|
viknok
Aug 12, 2014 22:13:32 GMT -8
Post by lemony on Aug 12, 2014 22:13:32 GMT -8
I do not have a flash drive, I can borrow a friends laptop tomorrow to get online though.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
viknok
Aug 12, 2014 22:22:40 GMT -8
Post by Quads on Aug 12, 2014 22:22:40 GMT -8
It is just because on the odd occasion dealing with Rookits and Bootkits can cause Windows not to boot and FRST would then have to be used in recovery mode to fix Windows to startup again.
It may only happen like 2% of the time but is does happen on occasion, even to MR's and that includes myself now and then.
Then it is a file (or item of some type) Windows needs that is why there has to be a swap over with a clean back up copy. That is also why Norton will not delete the file, It is part of Norton's protections not to delete OS required items even if infected (patched).
Quads
|
|
|
viknok
Aug 12, 2014 23:06:47 GMT -8
Post by lemony on Aug 12, 2014 23:06:47 GMT -8
I can't find anyone with a flash drive right now but I can pick one up later. What size would be enough?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
viknok
Aug 12, 2014 23:27:42 GMT -8
Post by Quads on Aug 12, 2014 23:27:42 GMT -8
Lets just say it doesn't have to be more than 10mb usually and most Flash Drives are now 4GB or higher FRST is placed on the Flash Drive with the fixes and logs in .txt format so that we can do procedures to non booting Windows on systems. It is better that Norton just continues to alerts to the file (though annoying) than to have the file deleted by Norton on a restart and Windows then won't load. For instance see this thread for an example of how I got to Windows that would not start community.norton.com/t5/Other-Norton-Products/Computer-Dell-XPS-Windows-7-64-bit-wont-boot-after-using-Norton/td-p/756602Quads
|
|
|
viknok
Aug 12, 2014 23:55:43 GMT -8
Post by lemony on Aug 12, 2014 23:55:43 GMT -8
ok, I will pick up a flash drive and be ready to go tomorrow/later today. Thanks for helping.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
viknok
Aug 13, 2014 15:03:34 GMT -8
Post by Quads on Aug 13, 2014 15:03:34 GMT -8
Notify when everything is at hand read just in case.
I have created the script already.
Quads
|
|
|
viknok
Aug 13, 2014 20:14:30 GMT -8
Post by lemony on Aug 13, 2014 20:14:30 GMT -8
I have picked up a flash drive and am ready to go.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
viknok
Aug 13, 2014 22:04:14 GMT -8
Post by Quads on Aug 13, 2014 22:04:14 GMT -8
Disable Norton Auto-Protect and SONAR for say 1 hour in the options and NOT "Until next system restart". This is because FRST may need to restart the system and due to the fact Norton detects the file and FRST we don't want Norton to interfere.
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
viknok
Aug 13, 2014 22:18:18 GMT -8
Post by lemony on Aug 13, 2014 22:18:18 GMT -8
Results of FRST fix.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
viknok
Aug 13, 2014 22:35:47 GMT -8
Post by Quads on Aug 13, 2014 22:35:47 GMT -8
a clean copy has swapped over successfully
BUT 2 things
Norton may still,
a) detect the file as FRST has it in the tools own quarantine folder (for now)
b) Norton has the detection listed for now in the Unresolved threats list and due to the fact Norton did not deal with it, Norton still has the listing in the history.
|
|