really am interested in that detection(win32backdoor beast A) that was initially detected on C drive.Because it was located in registry I do not think it is possible to figure out if it was a false detection,even if submitted to BitDefender.Very little info on that backdoor on the web.Maybe my reasoning is wrong but if it was a false hit I would think others would have reported it.

Share this post


Link to post
Share on other sites

Could you open the scan log that shows the detection, and paste the contents into a reply? You can paste it into a Code block on the forums by clicking on the <> icon in the toolbar above where you write your post, and then inserting it into your post.

You can also attach the log to your post as you did before, however note that only staff members can see files that you attach to your posts.

Share this post


Link to post
Share on other sites

Here you go.

 HKEY_USERS\S-1-5-21-2260693271-183851513-1559263687-1002_CLASSES\.BAD 	detected: Backdoor.Win32.Beast (A) []

I use HitmanPro and they use Bitdefender,Sophos and Kaspersky and it did not detect this.Its in quarantine and just to repeat Kevin Zoll had me run Frst and there was nothing suspicious.

Share this post


Link to post
Share on other sites

Found my old post on this and Kevin Zoll said that it was most likely not a false detection. What exactly does that mean? I never really got an answer on that.Would Frst have found other entries if it was a real threat?

Share this post


Link to post
Share on other sites
11 hours ago, toadstew2016 said:

What exactly does that mean?

There's not enough information in the path for me to know for sure. The name "Win32.Beast" is all I have to go on, which appears to be either this or this (although I have not verified that).

 

11 hours ago, toadstew2016 said:

Would Frst have found other entries if it was a real threat?

More than likely. The infection does have files related to it, in addition to registry entries.

Share this post


Link to post
Share on other sites

Unfortunately that can be true.

If it is a recurring detection then it can be exported from the registry for further investigation.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.