A USB "Toolkit"?

James M. Fisher

James M. Fisher

Well-known member
Joined
Jun 8, 2014
Posts
272
Location
New Brunswick, Canada
I'm supposed to go look at someone's desktop PC in a couple of days. She thinks there may be a virus on it. It has been a long time since I worked on anyone's PCs aside from my own, so I wanted to know what essential programs I may need to take along on a USB stick.

Thanks,
 
A list of programs and utilities I consider a must have on a USB stick (in no particular order)


  • The whole Sysinternals suite
  • HWMonitor
  • CrystalDiskInfo Portable
  • Notepad++ portable
  • VLC Portable
  • Revo Uninstaller Portable
  • Nirsoft (NirLauncher)
  • WinDirStat Portable
  • Norton Removal Tools
  • MBAM Installer
  • ADWCleaner
  • JRT (Junkware Removal Tool)
  • PatchMyPC
  • PC Decrapifier
  • TFC
  • BSOD Posting Instructions file collection app from Sysnative
  • Pale Moon Portable


Many portable versions of programs can be found here: Portable App Directory | PortableApps.com - Portable software for USB, portable and cloud drives. Ignore their "Plaform" or launcher, just download the portable installers and run them. They will extract themselves to your memory stick.

Some programs are just .exe's that need to installing
 
I would also have a separate Bootable Linux installed on a USB Drive/DVD just in case...
 
James M. Fisher said:
As it turned out, I only needed a few of the above tools to remove a bogus spyware program and some toolbars. All appears well now. Thanks again, folks!
Click to expand...

Doesn't surprise me, but I keep all those tools on my memory stick (plus quite a few more ones specific to my usage) at all times

blueelvis said:
Stephen, I am just curious as to why you have included VLC Portable in that list? o.O
Click to expand...
Exactly as Patrick says. Being in school, I quite often get asked "why doesn't my video play?" by other students who have made a video at home and exported it in some kind of weired codec. We didn't use to have VLC installed on the school systems (we do now) and VLC will play everything you throw at it.

VLC can also be used for basic video conversion if needs be.
 
I've found that the most important thing to have is an alternate means of connecting to the internet.
That way you can download what you need.
I don't use my phone for this (data charges are too high), but I use the ability to connect directly to the customer's router/modem with my own device.

I also carry a 128 gB USB3 flash drive. It contains proprietary tools in addition to:
Updated versions of Windows add-ons (like .NET)
Updated versions of most commonly used programs
Diagnostic tools
Antivirus programs/removal tools
Portable browsers
NirSoft Suite
SysInternals Suite

The hardest thing about having all that storage is keeping the stuff on it updated - that's why I'd rather download what I need at the time that I need it.
 
Corrine said:
In a situation where you are helping someone with a badly infected computer rather than a "a bogus spyware program and some toolbars", create a ESET SysRescue Live Disk from here: ESET SysRescue Live.

ESET has many other stand-alone tools with specific cleaners available from Overview | ESET Virusradar, created for specialized removals. For example, Virlock, discussed at Win32/Virlock: First Self-Reproducing Ransomware is also a Shape Shifter.
Click to expand...
Thanks Corrine. I should have been more specific. There was no virus infection, just a program called "Super anti-spyware" that was scarring her with pop-ups containing false reports. I removed it and some toolbars as well. I will definitely create the ESET disk.
 
Last edited:
When you wrote "bogus" spyware program, I thought you meant some rogue. SAS (SUPERAntiSpyware) is a safe program with a good reputation. Malwarebytes Anti-Malware just happens to be my preferred program.
 
Corrine said:
When you wrote "bogus" spyware program, I thought you meant some rogue. SAS (SUPERAntiSpyware) is a safe program with a good reputation. Malwarebytes Anti-Malware just happens to be my preferred program.
Click to expand...
Good to know. I never researched it (SAS); it had a 'cheap' look about it. She actually had Malwarebytes installed, so I left it alone.
 
Another that was missed, Windows Defender Offline, info here: What is Windows Defender Offline? - Windows Help.

As to Tron Rescue, many of those tools need to be the latest version so if you're working on a system without an Internet connection, it would be necessary to get the latest update first. Noting that ComboFix is listed, it is NOT compatible with Windows 8.x and it does make a difference if you know what the script format is.
 
Indeed - but there was no indication of an OS here, so I was curious that no one had mentioned it previously.
 
A lot depends what their need is. Some people want to have a system analysed and damage or exfiltration assessed. Others just want Windows working and My Documents back again (my dad's like that!). If there was malware, then, is the route it came in known, and its extent known (and was anything else piggybacked) which takes time but may be essential. On the other hand, perhaps their "virus" was an intermittently faulty DRAM module or a borderline failing HDD?

The upshot is, I would also consider things suited to getting the user up and running again as fast as possible on a clean system:

* Fast reputable verified file copier such as FastCopy if PE is used, to be sure you can back up their data and know it's reliable - as the state of their disks will be an unknown.
* Fast and reputable disk imaging program. Ideally one well suited to borderline-failing drives which may need repeat read attempts, in case a borderline failing disk is the "virus". Also if there is a genuine virus an image is crucial for many reasons.
* A Windows Updates offline installer and its current updates (Portable Updates, AutoPatcher, and a dozen others) to get them updated and patched without network reliance (router or local DNS etc could be targeted) or slow/poor cellular connection
* Repair utilities for common apps, in case of corrupt data
* Stress testing kit to check major components and platform stability
* Replacement parts for a few more common faulty components (spare DRAM module, ssd/hdd/cables they can have for a few days, or for me to take images of their disks on, and screwdrivers!)


A different take on it, but I figure I can always do more detailed work back home, via an image or their original (offline) disk, and have all my stuff there, do offline A/V scans to determine if there did seem to be a problem. A lot of the time the actual priority when people not in a big company ask for help on a "virus" or other major issue, is "can I get back to my stuff and how long will it take", and they may assume malware when it's hardware. A security/data recovery professional with more serious cases and larger clients, will probably prioritise assessment of infiltration and extent, a completely different focus.
 
Last edited:

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top