Jump to content

Recommended Posts

Let's say I have a computer that is badly infected, and I need to scan it from another computer. Scanning the files is not a problem, but getting into the registry is.

 

So here's my question: If I load the registry hive from the infected computer and then run a scan on the computer I'm using, will it detect stuff in the registry hive I've loaded?

 

Or is there another say to go about scanning the registry?

Link to post
Share on other sites

“Hello rgabbard,

 

Welcome to The Malwarebytes Techbench forum.  Thank you for your request.

 

Malwarebytes scan cannot do the scan you want to perform and this is why:

 

The scan of an offline registry hive is very risky and will not give you the results you expect.  In fact, even if it does scan the loaded offline registry hive, the drive being scanned won’t map to %systemdrive% which means the loading point and values in the registry will be referencing C: when in fact the system that the registry hive comes from is mapped to D: or other location.  It is not recommended.  In fact it is a very bad idea. 

 

You would be better off scanning with a raw file scanner such as an antivirus which is far better suited to such a task although they won't scan the registry either.

So the best bet, if it won't boot, would be to do an offline scan with an antivirus, let it clean up what it can, then try to boot the system normally or in Safe Mode/Safe Mode With Networking and run MBAM, MBAR and/or Chameleon.

 

Thank you for asking about this. 

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.