Author: andybird
Subject: autoruns and Win 8 commandline recovery console
Posted: 05 July 2013 at 6:25pm
![Smile]( "Smile")
The solution Sysinternals Autoruns program doesn't work in Windows 8 64 bit recovery commandline console (Windows 8 64 bit Recovery Environment Command Prompt), but autoruns.exe included in 64 bit version of Comodo Cleaning Essentials, surely does (with some limitations)! Comodo version of autoruns needs oledlg.dll to work (this file is normally located in the "C:\Windows\System32\" directory).
Subject: autoruns and Win 8 commandline recovery console
Posted: 05 July 2013 at 6:25pm
The solution After loading registry hives from offline system, it's necessary to refresh program (F5 function key).
There are some limitations, yet:
1. Most of system files have the wrong drive letter in the paths (it is X:\... but it should be C:\...). Sometimes there is no path at all (see Network tab). Non system programs, on the contrary, have always the right paths (good news for filtering).
2. We can't change anything in the offline registry.
3. We can't jump to the key in the offline registry.
4. Options: "Enable All Unsafe Entries", "Disable All Unsafe Entries", "Hide Safe Entries", don't work.
5. Program can't see Scheduled Tasks
1. Most of system files have the wrong drive letter in the paths (it is X:\... but it should be C:\...). Sometimes there is no path at all (see Network tab). Non system programs, on the contrary, have always the right paths (good news for filtering).
2. We can't change anything in the offline registry.
3. We can't jump to the key in the offline registry.
4. Options: "Enable All Unsafe Entries", "Disable All Unsafe Entries", "Hide Safe Entries", don't work.
5. Program can't see Scheduled Tasks
Finally, I've found some good portable tools (only 64 bit versions) to effectively fight malware in offline Windows 8 64 bit system using Recovery Environment Command Prompt:
Q-Dir portable (free filemanager), Comodo autoruns + oledlg.dll, Nirsoft RegScanner + system regedit, Nirsoft SearchMyFiles, Farbar Recovery Scan Tool (FRST64), Funduc File Merge Express (FMX64) + oledlg.dll.
Q-Dir portable (free filemanager), Comodo autoruns + oledlg.dll, Nirsoft RegScanner + system regedit, Nirsoft SearchMyFiles, Farbar Recovery Scan Tool (FRST64), Funduc File Merge Express (FMX64) + oledlg.dll.