[SGVLUG] scanning windows systems for viruses from live-CD's

Jeff Keys jskeys at gmail.com
Sun Sep 24 13:32:33 PDT 2006 

Hi Tom,

Try the INSERT LiveCD. It's based on Knoppix, has clamav and lots of
other nice tools. Last ime I checked, it was under 50 Mb.
http://www.inside-security.de/INSERT_en.html

Another alternative is using the Live Installer in regular Knoppix to
install F-Prot (you need an internet connection so Knoppix can get
it.)

Third option, too much work unless you are going to do a lot of
this--build your own Knoppix variant with wine, AVG antivirus for
Windows, Spybot S&D, maybe AdAware. I did this a couple years ago
after spending hours cleaning up 700 viruses and 450 trojans using
only AVG, Spybot, Regedit, and a hex editor on Windows98 for a step
cousin-in-law once removed. Making the CD was therapeutic after that.

I miss you guys. I am now living in Mission Viejo, and it's tough to
make it to Cal Tech.

Jeff Keys


On 9/24/06, Tom Emerson <osnut at pacbell.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Well, my brother in law has finally done it -- he admits to "doing
> something stupid" and now his system has a few viruses.  Most of them
> he's been able to clean, but one is a really persistent bugger -- it has
> somehow invaded his browser such that if he "just opens a browser
> session" instead of going to the defined home-page, it goes to another
> site that tells him "your system is infected, click /here/ to get the
> latest and greatest" (new virus to add to your system...)  He seems to
> think that just visiting this page enables more viruses to infect his
> system (or, at the very least, system performance goes to hell)
>
> Although he has scanned the system seven ways from sunday, it still
> persists, so he believes it has gotten in so deep that system calls to
> read the disk are being perverted so as not to return evidence of this
> virus (hence scanners fail to find it)  His next real recourse is to
> pull this drive, slave it to another system, and run the scan from that
> other system (i.e., so that none of the system files of the "infected"
> drive are loaded)  Before going to that extent, however, he has been
> asking if any of the "live-CD" type distributions such as knoppix have
> been built to scan windows systems.
>
> "it had just so happened..." that earlier in the day I downloaded the
> "embedded" Damn Small Linux (DSL, not to be confused with broadband)
> which will actually boot and run as a process within windows or linux
> (it uses qemu to create an environment to run within windows)  the
> download is 50 meg (though compressed) which makes it small enough to
> load onto usb memory stick/pen drives.  It may even be possible to
> create a boot-from-usb-device version that would create his "live-cd"
> environment, but I didn't see clamav or similar in the synaptic (apt)
> installer.
>
> Any thoughts?  (and yes, I did go back through the recent thread on a
> similar situation and saw Dustin's "tough love" post -- I know I've
> tried getting him to use this on a regular basis, but of course, the
> "problem" machine is one "at work"  (or is it the one he plays on-line
> web-based games that require specific active-x controls which don't work
> well with firefox?)
>
> - --
> Top o' the Blog: latest Suse install in the least likely of places
> http://osnut.homelinux.net/mtblog/ya_index.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFFtvUV/YHUqq2SwsRAl+GAJ9mLSit8IyP/yPxQoC1EPfAhS1RpQCgn5jX
> WiXdBz3amkMSpJFMj3I7JcU=
> =v7XN
> -----END PGP SIGNATURE-----
>

More information about the SGVLUG mailing list