Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42866
  • Total Topics: 16075
  • Online Today: 1580
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Author Topic: Need a new AntiVirus Tool? I mean WEAPON!  (Read 5015 times)

0 Members and 1 Guest are viewing this topic.

bodarc

  • SCF Member
  • **
  • Posts: 13
  • KARMA: 2
Need a new AntiVirus Tool? I mean WEAPON!
« on: 09. March 2009., 18:35:28 »
Lately it feels more like the "Information Battleground" instead of the "Information Superhighway"!  I envision myself cruising down the road in Papi's top-down Buick, when I look over and Mel Gibson <insert Mad Max here> is driving, wearing a spiked dog collar >:D ...wha happened?!  :o

If a Trojan/whatever is slick enough to defeat your locally installed A/V, then it's using the Operating System to get the job done.  Once your PC is PWNED, it's too late perhaps to use that Anti-virus to get clean ...unless your vendor can deliver a targeted .EXE fix.  It's time for a NEW TOOL for your professional toolkit.  This is not an easy solution for the faint of heart. <translation> Faint-of-heart: If you found yourself typing PWNED into Wikipedia ... or never heard of the Wiki

http://en.wikipedia.org/wiki/Pwn

With the way some of the latest trojan/virii work, Safe Mode scanning is even ineffective.  New WEAPON!? >:(  I suggest making a BartPE bootdisk and install some "portable" and commandline AV/Malware scanners ..."portable" meaning the type that run without installing.  Then you can scan your infected hard disk from a bootable CD/DVD in Windows Preinstallation environment and not from your infected O/S.  Check out BartPE here:

http://nu2.nu/pebuilder/

Try "ClamWin" portable A/V, it's free, or add the commandline scanner that is part of your licensed A/V.  That would be available as a "bootable floppy/CD" option, read your help file, then you can just copy those files to your BartPE "build".  BartPE even has a disk with some built-in commandline scanners from Macaffee.  Obviously the more the merrier, so add as many tools as legal.  The good thing is you are building/updating it yourself and not downloading it from (*cough*) an unknown source.  I mean you don't buy your penicillin from the CatHouse?  :angel:

All of this is easier said than done, but it's never too late to learn and all of the documentation is on these sites.  Of course you can't create that licensed A/V bootdisk from an infected machine.  You can find ClamWin Portable A/V (don't get sidetracked!) here:

http://portableapps.com/apps/utilities/clamwin_portable

And you can find a list of A/V scanners that work with BartPE here:

http://www.bootcd.us/search.php?keyword=antivirus&main=yes

This is an advanced techy thing, I mean you have to be able to create a bootable BartPE CD/DVD (requires a burner) and then add A/V applications like ClamWin etc.  It may take you the rest of the day (week!) but you will have a mighty tool for your Support Desk.  It may take even longer to develop a disk with a strong enough (and freshly enough updated!) A/V to remove some of these new beasties, but a bootable CD/DVD may be the only weapon, short of pulling your drive and slaving it to another PC in Safe Mode ...but of course that could just result in *two* infected PCs!

Building the disk yourself allows you to do plenty of low-cost testing, and develop a highly flexible and *legal* solution... if one AV/Malware scanner fails maybe another will work!  Once you have your core build setup in "PeBuilder" it will be easier to deploy a newly updated disk. (RTFM)

TECHTIP: extract the downloaded ClamWin and install it on your desktop run the exe and allow it to update latest DAT files, then copy that updated "install" (doesn't truly install as such) to your BartPE "build" (and your Thumbdrive! ..oh yeah after using it to SCAN your thumbdrive ...which is likely the source of your infection ;-)  The same advice would apply to other applications like Malwarebytes... you want to write an updated package to your hardcoded BartPE disk (CD/DVD)

SCForum rocks!  So if you find a particular scanner that really works for you, be sure to reply/share

Bo O0

Samker's Computer Forum - SCforum.info

Need a new AntiVirus Tool? I mean WEAPON!
« on: 09. March 2009., 18:35:28 »

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Need a new AntiVirus Tool? I mean WEAPON!
« Reply #1 on: 09. March 2009., 20:36:32 »

Thank you Bo for this great explanation...  :thumbsup:

Next time, when I get stuck with some hardcore Malware, will try this.  ;)

Best Regards,

Samker

krrjhn

  • SCF Advanced Member
  • ***
  • Posts: 213
  • KARMA: -5
Re: Need a new AntiVirus Tool? I mean WEAPON!
« Reply #2 on: 12. January 2011., 06:41:57 »
Great work!!!!!!!!!

Compstuff

  • SCF Member
  • **
  • Posts: 35
  • KARMA: 3
Re: Need a new AntiVirus Tool? I mean WEAPON!
« Reply #3 on: 18. January 2011., 14:24:04 »
I use ClamWin on Boot CD's as a tool and find it great

Samker's Computer Forum - SCforum.info

Re: Need a new AntiVirus Tool? I mean WEAPON!
« Reply #3 on: 18. January 2011., 14:24:04 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising