|
Posted by Bill Ridgeway on March 29, 2007, 1:18 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I have a computer which I suspect has viruses and spyware which I would like
to scan from a CD. Is it possible to copy the required NIS files (including
the up-to-date signatures) to a CD?
If this not possible is it possible to download something that will do the
job?
Thanks.
Bill Ridgeway
Computer Solutions
|
|
Posted by =?Utf-8?B?bmp1c3RpY2U=?= on March 31, 2007, 7:52 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hello Bill,
Public Anti Virus CD for Techs
http://pctorium.com/forum/Public_Anti_Virus_CD_for_Techs-t6479.html
"Bill Ridgeway" wrote:
> I have a computer which I suspect has viruses and spyware which I would like
> to scan from a CD. Is it possible to copy the required NIS files (including
> the up-to-date signatures) to a CD?
>
> If this not possible is it possible to download something that will do the
> job?
>
> Thanks.
>
> Bill Ridgeway
> Computer Solutions
>
>
>
|
|
Posted by -_- on March 31, 2007, 8:35 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Hello Bill,
>
> Public Anti Virus CD for Techs
> http://pctorium.com/forum/Public_Anti_Virus_CD_for_Techs-t6479.html
>
> "Bill Ridgeway" wrote:
>
>> I have a computer which I suspect has viruses and spyware which I would like
>> to scan from a CD. Is it possible to copy the required NIS files (including
>> the up-to-date signatures) to a CD?
>>
>> If this not possible is it possible to download something that will do the
>> job?
>>
>> Thanks.
>>
>> Bill Ridgeway
>> Computer Solutions
>>
>>
>>
Link on the page provided to get this PublicAV indicates a 404.
Any other links to offer?
-_-
|
|
Posted by cquirke (MVP Windows shell/use on March 31, 2007, 9:53 am
If you were Registered and logged in, you could reply and use other advanced thread options >> "Bill Ridgeway" wrote:
>>> I have a computer which I suspect has viruses and spyware which I would like
>>> to scan from a CD. Is it possible to copy the required NIS files (including
>>> the up-to-date signatures) to a CD?
NIS being Norton Internet Security? I think there's a Bart plugin for
at least part of that, but it's not what I'd use.
I do like the approach of scanning from outside the system, i.e. with
no part of the infected installation code running.
For old Win9x PCs with under 64M RAM, a DOS EBD diskette boot and DOS
av scanners such as those from F-Prot, Sophos and/or NOD32 would work.
For newer PCs up to XP and Server 2003 with at least 64M RAM, Bart PE
(built with an \i386 file set from XP SP2 or Server 2003) would be a
better bet, as this runs several Windows-based tools as well as the
DOS ones mentioned earlier, and overcomes 137G and NTFS barriers.
For Vista PCs, you'd use WinPE 2.0, WinRE or the Vista DVD itself as
your DVD-booted maintenance OS (mOS). The range of effective tools
may be more limited than Bart, however, especially for Vista64.
Tools that I've plugged into my Bart CDR include:
- Trend TsysClean *
- McAfee ScanPM CLI scanner
- McAfee Stinger (*)
- F-Prot CLI scanner and F-Prot for DOS
- Sophos CLI scanner *
- Kaspersky CLI scanner *
- AdAware **
- Spybot
- A Squared **
- HiJackThis **
- Norsoft utilities **
* = can get and update via David Lipman's MultiAV
** = requires RunScanner plugin to operate relative to HD registry
Google( Bart PE ) to learn about this mOS. It's probably the best out
there, though it can't read Win9x and Vista registries; it's the only
one that has any seamless registry access, thanks to the RunScanner
plugin, as effective on Win2000, XP and Server 2003.
It can seem daunting, getting tools "plugged in" to Bart, but
fortunately there are existing plugins for many tools. Once you do
get the hang of Bart plugins, you can plug in many tools quite easily,
but some remain difficult. There are excellent Bart forums for help.
Some caveats when scanning from CD with Bart:
- RunScanner needed to operate with HD registry in effect
- even so, driver and service reporting will be relative to CD OS
- Bart sees USB devices at boot; won't see swaps or late inserts
- Bart can see SD card swaps within a reader present at boot
- Bart boots and runs off CD, not via RAM disk as WinPE does
- so you cannot eject the Bart CD during the runtime!
- Bart uses RAM disk for workspace; may be too small
- plugins can be used to resize RAM disk, or direct Temp to HD
- no "undo" info is kept when cleaning from Bart
- rootkit behavior detectors aren't useful from Bart
- System Restore is not active during a Bart session
So while Bart lets you operate on malware "while it is sleeping" and
can't defend itself, it also means no "undo" via installed scanners or
System Restore will be possible - so be careful.
Not as formal (in that it does run from the infected OS, though
booting to Safe Mode Cmd Only will help a bit) but a lot easier, is
David Lipman's Multi-AV. You can also use that to update its
scanners, then copy those scanners to your Bart build subtree.
HTH
>-------------------- ----- ---- --- -- - - - -
Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
>-------------------- ----- ---- --- -- - - - -
|
|
Posted by =?Utf-8?B?bmp1c3RpY2U=?= on March 31, 2007, 5:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options
briefly.
> Link on the page provided to get this PublicAV indicates a 404.
>
> Any other links to offer?
>
> -_-
>
|
| Similar Threads | Posted | | Virus Scanning - Write Only Scanning | September 6, 2008, 12:24 pm |
| PST scanning | February 27, 2008, 1:34 pm |
| Scanning a port | September 24, 2005, 2:27 am |
| Scanning for Viruses-1. | May 27, 2006, 11:07 pm |
| Scanning for viruses-2. | May 27, 2006, 11:14 pm |
| Multi AV scanning tool | December 29, 2005, 2:10 pm |
| security software scanning / sweep times... | September 26, 2006, 5:53 pm |
| Virus scanning apps that can be started from the DOS prompt? | July 5, 2007, 5:00 am |
| Symantec Antivirus Corporate 10 not scanning all files on the drive | January 22, 2007, 11:35 am |
| Antivirus choice: F-Secure's rootkit scanning vs Trend Micro | April 7, 2006, 4:17 am |
|
XML site map