Best scanner for mounted drives or live boots?
I was trying to troubleshoot a friend's computer that was so far gone it was totally unusable.
I of course ended up going with the backup data and reformat option, but I was wondering if there was an anti-virus scanner that would work well from a live-boot, or if you had a USB SATA reader and mounted a hard drive. I had a computer at work that I thought might be compromised, and I poured over the drive with sleuthkit and couldn't find anything, but really wished I had some kind of scanner that might work.
On the friends computer, just because I like playing with new tools, I tried a bunch of different things, Dr Web live CD (had a heck of a time getting it to boot and run, kept freezing,) tried AVIRA Rescue CD, which seemed pretty slick, but it was very slow to run, and the computer shut off part way through the scan (I began to suspect an overheating processor at this point.) I tried HISEN's Rescue Disk, and again, the computer died.
Anyways... at work with that drive I had sleuthkited, I also tried to run ClamAV, since Google said that it can do things like mounted drive scans. It scanned through, and found 7 vulnerabilities, but near as I can tell, all 7 of them were false positives, so that doesn't seem like a very good option.
Thoughts?
