Boot disk - virus kill recipe needed for XP

[Upgr8er]

Hi All.

I was wondering if someone had a recipe for a boot disk with a virus scanner that could automatically update.

I'm often called upon by friends and family to fix their machines. Lately, that's become "please kill this virus my kid got on MY machine." The thing is, while I'm much better at it than any of them, I'm barely on the totem pole when it comes to some of the experts here. I've been running into some nasty viruses that take over the machine and won't even let you in the control panel or taskmanager because they set your account to LIMITED!

Some time ago, I followed a recipe from Maximum PC magazine and made a Bart PE boot disk. It worked once or twice but lately the network drivers won't take and it won't update. It's also not executing the scan (stops immediately with an error) and I believe that's because there's not enough room in the virutal drive it makes. I just can't get it to work anymore.

So what I'd like to be able to do is boot the machine and have a virus killer or two ready to run (preferably from the CD) and kill the viruses as they sit on the helpless hard drive. It sounds easy but the closest I can come is that Bart PE thing. Maybe I can still use that Bart system but is there a better option than Clamwin that will either run from the CD itself, or make a secure directory on the hard drive itself, then WORK?

Thanks!

 

[MadAmos]

I have used UBCD for windows If you use it for virus removal it is best to remake it with the current virus definition updates there is a good guide to how to build it here and I have seen a couple good videos on youtube on setting up and building it as well. I cant stress enough that making a new disc with the current virus info is an important part as they are a moving target, and without a current tool you are hamstrung from the beginning.
Link to list of tools included
I have not needed any thing similar for Vista so I don't know what if anything may be similar for it. As I remember there is a Linux build for UBCD as well but I have never used it.

Good luck,
Amos

 

[SagaLore]

Well, you could boot up with a CD with all the ethernet drivers you'll ever need, get on the network, and download them manually... but I think that would be too much hassle.

I suggest changing your tactic. Include all the tools you need to remove rootkits and any malware processes from the start points. HiJackThis has always been a great tool - there are a few others too, like SilentRunners. If you can boot into Safe Mode with Networking, you can run the tools, then run one of the free online scanners.

 

[Upgr8er]

Originally posted by: SagaLore
I suggest changing your tactic. Include all the tools you need to remove rootkits and any malware processes from the start points. HiJackThis has always been a great tool - there are a few others too, like SilentRunners. If you can boot into Safe Mode with Networking, you can run the tools, then run one of the free online scanners.

Sounds good . . . but could you give me a little more info? After booting into safe mode, I take it I'll have a CD prepared with these programs you mentioned above (and others). Will they run from the CD or will I have to install them from the CD to the hard drive THEN run them? I recall having difficulty and limited success doing that with AVG and Spybot S&D.

Thanks and thanks also to Madamos. I'll look into that too.

 

[SagaLore]

Originally posted by: Upgr8er

Originally posted by: SagaLore
I suggest changing your tactic. Include all the tools you need to remove rootkits and any malware processes from the start points. HiJackThis has always been a great tool - there are a few others too, like SilentRunners. If you can boot into Safe Mode with Networking, you can run the tools, then run one of the free online scanners.

Sounds good . . . but could you give me a little more info? After booting into safe mode, I take it I'll have a CD prepared with these programs you mentioned above (and others). Will they run from the CD or will I have to install them from the CD to the hard drive THEN run them? I recall having difficulty and limited success doing that with AVG and Spybot S&D.

Thanks and thanks also to Madamos. I'll look into that too.

Older version of HiJackThis (standalone exe)

Just copy it to the hard drive; you don't need to install.

 

[MadAmos]

Online hijackthis log file analysis If you use hijackthis it can be intimidating I find the above link help as a sanity check before you kill something that was not a/the problem.

Amos

 

[Auric]

Kaspersky sports a feature to create a BartPE image with itself integrated. Updates are then possible from within BartPE. If using BartPE on multiple systems, then simply include all possible network drivers (there are packs available). KAV and/or KIS is often available for free or nearly free after rebates (see frys and amazon deals).

Also, a good AV will of course prevent problems in the first place. Some viruses cannot be eliminated without deleting a file in which case restoration of the file or the system from a backup is necessary. So, another thing to do is create an easy restore from image process -such as with Ghost and an autoexec file with appropriate commands. The friends 'n' family could also be encouraged to save personal files to a different volume or removeable media so that restoration of the boot volume is of no concern.

 

[Zepper]

Avira.com has a nice bootable CD with scanner/remover on it. Just go to the web site, click on Downloads then click on Tools. Lots of neat free stuff to download there. The recovery CD is a 60MB+ download, but it has ISOLinux included to make it bootable. Antivir is always among the top 5 AV tools in the tests. They update the recover .ISO several times a day with the current definitions, etc., so download and burn a new one. You can also download the newest definitions after booting up the CD.

.bh.