Professional Documents
Culture Documents
How To Use FarBar Scanner To Remove Malware PDF
How To Use FarBar Scanner To Remove Malware PDF
13> Scanning further you will see example like this. Services.exe file is infected.
14> Sometimes Zero Access creates small hidden partitions and you can remove them with this tool as well.
15> Open another notepad window notepad.exe
16> Tile the two notepad windows side by side. One is the FRST.txt and the other the new notepad window.
17> Now, if you notice in the above example for zero access the folder c:\windows\installer\{df5b1d7b-.}
All the files are located in this same folder, so copy that first line for the parent folder
18> In the new notepad window enter on the first line the word Start
19> Beneath that paste the folder you copied from the FRST.txt file
That should delete all the files listed in the parent dir and all sub dir.
20> From the example above you see another infected folder for the user
c:\users\Britec\AppData\Local\{df5b1d7b
21> Copy the parent folder ( first line) here as well and paste into the new notepad window under the previous line.
22> From the example above you see that last line for c:\windows\assembly\GAC\Desktop.ini
Copy and paste this line as well.
23> Now for the services we need to handle that differently. So minimize the new notepad window for now
24> Go back to you minimized Farbar window and run it again, but this time with the word services.exe
in the search line
25> Now scan again.
26> It will generate another log file called search.txt in the last location as the frst.txt file location.
27> Now open up another notepad window (I know lol) and open up the search.txt log file.
28> Here are the results
29> Copy that top line I highlighted and paste that into the file we were creating with all the infected foldersfiles
30> Now at the bottom of this created file we need to type the following:
replace: paste in the line we copied from the search.txt file, enter a space, then c:\windows\system32\services.exe
31> Now on the very last line type the word end and press enter. Below is what you should have.
32> Now save this file as fixlist.txt in the same location as the other .txt files we've been working with.
33> Now go back to your flash drive and run frst.exe again
34> This time you click the fix button which will scan for the fixlist.txt button and repair those items.
35> As you can see it then fixes the issues and generates another log file called FixLog.txt in the same location.
You can open that file with notepad to see what was done.
36> Notice that the files were moved into a folder for quarantine, which can be deleted later.
37> At this point you should be clean but it is wise to do another scan to be sure.
38> Notice below now that services.exe is good
And there you have it. Not for the everyday user. A lot must be inferred from this guide but I am sure you can figure out it use
from this sample scan.
Enjoy
GEGeek
Source - You can watch a video fot his same procedure here.
http:www.youtube.comwatch?v=D1iS1Vdxeeo&feature=em-uploademail