I'm looking for information on FRST. Today, I had a computer at the shop that was infected with Alureon, and after the Defender Offline Scan finished, the computer would no longer boot (BSOD 0x7B). I Googled and found a thread with someone having exactly the same problem (same cause, used Defender Offline Scan, 0x7b BSOD). The first recommendation was to run FRST with a "fixlist.txt" containing:
TDL4: custom:26000022 <===== ATTENTION! CMD: bootrec /FixMbr
Now, the CMD part I can do myself. I did, in fact - using BootICE - try rewriting the MBR. It had no effect, still 0x7B. I then ran the suggested fix verbatim, using the recovery environment and FRST with that fixlist.txt file. It actually worked! The computer booted.
I'm a tech geek, so I must dig deeper. Obviously the "TDL4:" line is what did the fix - and it ran two "bcdedit" commands (among others - judging by the response and failures when bcdedit is not present in a MiniXP environment). What are these commands?
I've searched all different ways I can think of and I cannot for the life of me find any documentation on this utility. There are links to download it all over the internet (pointing to the download page here at BleepingComputer), but the download page has no documentation and no mention of fixlist.txt syntax.
I could much more effectively (and safely) use this tool if I had some documentation to help explain its usage. It might even be worth adding to my toolkit and Boot CD (FalconFour's Ultimate Boot CD) - with a donation as well if there's some documentation somewhere
edit: Also, hoping this is an OK forum for this. There's a forum for logs (don't need help with cleaning), news, "am I infected", and guides... but not much by way of tools. I figure this is the closest match.
Edited by FalconFour, 06 April 2013 - 07:57 AM.