These malware related tasks can be added to your custom lists within the main d7x interface for manual or auto mode usage.
(In order of appearance, mostly…)
- MSSE/WD Full (and Quick) Scan – Force a full or quick command line scan/removal with Windows Defender or Microsoft Security Essentials on Windows XP (if installed.)
- Clear Proxy Settings – Clears proxy settings used by Windows (and with Internet Explorer/Edge) as well as Mozilla Firefox, Google Chrome, and a number of Chromium based variants.
- dUninstaller (Auto) – This option launches the dUninstaller component to automatically uninstall apps on your pre-configured definitions list, utilizing the SILENT uninstall option when available. Useful for removing a lot of toolbars and other unwanted apps that you see on many systems.
- dUninstaller (UI) – Same as (Auto) however the (UI) option brings up the full interface, which allows you to work manually or configure definitions for the automated uninstall. This is a clone of the stand-alone app dUninstaller.
- Empty Recycle Bin – Does what it says!
- Find Moved Shortcuts – Find the Start Menu / Desktop / Quicklaunch shortcuts moved to a temp dir by malware, and move them back! Not seen in a long time, but hey it doesn’t hurt to leave this one in your routine.
- Fix File Associations – Import default values for the shell to launch EXE, COM, BAT, CMD, LNK, and REG files.
- IFEO Modifier – Use this to modify the Image File Execution Options section of the registry. This entry located in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options and contains debugger values for legitimate applications. You can use this to redirect legitimate applications to dummy applications. For example, you can use this to configure Windows so that if “some malware.exe” is launched, instead it will run “d7x dummy.exe” or nothing at all. Useful to fight active malware on a system.
- Install Custom HOSTS File – Installs a custom hosts file of your own (when located in 3rd Party Tools dir.)
- Kill Explorer.exe – Does just that, terminates Windows Explorer so you can remove malware that may be hooked into the shell.
- Kill Rename Ops – Delete the PendingFileRenameOperations registry key, (this fires on restart to move/delete files prior to loading Windows.)
- KillEmAll – Terminate all non-essential running applications. In Auto Mode, this does show the user interface but terminates programs and continues to the next Auto Mode item. Otherwise only the user interface is shown, but programs are not terminated until you select to do so.
- KillZA Check – An oldie but a goodie, this was an all-in-one check/removal for the Zero Access rootkit. Not so useful these days.
- Malware Search Tool 3000 – Use to easily examine common malware load points in the registry and file system, and customize a file system search for certain file patterns. Here’s a quick breakdown of what is done.
- The registry hives of all user profiles on the system are loaded.
- The OPTIONAL Pre-Malware Scan (below) deletes blacklisted file and registry objects, by name. Nothing fancy, just crude name/location checking. Nothing here for random or evolving names, unfortunately, but works great for frequently removed adware or junk programs.
- The main scan window displays scan results every time you click a node to the left. These are all registry entries and file system locations that I used to check by hand. Ugh.
- Items are reported that do not appear in the whitelists. The theory behind this is that once you know something is good, why be bothered with it cluttering up your lists. If you really want to see everything, you have the option of deleting the whitelists in the Modules\Defs folder.
- Whitelists and Blacklists are kept in plain text format.
- Whitelists and Blacklists are created and maintained by whoever uses d7x (that’s you.) In the scan window you have the option to whitelist and blacklist certain items.
- Functionality is provided to “Update” or MERGE the the definition files. It is designed to be a centralized location like a network share, where you can store and sync with a master copy of the definition files. Using this method, you can easily keep in sync your definitions from your flash drive, or other locations, or with other technicians and their definitions.
- d7x blacklist definitions ARE NOT DESIGNED TO UPDATED OR MAINTAINED BY US, ONLY BY YOU! We do not release updates to the definition files, that’s up to you. You may use the sample definition files provided in the d7x “Starter Config” download for your reference, or delete them if you don’t trust them, and you will create your own over time and d7x usage.
- Pre-MalwareScan – Scans for and deletes file system and registry items from your customized definition files that were previously blacklisted using Malware Search Tool 3000.
- Purge System Restore –
- On Vista/7, purges all System Restore Points.
- On Windows XP, d7x will leave the last three restore points (REGISTRY HIVES ONLY, files are still deleted from all restore points!) to give you something to work with in case you need to restore a registry backup for some reason.
- Registry Hive Backup – Backups (to C:\Support\RegBackups by default) are made for standard registry hives: system, software, security, sam, default, and the ntuser.dat and usrclass.dat for each user.
- Remove Policies – Removes all Windows group policy settings (some of which can be manipulated by malware.)
- Reset Browsers to Defaults – Reset to default web browser settings (manual, follow prompts.)
- Reset Hidden Volume – Remove hidden attribute from user files, which malware may have hidden. Use ONLY when malware hides all user files. NOTE: This may unhide desktop.ini files. Use ‘del /s desktop.ini’ from a C:\ prompt to remove (they are rebuilt as necessary by Windows.)
- Safe Mode w/Net Mod – Modifies Windows so that it will boot to Safe Mode with Networking by default, useful to keep it in Safe Mode during Malware Auto Mode. If not in Safe Mode (of any type) already, system will also be rebooted at this point. Be sure to remove this mod after use!
- Remove Safe Mode w/Net Mod – Removes this modification and restarts Windows back to Normal Mode.
Windows 10/11 built-in Ransomware Protection (Controlled Folder Access) and CryptoPrevent (repost) CryptoPrevent version 21.7.23 adds a new setting for “Controlled...