Is there way to scan a registry hive on an attached USB drive?

Is there way to scan a registry hive on an attached USB drive? I have a hard drive with a virus that I removed from a PC. I can scan the file system of it as an attached USB drive. But how do I scan the registry of that USB drive since it is not booted up like a regular hard drive?
Asked by: Guest \| Views: 301

Total answers/comments: 3

Comments display order:

Guest [Entry]

"What you want to do is called 'offline registry editing'. You can load the registry hives from the old hard disk drive into your registry editor. Here's a tutorial:

Load registry hive for offline registry editing

However, I'd recommend to use BartPE instead of your current Windows installation to do this:

How to edit the registry offline using BartPE boot CD?

BartPE will recognize your external USB hard disk drive connected."

Guest [Entry]

"RunAlyzer

Autostart entries - RunAlyzer shows a bunch of places applications use to get themself started upon Windows start. This is good for tweaking your system as well as finding spyware, viruses or other malware.
Analysis - RunAlyzer comes with a database of known entries and can do an online lookup to get the newest classifications of entries from our servers. Simple colors - green for good, red for bad - will give you the quick overview needed. Our detectives will even classify any unknown entries you submit to us through an easy function integrated into the application.
Log functions - Should you want to get help from another place, RunAlyzer can export log files as would be created by Spybot-S&D or HijackThis - formats that many experts all over the world prefer.
Windows x64 compatibility - RunAlyzer works on the new 64 bit versions of Windows as well - and allows you to view and change both 32 bit backward compatbility and new 64 bit entries there.
WinPE compatibility - thanks to the multi platform code we use in many of our products, RunAlyzer also automatically detects Windows installations on other attached harddisks or partitions, and allows you to manage those. This can be extremly useful if for example you want to repair a system while booting from a BartPE (bootable Windows PE) CD.

Or ubcd4win has a tool called RunScanner that let you do offline registry scan with any scanners"

Guest [Entry]

"Antivirus scanning of registry hive alone does not make sense, as there's no executable code in registry. There are only links to filesystem, and as long as filesystem is clean, registry is fine too.

But if you need to edit/search/replace something in the registry hive outside of Windows, or in the registry hive on USB HDD, you may use Emergency Boot CD ( http://www.prime-expert.com/ ) which contains standalone offline registry editor."