Scanning For Viruses Before Windows Starts
-
I will be going on site to a new customer in a few hours to give their computers a once over and document what I find so we can determine what is required to have their business running optimally. While the main aim is to determine if the computers they have are capable of running the business I also have to put out bushfires. Last weekend I had one computer from this customer that Just didn't work according to them. It booted fine for me though I found that a NAV installation hadn't finished and Windows Update files were waiting for installation plus quite a bit of spyware crap. The machine was running Windows 2000 Professional without SP4 applied. A recently ex-employee sold himself off as a computer whiz (I think he knew how to turn them on as opposed to the rest of the staff there) and had several unregistered shareware title doing a fair bit of their work and none of it seemed relevant to me. Of course I expect to find a ton of this same crap on all machines. Liz (boss in my second job) is brilliant at drumming up work but lousy at details like what O/S, network structure if any, servers etc. So I expect to find viruses on at least a couple of machines. Having said that I don't want to boot to Windows to find out, in case it has phucked Windows too much already or will do so on my booting it. So I have been investigating how I can boot the computer and scan the computer for viruses from floppy or CD. I found McAfee Command Line Scanner[^] though I won't be able to scan an NTFS volume (which I bet all the machines are) after booting a Windows 98 boot disk. Likewise with NAV according to this[^] article on the Symantec website. I seem to remember that Inside Security Rescue Tool Kit[^] (bootable Linux distro on credit card CD) allows you to update virus definitions to RAM before scanning the HDD. I just happen to already have this burnt to CC CD and the customer has cable, it just might work though I haven't tested it let alone used it in the real world yet. Anyone have another tool or way to test for v
-
I will be going on site to a new customer in a few hours to give their computers a once over and document what I find so we can determine what is required to have their business running optimally. While the main aim is to determine if the computers they have are capable of running the business I also have to put out bushfires. Last weekend I had one computer from this customer that Just didn't work according to them. It booted fine for me though I found that a NAV installation hadn't finished and Windows Update files were waiting for installation plus quite a bit of spyware crap. The machine was running Windows 2000 Professional without SP4 applied. A recently ex-employee sold himself off as a computer whiz (I think he knew how to turn them on as opposed to the rest of the staff there) and had several unregistered shareware title doing a fair bit of their work and none of it seemed relevant to me. Of course I expect to find a ton of this same crap on all machines. Liz (boss in my second job) is brilliant at drumming up work but lousy at details like what O/S, network structure if any, servers etc. So I expect to find viruses on at least a couple of machines. Having said that I don't want to boot to Windows to find out, in case it has phucked Windows too much already or will do so on my booting it. So I have been investigating how I can boot the computer and scan the computer for viruses from floppy or CD. I found McAfee Command Line Scanner[^] though I won't be able to scan an NTFS volume (which I bet all the machines are) after booting a Windows 98 boot disk. Likewise with NAV according to this[^] article on the Symantec website. I seem to remember that Inside Security Rescue Tool Kit[^] (bootable Linux distro on credit card CD) allows you to update virus definitions to RAM before scanning the HDD. I just happen to already have this burnt to CC CD and the customer has cable, it just might work though I haven't tested it let alone used it in the real world yet. Anyone have another tool or way to test for v
This may be relevant - I do know there are utilities you can run from DOS that can read NTFS partitions. They appear as read-only drivers, though, so you could scan and *find* viruses, in theory, but not actually clean them up. Unfortunately I don't haev a clickety at the moment... but I'm guessing a quick search will brign something up. I do not remember if these utilities are free or not, but I think they are. No single raindrop believes that it is responsible for the flood.
-
This may be relevant - I do know there are utilities you can run from DOS that can read NTFS partitions. They appear as read-only drivers, though, so you could scan and *find* viruses, in theory, but not actually clean them up. Unfortunately I don't haev a clickety at the moment... but I'm guessing a quick search will brign something up. I do not remember if these utilities are free or not, but I think they are. No single raindrop believes that it is responsible for the flood.
SysInternals NTFSDOS[^] (read-only access, free) Winternals Administrator's Pack[^] (contains NTFSDOS Pro, with read/write access - costs money).
