Total Members: 14197
Posted by: bodarc
« on: 09. March 2009., 17:19:28 »If a Trojan/whatever is slick enough to defeat your A/V then it's using the Operating System to get the job done. Once your PC is PWNED it's too late perhaps to use your locally installed Anti-virus to remove ...unless your vendor can deliver an .EXE fix. It's time for a NEW TOOL for your professional toolkit. This is not a real solution for the faint of heart.
The way some of the latest virii work, Safe Mode scanning is even ineffective. Make a BartPE bootdisk and install some "portable" AV scanners ...the type that run without installing. Then you can scan your infected hard disk from a bootable CD/DVD in Windows Preinstallation environment and not from your infected O/S. Try "ClamWin" portable A/V, it's free, or add the portable scanner that is part of your licensed A/V. That would be available as an option likely as a "bootable floppy" or disk, read your help file. Then you can just copy those files to your BartPE (all of this is easier said than done, so if you don't know what I am saying then it's likely not in your PC skillset) Of course you can't create that licensed A/V bootdisk from an infected machine.
This is an advanced techy thing, I mean you have to be able to create a bootable BartPE disk and add A/V applications like ClamWin. Just google clamwin and bartpe... you'll get there. BartPE's site even has a list of anitvirus software that will work on their disk. It may take you the rest of the day but you will have a mighty tool for your Support Desk. It may take even longer to develop a disk with a strong enough (and freshly enough updated!) A/V to remove some of these new beasties, but a bootable disk may be the only weapon, short of pulling your drive and slaving it to another PC in Safe Mode ...but of course that could just result in two infected PCs!
TECHTIP: extract the downloaded ClamWin and install it on your desktop run the exe and allow it to update latest DAT files, then copy that updated "install" (doesn't truly install as such) to your Bart disk (and your Thumbdrive! ..oh yeah after using it to SCAN your thumbdrive ...which is likely the source of your infection ;-)
The way some of the latest virii work, Safe Mode scanning is even ineffective. Make a BartPE bootdisk and install some "portable" AV scanners ...the type that run without installing. Then you can scan your infected hard disk from a bootable CD/DVD in Windows Preinstallation environment and not from your infected O/S. Try "ClamWin" portable A/V, it's free, or add the portable scanner that is part of your licensed A/V. That would be available as an option likely as a "bootable floppy" or disk, read your help file. Then you can just copy those files to your BartPE (all of this is easier said than done, so if you don't know what I am saying then it's likely not in your PC skillset) Of course you can't create that licensed A/V bootdisk from an infected machine.
This is an advanced techy thing, I mean you have to be able to create a bootable BartPE disk and add A/V applications like ClamWin. Just google clamwin and bartpe... you'll get there. BartPE's site even has a list of anitvirus software that will work on their disk. It may take you the rest of the day but you will have a mighty tool for your Support Desk. It may take even longer to develop a disk with a strong enough (and freshly enough updated!) A/V to remove some of these new beasties, but a bootable disk may be the only weapon, short of pulling your drive and slaving it to another PC in Safe Mode ...but of course that could just result in two infected PCs!
TECHTIP: extract the downloaded ClamWin and install it on your desktop run the exe and allow it to update latest DAT files, then copy that updated "install" (doesn't truly install as such) to your Bart disk (and your Thumbdrive! ..oh yeah after using it to SCAN your thumbdrive ...which is likely the source of your infection ;-)
