Sigh, this is proving to be a real PIA, OK do the following, first we go after the infection from outside of windows:Step 1
Download the Windows Defender Offline Tool
and save to your Desktop.
You will have to select the correct version for your system, either 32 or 64 bit
to run the tool, Windows 7 or Vista user right click and select "Run as Administrator"
Read the instructions in the new window and select "Next"
In the new window accept the agreement:
In the new window select your USB Flash Drive, then select "Next"
In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"
In the new window accept the formatting alert by selecting "Next"
Files will be Downloaded:
Files will be processed and created
Flash drive will be formatted and prepared
Files will be added to the Flash Drive and the tool will be created.
The procedure is finished and the Tool created, click on "Finish" to complete.
Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required, Use F12 as it boots, change options...
As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.
When complete do a full scan, deal with what it finds.
When finished, remove the USB stick then press the Esc key
to boot into regular windows.
Navigate to the following file:"C:\windows\windows defender offline\support\mssWrapper.log"
Open with notepad and copy and paste it into a reply.Step 2
- Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, choose the Complete Scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look and see if you can click the following icon next to the files found:
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
- This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
- After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot your computer to allow files that were in use to be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.