|
-
August 12th, 2004, 01:55 PM
#1
Help with My current malware CleanUp method
hi Guys,
Spyware/Adware, Virus's, Worms,and trojans to me all fall under the guise of Malware. And when it comes to the problems they cause for my clients there is little difference.
At one time if I couldn't get a fix on a virus I would remove the HDD from the clients machine and scan it in a test machine, and until recently I would still do this when desperate. This is untill live OS Cd's started to become more readily available.. My concern is time.. the quicker I can identify and remove the malware the sooner I can start enjoying the comming Summer.. And I am sure many would like a quicker method of getting back to the serious stuff on the net than stuffing around removing crud from their Windows PC..
I had used a couple of *nix based CD's and unfortunatly not being very literate in linux was beaten back to looking for a windows solution.. Well that was untill reading about BartPE .. For links on the subject and the feedback for plugins check out this thread ..
Basicly I saw my old idea of removing the HDD and scanning in a clean machine becoming almost the first step in the removal chain. Boot to the live CD, run a Virus scan identify the virus or run a Spyware detector . Clean machine .. see ya later sir..
Well not exactly like that in reality.. but I think we can get close to that..
The disk I am using at the moment has McAfee commandline Virus scanner, Stinger, Adaware, and a remote registry editor.. almost all that you would need? Not yet
The problems are:
You need to update the cd when ever the Virus or Adware defs update, same with stinger.
The current remote registry editors will list the local as well as the target registry
Adaware will only scan the files on the Target drive, it is unable to repair the registry or fix/replace corrupt system files.
Editing the registry on a slow XP machine can be a very slow exercise, even when you have a good idea where you need to be.
The system works best if the machine has 256Mb RAM or better.. forget it if it's got less than 100MB
Only works with the target OS., and will not work with older OS ie Win 9x, Win NT etc.
The upside is:
You don't have to open the box
Your own service hardware is not at risk
Able to kill SafeMode Malware
delete files that are normaly active ormalware protected
see all files.. easy to delete ALL files from Temp and Temp internet folders
The iso for a basic boot cd is less than 200MB
If any one ihave not yet started experimenting with this toy.. give it a go.. burn a CD-RW and play with different configs
And most importantly..If you find a plug in that will allow a malware scann and clean of a remote registry as well as seek and destroy of malware files.. Please let us know..
please note the BartPE Builder is not a panacea, the holy grail of removals.. it is a tool to help build what I feel can become a bloody helpful Tool
My thanks to Irongeek for the info he passed on.. and I apologise to the member who remineded me of BART PE.. I had the builder downloaded but had put the project a side for a few days.. well my third revision CD has now helped cleaned 6 machines in the time I would normaly clean 4 .. I was only left with the manual cleanup, and next to no safemode boots.
any contributing thoughts wellcome
All the best guys..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 12th, 2004, 02:10 PM
#2
There is a wrapper for ad-aware that can point it to the right registry. Check out http://www.paraglidernc.com/6901.html . Spysweeper is it.
-
August 12th, 2004, 02:25 PM
#3
zENGER,
Thanks for the edit of your post..
Am checking your link now.. thanks
cheers.
[edit] will check it out in the next build that I do.. don't know what you mean by a wrapper for adaware though?.. it is Spysweeper that is being used.. found some good extra links as well thanks..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 12th, 2004, 03:35 PM
#4
I've been looking for a BartPE Spybot S&D plug-in, but it seems that at this point it doesn't exist due to Spybot restrictions (inability to scan a remote disk)...
For viruses, the only real solution seems to be the McAfee command line one, or McAfee Clean Boot (still in beta - if anyone wants a copy, let me know).
-
August 13th, 2004, 12:46 AM
#5
The problems are:
You need to update the cd when ever the Virus or Adware defs update, same with stinger.
Now if you could get BartPe on a usb memory device and boot from it (i wish i had the knowledge). I think it would solve your problem.
Slip the thing in your box, update and put in customer box and away you go.
Where are those patent forms 
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote