Virus removal/rescue kit

[Grey Gables]

After a couple of scrapes with virii on mine own and
other's machines, I am interested in building a rescue/
removal kit on disc.

One virus disabled practically all software, so the advice
from Symantec was useless, since it assumes that it's
software is running.
Starting in Safe Mode was also very difficult, but that is
something where a support disc would have been useful.

I know that there are so many different attacks, so a
solution for all will not be forthcoming, but it just feels
better to have something better than a dead Norton
AV and a dead Norton Internet Security.

Another thing is that Internet access is sometimes
stopped, since Explorer is also stopped, therefore
support via Internet is absent.

Sometimes, perhaps more help via DOS would be
useful, if Windows is down?

I suppose that some of the support would have to be
on floppy, since the dvd/cd would be out of use to
begin with?

Perhaps there are intelligent suppliers who have thought
of some of the difficulties and provide such a kit?

 

[David H. Lipman]

From: "Grey Gables" <[email protected]>

| After a couple of scrapes with virii on mine own and
| other's machines, I am interested in building a rescue/
| removal kit on disc.
|
| One virus disabled practically all software, so the advice from Symantec was useless,
| since it assumes that it's software is running.

< snip >

There are many tools for "viruses" but there is nothing for viri or virii !

 

[Art]

After a couple of scrapes with virii on mine own and
other's machines, I am interested in building a rescue/
removal kit on disc.

One virus disabled practically all software, so the advice
from Symantec was useless, since it assumes that it's
software is running.
Starting in Safe Mode was also very difficult, but that is
something where a support disc would have been useful.

I know that there are so many different attacks, so a
solution for all will not be forthcoming, but it just feels
better to have something better than a dead Norton
AV and a dead Norton Internet Security.

Another thing is that Internet access is sometimes
stopped, since Explorer is also stopped, therefore
support via Internet is absent.

Sometimes, perhaps more help via DOS would be
useful, if Windows is down?

I suppose that some of the support would have to be
on floppy, since the dvd/cd would be out of use to
begin with?

Perhaps there are intelligent suppliers who have thought
of some of the difficulties and provide such a kit?

What you're talking about is sometimes called "formal scanning"
whereby the PC boots from disc into a alternate operating
system and scanning of drive(s) is done in that alternate OS.

Back in the days of Windows 9X/ME, a DOS boot diskette, and DOS
antivirus scanners were used. In fact, I still have a offering at
my web site called F-Pup which is designed to be used in
conjunction with F-Prot for DOS. It has the capability of
creating a 4 diskette emergergency disk set including the boot
diskette. You use it on a clean Win 9X/ME system to download
F-Prot, update it, and then create the EBD.

For the NT based versions of Windows, it's a different situation.
Usually, people build a rescue CD using something like Bart's
CD builder. Not only DOS but other OS are used. Some DOS
av scanners aren't really suitable for scanning NTFS drives
even with a special NTFS driver.

Some av vendors do supply the means of creating rescue disks,
but I'm not familiar with them.

Personally, I avoid all this by using a cloned backup drive on
a removeable tray. If need be, I can simply restore everything
in a couple of minutes ... a far better solution than fooling
around with rescue discs, scanning and cleaning.

Art
http://home.epix.net/~artnpeg

 

[slartyb]

What you're talking about is sometimes called "formal scanning"
whereby the PC boots from disc into a alternate operating
system and scanning of drive(s) is done in that alternate OS.

Back in the days of Windows 9X/ME, a DOS boot diskette, and DOS
antivirus scanners were used. In fact, I still have a offering at
my web site called F-Pup which is designed to be used in
conjunction with F-Prot for DOS. It has the capability of
creating a 4 diskette emergergency disk set including the boot
diskette. You use it on a clean Win 9X/ME system to download
F-Prot, update it, and then create the EBD.

For the NT based versions of Windows, it's a different situation.
Usually, people build a rescue CD using something like Bart's
CD builder. Not only DOS but other OS are used. Some DOS
av scanners aren't really suitable for scanning NTFS drives
even with a special NTFS driver.

Some av vendors do supply the means of creating rescue disks,
but I'm not familiar with them.

Personally, I avoid all this by using a cloned backup drive on
a removeable tray. If need be, I can simply restore everything
in a couple of minutes ... a far better solution than fooling
around with rescue discs, scanning and cleaning.

Art
http://home.epix.net/~artnpeg

Please see the webpage below, under certain conditions, this may work
to do a system restore which may or may not fix SOME changes to the
registry etc.

I am keeping this method in mind for possible use in the future,
please read the info carefully and heed the warnings.

SYSTEMS MANAGEMENT
Running System Restore from the Recovery Console (well, sort of)
Serdar Yegulalp, Contributor
02.21.2006

http://searchwinsystems.techtarget.com/tip/1,289483,sid68_gci1167895,00.htm?Offer=SUN022406


ooroo slartyb
ban rectum thermometers

 

[Grey Gables]

Please see the webpage below, under certain conditions, this may work
to do a system restore which may or may not fix SOME changes to the
registry etc.

I am keeping this method in mind for possible use in the future,
please read the info carefully and heed the warnings.

SYSTEMS MANAGEMENT
Running System Restore from the Recovery Console (well, sort of)
Serdar Yegulalp, Contributor
02.21.2006

http://searchwinsystems.techtarget.com/tip/1,289483,sid68_gci1167895,00.htm?Offer=SUN022406


ooroo slartyb
ban rectum thermometers

Thanks to all for the replies.
I forgot to mention I am running WinXP Home.
Mention of System Restore reminds me that I have Norton
GoBack installed. I take it that this would be as useless as
all the other Norton options if a modern virus was active?

I also have something called ERUNT. It seems that is provides
a Restore of the Registry.

Has anyone had cause to use GoBack or ERUNT under
conditions where Safe Mode is the only option and
most applications fail to run?