Windows 10: More Nefarious Strain of Zacinlo Malware Infecting Windows 10 Machines Solved

Page 2 of 2 FirstFirst 12
  1.    08 Jul 2018 #11

    BigFatBoy said: View Post
    In your post [no.5] you said the following:"You could boot your system to Kyhi's custom recovery media, connect to the internet, open Malwarebytes Anti-malware, update the virus definitions, and run a scan of your OS drive, being sure to select "rootkit" in the MBAM options. Then, open Macrium Reflect and select the option to "fixboot"."I downloaded Kyhi's Recovery Media from: Windows 10 Recovery Tools - Bootable Rescue Disk - Windows 10 Forums. The file was in an .ISO format that I saved on this computer's DATA drive. After downloading, I mounted the file to open its content. Kyhi's narrative for the Application stated: 'You would have to download the ISO and then burn it to USB or CD to create a bootable WinPE disk.' Simple, I can do that.
    You should copy all the files of the mounted ISO to a FAT32-formated USB drive. Then boot your system to the USB drive.

    BigFatBoy said: View Post
    Q:After I boot the Application on the 'infected computer' (a PC that can not run W10 loaded originally on its SSD as partition C:\ ), can I do all the tasks outlined above from within Kyhi's rescue Application?
    Yes. Kyhi's custom rescue media has a collection of programs in it. One is a program to help connect to the internet. MBAM and Macrium are also in there, along with a bunch of other things. So,

    • Boot to the USB drive
    • At this point, if you have any personal files that need to be saved, they can be copied off the drive using File Explorer and Copy/Paste commands
    • Use the internet connection software to assist connecting to the internet if needed
    • Open MBAM, update the virus database, and check the box in options to include scanning for rootkits
    • Run a FULL SCAN (Custom Scan) on your entire OS drive
    • If it finds anything, save the log to the USB drive and post it here, so we can see what we're dealing with
    • Open Macrium Reflect, select the FIXBOOT option


    BigFatBoy said: View Post
    Q: IF everything went well in each and every Task above, the infected PC should boot on its own from the now repaired W10 install. Is this correct?I want to make sure I am doing what is required; and I am as tired as an Old Lost Dog and need to double check and double check again before I take my next step.....thanks again for your continuing support with this issue....bfb @tenforums.com
    If these steps are sufficient to clean whatever infection you have, then hopefully your system should boot into the OS on the SSD. If it's not an infection, but a hardware problem, then this may not help at all. But let's see how it goes for you...
      My ComputerSystem Spec

  2.    26 Jul 2018 #12

    reply to above..


    Simrick,You gave good advice in response to the worm on my PC. I used Kyhi's rescue disk and was one step away from booting into Windows. The last step you advised was to run Macrium Reflect and to use the "Fix Boot Problems" function. MR told me I had a corrupt BCD file. I needed to delete the corrupt file but I could not find it !.
    I resigned myself to re-install W10. Fortunately the Windows.old file contained the data I needed from B4 the worm attack!thanks again for you help; I appreciated it...bfb.
      My ComputerSystem Spec

  3.    26 Jul 2018 #13

    Glad you got things sorted and have all your files.
    I think the corrupt BCD issue could have been fixed using Command Prompt. But, no matter, you are all set. Thanks for posting your solution; it may help others in the future.
      My ComputerSystem Spec


 
Page 2 of 2 FirstFirst 12

Related Threads
Every...i mean every anti malware blocked by unknown malware/virus in AntiVirus, Firewalls and System Security
i have looked up this issue and apparently this must be a new one since there is no solution what so ever, even the hidden admin account is defenseless, here is what's going on 1. the PC got infected on windows defenders watch, the infection...
Solved New ransomware lets you decrypt your files by infecting other users in AntiVirus, Firewalls and System Security
Just when you thought ransomware couldn't get any nastier :shock: New ransomware lets you decrypt your files — by infecting other users | ZDNet
Sometimes when i play a really intensive game on my system it crashes with a error code of non correctable. also whenever i shutdown, sleep, or restart the pc hangs/crashes and then restarts, when this happens i get a nonpaged error. This problem...
Warning: Latest Petya Ransomware Strain Comes with a Failsafe: Mischa 79958 See also here: https://www.tenforums.com/windows-10-news/50417-warning-latest-petya-ransomware-strain-comes-failsafe-mischa.html
Latest Petya Ransomware Strain Comes with a Failsafe: Mischa 79957 Read more: https://threatpost.com/latest-petya-ransomware-strain-comes-with-a-failsafe-mischa/118072/
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 00:56.
Find Us