Has anyone ever fixed malware/spyware thru' BartPE

Author	All Replies
CTS Premium join:2001-12-23 Bayside, NY clubs:	Has anyone ever fixed malware/spyware thru' BartPE I was just wondering if anyone had used BartPE or UBCD to fix malware or spyware and whatnot and if that works? I know that when using BartPE or UBCD, they have their own registry so in a sense, you can't really fix the Window's infected registry unless you use a plugin that allows remote registry or how does that work? Just wanted to hear some opinions on this. Thanks -- Operation Hold `Em"Shuffle Up and Deal"
	to forum · permalink · · 2006-01-27 23:26:28 ·
quepasa @fastxdsl.nl	Re: Has anyone ever fixed malware/spyware thru' Ba »windowsxp.mvps.org/peboot.htm »www.911cd.net/forums//index.php?···pic=8715 never used this, but seems like it could be useful: »ezpcfix.net/html/docs.html
	to forum · permalink · 2006-01-28 05:44:19 ·
psloss Premium join:2002-02-24 Alpharetta, GA	reply to CTS Yes; if I have physical access to the computer (a real console session), it's the fastest way to regain control of the computer away from "commercial" malware. (Malware that is not targeting specific individuals.) Since the first step in removal is to stop the software from running, BartPE or WinPE or a Knoppix CD accomplishes that step on startup. The next step is to prevent future operation and while it is harder to see the offline Registry hives without using something like RegEditPE, you can delete the files themselves first. For example, with a kernel driver, deleting the executable is just as effective as removing the SCM entry from the currently selected control set. So given a UBCD "distro" or a Knoppix CD with the ability to drive an anti-virus scan (either online or off), you could scan/clean all the disk volumes (hard drives) on the computer first, and then boot back into the infected OS and run additional scans to clean Registry and other related data files. This is something (BartPE compatibility) I really want to add to our embryonic scanner. Philip Sloss -- Feedback? e-mail: stuff@lupwa.org
	to forum · permalink · · 2006-01-28 08:43:18 ·
Goldengamego Premium join:2004-02-22 Okemos, MI	reply to CTS said by CTS : I was just wondering if anyone had used BartPE or UBCD to fix malware or spyware and whatnot and if that works? I know that when using BartPE or UBCD, they have their own registry so in a sense, you can't really fix the Window's infected registry unless you use a plugin that allows remote registry or how does that work? Just wanted to hear some opinions on this. Thanks It works very well, especially with malware that is capable of protecting itself (rootkits, CWS, etc). To answer your question about the registry, regedit.exe has an option under it's file menu called "load hive" which you can use to manually load the hives from an offline system. It's much easier though to use UBCD4Win (»www.ubcd4win.com ) -- Because Goldengamegod won't fit:p
	to forum · permalink · · 2006-01-28 10:22:18 ·
fegul Premium join:2004-08-23 united state	[BQUOTE=GoldengamegoIt's much easier though to use UBCD4Win (»www.ubcd4win.com ) [/BQUOTE x2. I've used it a lot to remove malware, and it comes in very handy when safe mode still isnt that "safe" -- \|Networking Help\|My Blog\|Fegul.com\|
	to forum · permalink · · 2006-01-28 11:56:44 ·
CTS Premium join:2001-12-23 Bayside, NY clubs:	reply to CTS Yeah, that's what I want to try do and see if I can do most of the repairing through a PE and then finish up the job in the actual environment. Is there any additional plugins you use that's not included in UBCD? Also, can anyone do a quick rundown of how they normally fix malware with a PE? I'm so use to fixing malware through the actual Windows, Safe Mode, etc. Thanks -- Operation Hold `Em"Shuffle Up and Deal"
	to forum · permalink · · 2006-01-29 00:05:56 ·
fegul Premium join:2004-08-23 united state	Using the WUBCD, I usually run the Mwav tool to scan for viruses, then I run Adaware and Spybot to get rid of some of the others. Then I run Hijackthis to clear up any other junk. Then I run the PC in safe mode and install Spysweeper. Clean using it, and then run a few mor scans just in case. Some UBCD plugins as well as Mwav here; »www.aptv38.dsl.pipex.com/Plugins···list.htm -- \|Networking Help\|My Blog\|Fegul.com\|
	to forum · permalink · · 2006-01-29 00:09:20 ·
CTS Premium join:2001-12-23 Bayside, NY clubs:	said by fegul : Using the WUBCD, I usually run the Mwav tool to scan for viruses, then I run Adaware and Spybot to get rid of some of the others. Then I run Hijackthis to clear up any other junk. Then I run the PC in safe mode and install Spysweeper. Clean using it, and then run a few mor scans just in case. Some UBCD plugins as well as Mwav here; »www.aptv38.dsl.pipex.com/Plugins···list.htm Never had a time when you needed a specific fix like l2mfix or the Vundofix to get rid of anything in particular? Or the tools included in UBCD does the trick? Sorry about the many questions, I'm just curious and want to learn. Thanks -- Operation Hold `Em"Shuffle Up and Deal"
	to forum · permalink · · 2006-01-29 00:17:29 ·
fegul Premium join:2004-08-23 united state	You'd be surprised how much Spysweeper can fix. I clean up most of the things in PE, the rest is done in safe mode (like the specialized cleaners)
	to forum · permalink · · 2006-01-29 00:18:40 ·
CTS Premium join:2001-12-23 Bayside, NY clubs:	said by fegul : You'd be surprised how much Spysweeper can fix. I clean up most of the things in PE, the rest is done in safe mode (like the specialized cleaners) Interesting... I'll definitely check it out. I actually have a test PC set up and want to test out using UBCD and see how effect it can be. Thanks -- Operation Hold `Em"Shuffle Up and Deal"
	to forum · permalink · · 2006-01-29 00:33:36 ·
toadlife Premium join:2004-05-03 Lemoore, CA ·AT&T Yahoo	reply to CTS Yep. BartPE is great for those nasty self replicating buggers. I wouldn't worry too much about cleaning the registry of the infected system with BartPE. The files are what is important, since registry entries are useless if the code they point to is no longer there.
	to forum · permalink · · 2006-01-29 02:30:10 ·
CTS Premium join:2001-12-23 Bayside, NY clubs:	reply to CTS Hmm...for some reason I can't seem to build UBCD. Every time I do so, I get the BartPE folder which contains the contents but if I burn the contents, I don't get a bootable CD. I know the builder is suppose to build the ISO but it's no where to be found within the folders. Maybe I did something wrong? -- Operation Hold `Em"Shuffle Up and Deal"
	to forum · permalink · · 2006-01-29 10:12:46 ·
Profixer join:2005-07-01	CTS... I have a document I wrote a while ago which explains all the steps in making a BartPE bootable CD, and adding registry plugins etc... if you send me your email, I can send that off to you...
	to forum · permalink · · 2006-01-29 10:38:07 ·
WiggiE join:2003-06-14 Milford, OH	reply to CTS »www.aptv38.dsl.pipex.com/Plugins···ting.htm
	to forum · permalink · · 2006-01-29 11:10:07 ·
Goldengamego Premium join:2004-02-22 Okemos, MI	reply to CTS said by CTS : Hmm...for some reason I can't seem to build UBCD. Every time I do so, I get the BartPE folder which contains the contents but if I burn the contents, I don't get a bootable CD. I know the builder is suppose to build the ISO but it's no where to be found within the folders. Maybe I did something wrong? »ubcd4win.com/howto.htm Have a look at the HOWTO -- Because Goldengamegod won't fit:p
	to forum · permalink · · 2006-01-30 13:33:48 ·


Tuesday, 10-Nov 12:25:15	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF