-
8/12/2019 How to Use FarBar Scanner to Remove Malware
1/3
How to Use FarBar Scanner to Remove Malware
Two versions, 32bit and 64bitWorks with XP, 7vISTA and 8Free
Tool
Available at BleepingComputer.comYou want to run this in a
recovery environment for Vista7 from a flash drive. Open a command
prompt from safe mode, a repair CD dos box or a PE environmentTwo
programs are - FRST.exe and FRST64.exe programs
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Procedure
1> At the command prompt find your flash drive and location
of FRST.exe2> Run FRST.exe3> Leave all the ticks selected on
the bottom for the Whitelist4> Press Scan5> When completed,
FRST.txt log file was stored on flash drive where FRST.exe was
located.
Also a another copy FRST.txt is stored on the root of the
partition you scanned. 6> Click OK and minimize FarBar window
for now.7> Navigate to your windows partition8> cd to
c:\windows\system329> Type in notepad.exe
10> Goto file - open and located FRST.txt on your flash
drive. Open it 11> Amongst all the data are the sections that
show Modified files as you scan down. 12> As you scan down you
might see this for a zero access infection and all the files
infected.
13> Scanning further you will see example like this.
Services.exe file is infected.
14> Sometimes Zero Access creates small hidden partitions and
you can remove them with this tool as well.15> Open another
notepad windownotepad.exe16> Tile the two notepad windows side
by side. One is the FRST.txt and the other the new notepad
window.17> Now, if you notice in the above example for zero
access the folder c:\windows\installer\{df5b1d7b-.}
All the files are located in this same folder, so copy that
first line for the parent folder 18> In the new notepad window
enter on the first line the word Start 19> Beneath that paste
the folder you copied from the FRST.txt file
That should delete all the files listed in the parent dir and
all sub dir. 20> From the example above you see another infected
folder for the user
-
8/12/2019 How to Use FarBar Scanner to Remove Malware
2/3
c:\users\Britec\AppData\Local\{df5b1d7b21> Copy the parent
folder ( first line) here as well and paste into the new notepad
window under the previous line.22> From the example above you
see that last line for c:\windows\assembly\GAC\Desktop.ini
Copy and paste this line as well. 23> Now for the services we
need to handle that differently. So minimize the new notepad window
for now24> Go back to you minimized Farbar window and run it
again, but this time with the word services.exe
in the search line25> Now scan again. 26> It will generate
another log file called search.txt in the last location as the
frst.txt file location.
27> Now open up another notepad window (I know lol) and open
up the search.txt log file. 28> Here are the results
29> Copy that top line I highlighted and paste that into the
file we were creating with all the infected foldersfiles30> Now
at the bottom of this created file we need to type the
following:
replace: paste in the line we copied from the search.txt file,
enter a space, then c:\windows\system32\services.exe
31> Now on the very last l ine type the word end and press
enter. Below is what you should have.
32> Now save this file as fixlist.txt in the same location as
the other .txt files we've been working with.33> Now go back to
your flash drive and run frst.exe again 34> This time you click
the fix buttonwhich will scan for the fixlist.txt button and repair
those items.
35> As you can see it then fixes the issues and generates
another log file called FixLog.txt in the same location.
-
8/12/2019 How to Use FarBar Scanner to Remove Malware
3/3
You can open that file with notepad to see what was done.
36> Notice that the files were moved into a folder for
quarantine, which can be deleted later.37> At this point you
should be clean but it is wise to do another scan to be sure.
38> Notice below now that services.exe is good
And there you have it. Not for the everyday user. A lot must be
inferred from this guide but I am sure you can figure out it use
from this sample scan.
Enjoy
GEGeek
Source - You can watch a video fot his same procedure here.
http:www.youtube.comwatch?v=D1iS1Vdxeeo&feature=em-uploademail
http://www.youtube.com/watch?v=D1iS1Vdxeeo&feature=em-uploademailhttp://www.youtube.com/watch?v=D1iS1Vdxeeo&feature=em-uploademailhttp://www.youtube.com/watch?v=D1iS1Vdxeeo&feature=em-uploademailhttp://www.youtube.com/watch?v=D1iS1Vdxeeo&feature=em-uploademail
