I am confused!!!
If the infected laptop drive is connected as a slave to the Desktop computer, the Registry of the infected laptop drive won't be loaded. So, any cleanup does not remove malware entries from the Registry.
Running FRST on the Desktop to clean a slaved laptop drive is not a good idea, if that is what is being attempted.
Cottonball
What is happening , PowerTrader is scanning the laptop's hard drive on his desktop using a USB tool . What I am attempting to have him do is put the drive back into the laptop and do the fix on the laptop .
The laptop's drive needs to be in the laptop, and FRST needs to be run from the Desktop of the laptop.
Scanning the drive on the Desktop computer does not load the Registry for the laptop.
What I would do is run FRST again on the laptop, post its report, and then fix the files and the Registry entries with a fixlist, like in Post #6.
If you run that fixlist from the Desktop computer, have no clue as to what that will result in.
Edited to clarify Desktop computer, and laptop's Desktop.
Just to clarify:
1 - Those reports were conducted when the HD was in the in the laptop.
2 - After I was sure that there was some kind of threat, I removed the HD from the laptop.
3 - I then connected the HD to my desktop by USB cables (As a slave) and ran a complete virus scan (MSE).
4 - Scan completed and found 5 threats.
5 - I got skittish and used MSE to clean the threats from the enslaved HD (sorry I should of just following your recommendations)
6 – Doing one last scan before I put it back into the laptop
My question now: Because I used MSE on the desktop to eliminate the threats, will my registry be fine, or do I have to make more changes once I put it back in the laptop?
Thanks and sorry for not following instructions to a T.
I would use FRST.exe again to create a new log file when you place the hard drive back into the laptop.
Writing from the laptop. Just tried to run MSE from the laptop with no luck. Update is still blocked as well (same error as before). Attached is the updated FRST report.
The malware Registry entries are still there, as well as other ZeroAccess entries.5 - I got skittish and used MSE to clean the threats from the enslaved HD (sorry I should of just following your recommendations)
6 – Doing one last scan before I put it back into the laptop
My question now: Because I used MSE on the desktop to eliminate the threats, will my registry be fine, or do I have to make more changes once I put it back in the laptop?
The way malware works nowadays, it is best not to slave a hard drive and run scans from another computer. There are other, more effective options.
VistaKing will look at the new FRST report and prepare a new fixlist. In it, there will also be commands to work on the MSE issue. Between FRST, FSS, and a ServicesRepair program, you should be OK.
Just hang in there.
The new and old FRST.txt look the same . Run the fixlist posted on Post #6 then run the tools below
Download Services Repair
http://kb.eset.com/library/ESET/KB%2...icesRepair.exe
When done . Drag the file to your desktop
Right click on ServicesRepair.exe choose
Click on Yes or Continue . Once the tool has completed it will ask you to restart . Please restart the PC .
Then run FSS
Farbar Service Scanner
Click here
Place the file onto your desktop
Right click on FSS.exe select
Place a check mark next to the following options
- ⬜ Internet Services
- ⬜ Windows Firewall
- ⬜ System Restore
- ⬜ Security Center
- ⬜ Windows Update
- ⬜ Windows Defender
Press the Scan button
Farbar Service Scanner will create a log, called FSS.txt, on the Desktop. Upload the FSS.txt with your reply
awesome, thanks! These malwares just keep getting more diabolical every year ...
Quote