30
votes
How to be 100% certain a USB drive has not been tampered with and has no malware?
There is no way to be 100% sure the USB is safe, and that it will not harbour malware even if wiped. (If I were that way inclined, and had the knowledge, a small chip with malware, not active, with a ...
- 71.4k
9
votes
How to be 100% certain a USB drive has not been tampered with and has no malware?
You assume that it is tainted.
You cannot be betrayed if there never was any trust to be betrayed.
And you will not suffer harm if you assume that harm is what will happen and prepare to meet it.
...
- 199
7
votes
File delete - access is denied even with /F
Just run these commands:
takeown /F * /R /D Y
icacls . /T /C /grant administrators:F System:F everyone:F
del * /s /q
4
votes
How to be 100% certain a USB drive has not been tampered with and has no malware?
As far as a hardware hack, an absurdly advanced electrical specialist with a specific target could make a logic circuit that checks for you finishing running your cleaning software, then injects ...
- 71
4
votes
What partition needs to be dealt with to get a clean install of windows?
You can erase the partition table using tools available on the Windows installation media. This will destroy all the data on disk.
Boot from the installation flash drive or DVD. On the screen with the ...
- 57.5k
3
votes
File delete - access is denied even with /F
To Delete a specific file:
When del /f <FILE> producing an Access Denied error, you need to firstly take owner and grant access using takeown and icacls in the command line utilities.
Take ...
- 163
3
votes
Completely remove FlexNet Connect software
My only experience is with FlexNet and Dragon Naturally Speaking. It seems that Flexnet connect is a third part updater Nuance uses. There isn't a supported way to uninstall it but blocking the ...
- 301
3
votes
Accepted
How do I remove the imklaunchagent malware?
Frame challenge.
It's not malware, it's a standard macOS process.
[Note to commenters… you also fell for it rather than did any research.]
It's a standard macOS process.
If you ever google a process ...
- 50k
2
votes
Accepted
Unable to uninstall Paragon HFS+ For Windows
I contacted paragon and they gave me this solution (that worked on my paragon so, GOOD LUCK!)
Launch HFSCleaner-2.exe as Admin, let it perform its task, then reboot PC when prompted.
HFSCleaner-2....
2
votes
Accepted
Is there a reasonable way to clean risky thumb drives?
You should first make sure you have backed up any all important files.
You should first Start up Disk Utility.
Plug in the thumb drive you’d like to reformat. It should also show up in the list of ...
- 254
2
votes
Is there a reasonable way to clean risky thumb drives?
The absolute safest way is probably to get a machine that you can disconnect the internal hard drive on and boot from a Linux live DVD. Don't boot from USB, use a DVD.
That way you can reduce the ...
- 93.8k
2
votes
My computer is hacked, All files were renamed as YYZA file extension, how to rename or remove YYZA Extension?
It's a STOP / DJVU variant.
Some variations can be decrypted using the Emsisoft decryptor
If your variant isn't supported yet, all you can do is wait and try every now and then if an updated version ...
- 6,923
1
vote
Accepted
Suspicious script meddling with /usr/bin/open
/usr/bin/open is a part of MacOS. It's been there since at least MacOS Mojave:
McStudio:~ pg$ ls -l /usr/bin/open
-rwxr-xr-x 1 root wheel 105952 Jul 11 2021 /usr/bin/open*
McStudio:~ pg$ /usr/bin/...
- 4,744
1
vote
If I get malware, should I worry about it propogating over wifi or should I look for signs of that behaviour first?
So this is complicated and nuanced.
Most modern OS-based malware is not self-replicating. That said however, once compromised, the malware is likely to install Remote Access Toolkits (RATs) that give ...
- 36.4k
1
vote
If I get malware, should I worry about it propogating over wifi or should I look for signs of that behaviour first?
Should you worry about it? Yes.
There are known Server Message Block (SMB) vulnerabilities in e.g. Windows. SMB is a file sharing protocol. If your other systems have not been patched then they can be ...
- 4,672
1
vote
What’s the difference between rootkit and RAT?
From Kaspersky - A Malware Classification
Rootkit:
A rootkit is a special form of malware, designed specifically to hide its presence and actions from both the user and any existing protection ...
- 50k
1
vote
How can I remove an unwanted Chromium installation from Windows 10?
Get Chromium the official way and override the previous installation, then uninstall.
Or just delete all the files and registry keys you can find manually.
- 74
1
vote
Is there a reasonable way to clean risky thumb drives?
You can clean them by formatting.
Just before connecting them make sure that your pc does not do any action when a usb drive is connected, so it can just format them without reading anything.
- 21.6k
1
vote
Remove Sticky Bloatware in Windows 10
Bloatware are very annoying problem in the PCs usually it occurs in the new PCs that takes hard drive space and uses unnecessarily resources. To remove these unwanted applications its better to remove ...
- 47
1
vote
Accepted
Extra CPU usage by Windows 10
Windows 10 has a lot of background processess that kick in mostly when user interaction and/or demand are low. Processess like telemetry or windows update can take a lot of cpu time, so that's ...
- 276
1
vote
Accepted
How to trace which JavaScripts are being loaded (Malware in Wordpress)
Found the answer here:
https://stackoverflow.com/a/37148993/7679279
In Chrome Developer Tools, go to the Network Tab and use the "Preserve Log" option before loading the malicious site. This will ...
- 59
1
vote
How to be 100% certain a USB drive has not been tampered with and has no malware?
In security, the answer to any question which contains the phrase "100%" is always a big fat NO.
Simply formatting, overwriting, erasing, or whatever else you can come up with, is not enough. Why? ...
- 3,432
1
vote
How do I get rid of showad.js in windows 10?
What you’re seeing is a malfunctioning website. Instead of executing the script (and showing ads) it somehow makes your browser initiate a download. What you’re seeing is the regular download workflow ...
- 63.9k
1
vote
pseudohydrophobia process Mac
Take a look at https://objective-see.com/blog/blog_0x0E.html
Analysis of an Intrusive Cross-Platform Adware; OSX/Pirrit
It could be the Pirrit malware.
The username volutate and filenames (...
- 1,620
Only top scored, non community-wiki answers of a minimum length are eligible