-
I will be going on site to a new customer in a few hours to give their computers a once over and document what I find so we can determine what is required to have their business running optimally. While the main aim is to determine if the computers they have are capable of running the business I also have to put out bushfires. Last weekend I had one computer from this customer that Just didn't work according to them. It booted fine for me though I found that a NAV installation hadn't finished and Windows Update files were waiting for installation plus quite a bit of spyware crap. The machine was running Windows 2000 Professional without SP4 applied. A recently ex-employee sold himself off as a computer whiz (I think he knew how to turn them on as opposed to the rest of the staff there) and had several unregistered shareware title doing a fair bit of their work and none of it seemed relevant to me. Of course I expect to find a ton of this same crap on all machines. Liz (boss in my second job) is brilliant at drumming up work but lousy at details like what O/S, network structure if any, servers etc. So I expect to find viruses on at least a couple of machines. Having said that I don't want to boot to Windows to find out, in case it has phucked Windows too much already or will do so on my booting it. So I have been investigating how I can boot the computer and scan the computer for viruses from floppy or CD. I found McAfee Command Line Scanner[^] though I won't be able to scan an NTFS volume (which I bet all the machines are) after booting a Windows 98 boot disk. Likewise with NAV according to this[^] article on the Symantec website. I seem to remember that Inside Security Rescue Tool Kit[^] (bootable Linux distro on credit card CD) allows you to update virus definitions to RAM before scanning the HDD. I just happen to already have this burnt to CC CD and the customer has cable, it just might work though I haven't tested it let alone used it in the real world yet. Anyone have another tool or way to test for v
I run into this a ton because we don't have any embedded firewall (Has XPs Firewall ever been made worth the trouble?). Our users dialin to their AT&T Business internet dialup and imediately get infected then bring it back. I didn't have access to Windows PE at the time so that was out. However a little research came up with something similar. http://www.nu2.nu/pebuilder/[^] Basically someone has somewhat re-egineered Windows PE, but it is intended now as a rescue platform and not a Pre-installation environment like Windows PE. I burn one of these every few weeks with new virus signatures. After that its stick it in and go. Not had any problem with any NT based platforms. It's very handy for taking care of a basly infected machine or trying to rescue data off a non-bootable hard drive. Mark Conger Sonork:100.28396
-
I will be going on site to a new customer in a few hours to give their computers a once over and document what I find so we can determine what is required to have their business running optimally. While the main aim is to determine if the computers they have are capable of running the business I also have to put out bushfires. Last weekend I had one computer from this customer that Just didn't work according to them. It booted fine for me though I found that a NAV installation hadn't finished and Windows Update files were waiting for installation plus quite a bit of spyware crap. The machine was running Windows 2000 Professional without SP4 applied. A recently ex-employee sold himself off as a computer whiz (I think he knew how to turn them on as opposed to the rest of the staff there) and had several unregistered shareware title doing a fair bit of their work and none of it seemed relevant to me. Of course I expect to find a ton of this same crap on all machines. Liz (boss in my second job) is brilliant at drumming up work but lousy at details like what O/S, network structure if any, servers etc. So I expect to find viruses on at least a couple of machines. Having said that I don't want to boot to Windows to find out, in case it has phucked Windows too much already or will do so on my booting it. So I have been investigating how I can boot the computer and scan the computer for viruses from floppy or CD. I found McAfee Command Line Scanner[^] though I won't be able to scan an NTFS volume (which I bet all the machines are) after booting a Windows 98 boot disk. Likewise with NAV according to this[^] article on the Symantec website. I seem to remember that Inside Security Rescue Tool Kit[^] (bootable Linux distro on credit card CD) allows you to update virus definitions to RAM before scanning the HDD. I just happen to already have this burnt to CC CD and the customer has cable, it just might work though I haven't tested it let alone used it in the real world yet. Anyone have another tool or way to test for v
-
I run into this a ton because we don't have any embedded firewall (Has XPs Firewall ever been made worth the trouble?). Our users dialin to their AT&T Business internet dialup and imediately get infected then bring it back. I didn't have access to Windows PE at the time so that was out. However a little research came up with something similar. http://www.nu2.nu/pebuilder/[^] Basically someone has somewhat re-egineered Windows PE, but it is intended now as a rescue platform and not a Pre-installation environment like Windows PE. I burn one of these every few weeks with new virus signatures. After that its stick it in and go. Not had any problem with any NT based platforms. It's very handy for taking care of a basly infected machine or trying to rescue data off a non-bootable hard drive. Mark Conger Sonork:100.28396
Yeah, what a :cool: idea! I just used that recently myself, and the PEBuilder CD is now in my "Computer Rescue Kit" along with NT Password and Registry Editor, WinXP Boot Loader, etc.
**"The real and lasting victories are those of peace, and not of war." -- Ralph Waldo Emerson
-
Yeah, what a :cool: idea! I just used that recently myself, and the PEBuilder CD is now in my "Computer Rescue Kit" along with NT Password and Registry Editor, WinXP Boot Loader, etc.
**"The real and lasting victories are those of peace, and not of war." -- Ralph Waldo Emerson
jdunlap wrote: and the PEBuilder CD is now in my "Computer Rescue Kit" Did you have to do anything special to get PE Builder to work? I downloaded it a couple of weeks ago and one of my participants at work spent a whole lot of time downloading all the possible plugins. Built the thing and burnt the ISO to CD, but when I booted from it a couple of days ago the plugins did not appear on the NU2 menu. I will look at this myself, it's just a matter of finding time to do it at the moment. Michael Martin Australia "I suspect I will be impressed though, I am easy." - Paul Watson 21/09/2003
-
jdunlap wrote: and the PEBuilder CD is now in my "Computer Rescue Kit" Did you have to do anything special to get PE Builder to work? I downloaded it a couple of weeks ago and one of my participants at work spent a whole lot of time downloading all the possible plugins. Built the thing and burnt the ISO to CD, but when I booted from it a couple of days ago the plugins did not appear on the NU2 menu. I will look at this myself, it's just a matter of finding time to do it at the moment. Michael Martin Australia "I suspect I will be impressed though, I am easy." - Paul Watson 21/09/2003
Michael Martin wrote: Built the thing and burnt the ISO to CD, but when I booted from it a couple of days ago the plugins did not appear on the NU2 menu. I didn't use the plugins so I don't know. All I needed from it at the time was the command line tools and NTFS support. I'm planning to look into the plugins soon, though, as they sound downright useful. :)
**"But the fruit of the Spirit is love, joy, peace, patience, kindness, goodness..." -- Galatians 5:22-23a