Announcement

Collapse
No announcement yet.

OT: CD bootable malware scanner?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OT: CD bootable malware scanner?

    My old shop computer was murdered during an electronics datasheet .pdf download saturday. It's time for a replacement anyway and I have one coming from a friend in a week or so.

    As a matter of pride I'd like to fix it. I'ts been a good & faithful servant for a long time and needs its dignity back. It's W2000 so I don't think I can do a system restore like XP. Is there a good scanner/fixer that will boot straight from a CD and run without booting the hard drive?
    Milton

    "Accuracy is the sum total of your compensating mistakes."

    "The thing I hate about an argument is that it always interrupts a discussion." G. K. Chesterton

  • #2
    Do you have the Win 2000 CD that should have come with the computer? Can you boot the computer up? If this is the case then you should be fine if you do a fresh install of Windows. This would involve a full re-format of the HD which "should" get rid of all the bad guys. If this works then install AVG anti-virus on the machine and you should be good to go...
    Keith
    __________________________
    Just one project too many--that's what finally got him...

    Comment


    • #3
      It'll boot to the Desktop fine but when any app is clicked, it just sits there with the hourglass showing...who knows what malicious stuff it's doing.

      It'll boot to safe mode also but when I try to run a scanner it does the same as above.

      It has a lot of stuff on the HD so I can't just wipe it clean and start over. I'd like to boot from a CD and run a couple of scan apps.
      Milton

      "Accuracy is the sum total of your compensating mistakes."

      "The thing I hate about an argument is that it always interrupts a discussion." G. K. Chesterton

      Comment


      • #4
        http://support.kaspersky.com/viruses/rescuedisk

        Comment


        • #5
          Thanks Bruce, that looks like a good'un but says it needs Win XP. Dunno if it'd work on W2000 or not.
          Milton

          "Accuracy is the sum total of your compensating mistakes."

          "The thing I hate about an argument is that it always interrupts a discussion." G. K. Chesterton

          Comment


          • #6
            I had a similar problem with 64-bit W7 a while ago. Evan posted a solution that worked. See here: http://bbs.homeshopmachinist.net/showthread.php?t=50367

            No idea if it will help in your case or not....
            ----------
            Try to make a living, not a killing. -- Utah Phillips
            Don't believe everything you know. -- Bumper sticker
            Everybody is ignorant, only on different subjects. -- Will Rogers
            There are lots of people who mistake their imagination for their memory. - Josh Billings
            Law of Logical Argument - Anything is possible if you don't know what you are talking about.
            Don't own anything you have to feed or paint. - Hood River Blackie

            Comment


            • #7
              This is what you need:

              http://www.hiren.info/pages/bootcd

              This is the download page:

              http://www.hirensbootcd.org/download/
              Free software for calculating bolt circles and similar: Click Here

              Comment


              • #8
                If you can't fix it, ask for help on this forum. There are some scarily good malware fighters hanging out over there.

                http://forums.majorgeeks.com/forumdisplay.php?f=35

                Igor

                Comment


                • #9
                  Thanks for the help gents. Evan, that one looks great; I've got it downloading now. Will report back with results; good hopefully.
                  Milton

                  "Accuracy is the sum total of your compensating mistakes."

                  "The thing I hate about an argument is that it always interrupts a discussion." G. K. Chesterton

                  Comment


                  • #10
                    I have used this Live CD before, It's a Linux distribution, boot to CD and scan the HDD. Kapersky anti-virus.

                    Also you can do a google search for various tools that are in "live CD" format, such as anti-virus, disk De-fragment...

                    http://devbuilds.kaspersky-labs.com/.../RescueDisk10/

                    Comment


                    • #11
                      quick and dirty explanation. Here is what happens with a boot virus. The first thing that a hard drive does is load the master boot record(mbr). Boot viruses replace this and relocate boot software so that it runs undetectable to antivirus programs. So here is what you can do. Take your windows 2000 cd and boot to a command prompt. once there type this.

                      fdisk /mbr

                      This will rebuild the master boot record. then reboot the machine. it will reboot without the virus and should boot right up to windows 2000. immediately run a virus scan. if you are lucky, the first virus has not downloaded others and you will be able to use the antivirus without problem to get rid of whatever is left.

                      Comment


                      • #12
                        Originally posted by Evan
                        This is what you need:

                        http://www.hiren.info/pages/bootcd

                        This is the download page:

                        http://www.hirensbootcd.org/download/
                        Ouch, that one will cause problems itself. I downloaded it here at work to take home with me and when I unzipped it to burn a CD, Norton's lit up like a Christmas tree!

                        It has a several little dirty bombs aboard, one of which is pretty nasty according to a quick Google search: infostealer.gampass.

                        I'll notify the author that his stuff has problems.
                        Milton

                        "Accuracy is the sum total of your compensating mistakes."

                        "The thing I hate about an argument is that it always interrupts a discussion." G. K. Chesterton

                        Comment


                        • #13
                          I noticed the download page warned that certain elements of the fileset might be falsly flagged as malignant. They claim the files are ok. Did you read the blurb at this URL? I scanned the archive and the extracted files with AVG and had no warnings.

                          http://www.hirensbootcd.org/faq/
                          Last edited by chipmaker4130; 11-15-2011, 11:24 AM.

                          Comment


                          • #14
                            I did see that before I downloaded it but when Norton said it was a high threat level and a Google search looked pretty grim I threw it in the trash. I'll be the first to admit I don't know enough about all this stuff.

                            I'm going to try the mbr rebuild mentioned above when I get home tonight and see if that helps.
                            Milton

                            "Accuracy is the sum total of your compensating mistakes."

                            "The thing I hate about an argument is that it always interrupts a discussion." G. K. Chesterton

                            Comment


                            • #15
                              That CD contains a lot of programs that allow you to bypass the operating system and do direct disk edits as well as many other things that Norton considers to be a threat. You will see the same result with any set of programs that work outside the system. Even completely safe things like the classic remote desktop software VNC will cause an alert in Norton.

                              If the Master Boot Record has been rewritten by a virus the chances are good that the virus has moved the main file table somewhere else on the disk. In that case if you replace the MBR with the default using fdisk /mbr you may lose access to everything on the disk permanently. The only safe way to do that is to examine the MBR with a disk editor and see if it has added any code to the MBR or replaced it with its own MBR. To do that you must know what you are doing in that area.

                              Incidentally, infostealer.gampass can be used to suck out registration keys from installed software including software you installed a long time ago and forgot/lost/never had () the registration key for.
                              Last edited by Evan; 11-15-2011, 01:49 PM.
                              Free software for calculating bolt circles and similar: Click Here

                              Comment

                              Working...
                              X