Goldengamego
Premium
join:2004-02-22
Okemos, MI
| reply to CTS
Re: Has anyone ever fixed malware/spyware thru' Ba
said by CTS  :Hmm...for some reason I can't seem to build UBCD. Every time I do so, I get the BartPE folder which contains the contents but if I burn the contents, I don't get a bootable CD. I know the builder is suppose to build the ISO but it's no where to be found within the folders. Maybe I did something wrong? »ubcd4win.com/howto.htm
Have a look at the HOWTO
--
Because Goldengamegod won't fit:p |
|
WiggiE
join:2003-06-14
Milford, OH | reply to CTS
»www.aptv38.dsl.pipex.com/Plugins···ting.htm |
|
Profixer
join:2005-07-01 | reply to CTS
CTS... I have a document I wrote a while ago which explains all the steps in making a BartPE bootable CD, and adding registry plugins etc... if you send me your email, I can send that off to you... |
|
CTS
Premium
join:2001-12-23
Bayside, NY
clubs:  
| reply to CTS
Hmm...for some reason I can't seem to build UBCD. Every time I do so, I get the BartPE folder which contains the contents but if I burn the contents, I don't get a bootable CD. I know the builder is suppose to build the ISO but it's no where to be found within the folders.
Maybe I did something wrong?
--
Operation Hold `Em"Shuffle Up and Deal" |
|
toadlife
Premium
join:2004-05-03
Lemoore, CA
 ·AT&T Yahoo
| reply to CTS
Yep. BartPE is great for those nasty self replicating buggers. I wouldn't worry too much about cleaning the registry of the infected system with BartPE. The files are what is important, since registry entries are useless if the code they point to is no longer there. |
|
CTS
Premium
join:2001-12-23
Bayside, NY
clubs:
| reply to fegul
said by fegul :You'd be surprised how much Spysweeper can fix. I clean up most of the things in PE, the rest is done in safe mode (like the specialized cleaners) Interesting... I'll definitely check it out.
I actually have a test PC set up and want to test out using UBCD and see how effect it can be.
Thanks
--
Operation Hold `Em"Shuffle Up and Deal" |
|
fegul
Premium
join:2004-08-23
united state | reply to CTS
You'd be surprised how much Spysweeper can fix. I clean up most of the things in PE, the rest is done in safe mode (like the specialized cleaners) |
|
CTS
Premium
join:2001-12-23
Bayside, NY
clubs:
| reply to fegul
said by fegul :Using the WUBCD, I usually run the Mwav tool to scan for viruses, then I run Adaware and Spybot to get rid of some of the others. Then I run Hijackthis to clear up any other junk. Then I run the PC in safe mode and install Spysweeper. Clean using it, and then run a few mor scans just in case. Some UBCD plugins as well as Mwav here; » www.aptv38.dsl.pipex.com/Plugins···list.htm Never had a time when you needed a specific fix like l2mfix or the Vundofix to get rid of anything in particular? Or the tools included in UBCD does the trick?
Sorry about the many questions, I'm just curious and want to learn.
Thanks
--
Operation Hold `Em"Shuffle Up and Deal" |
|
fegul
Premium
join:2004-08-23
united state
| reply to CTS
Using the WUBCD, I usually run the Mwav tool to scan for viruses, then I run Adaware and Spybot to get rid of some of the others.
Then I run Hijackthis to clear up any other junk.
Then I run the PC in safe mode and install Spysweeper. Clean using it, and then run a few mor scans just in case.
Some UBCD plugins as well as Mwav here; »www.aptv38.dsl.pipex.com/Plugins···list.htm
--
|Networking Help|My Blog|Fegul.com| |
|
CTS
Premium
join:2001-12-23
Bayside, NY
clubs:
| reply to CTS
Yeah, that's what I want to try do and see if I can do most of the repairing through a PE and then finish up the job in the actual environment.
Is there any additional plugins you use that's not included in UBCD? Also, can anyone do a quick rundown of how they normally fix malware with a PE? I'm so use to fixing malware through the actual Windows, Safe Mode, etc.
Thanks
--
Operation Hold `Em"Shuffle Up and Deal" |
|
fegul
Premium
join:2004-08-23
united state
| reply to Goldengamego
[BQUOTE=GoldengamegoIt's much easier though to use UBCD4Win (»www.ubcd4win.com )
[/BQUOTE
x2. I've used it a lot to remove malware, and it comes in very handy when safe mode still isnt that "safe" 
--
|Networking Help|My Blog|Fegul.com| |
|
Goldengamego
Premium
join:2004-02-22
Okemos, MI
| reply to CTS
said by CTS :I was just wondering if anyone had used BartPE or UBCD to fix malware or spyware and whatnot and if that works? I know that when using BartPE or UBCD, they have their own registry so in a sense, you can't really fix the Window's infected registry unless you use a plugin that allows remote registry or how does that work? Just wanted to hear some opinions on this. Thanks It works very well, especially with malware that is capable of protecting itself (rootkits, CWS, etc).
To answer your question about the registry, regedit.exe has an option under it's file menu called "load hive" which you can use to manually load the hives from an offline system.
It's much easier though to use UBCD4Win (»www.ubcd4win.com )
--
Because Goldengamegod won't fit:p |
|
psloss
Premium
join:2002-02-24
Alpharetta, GA
| reply to CTS
Yes; if I have physical access to the computer (a real console session), it's the fastest way to regain control of the computer away from "commercial" malware. (Malware that is not targeting specific individuals.)
Since the first step in removal is to stop the software from running, BartPE or WinPE or a Knoppix CD accomplishes that step on startup.
The next step is to prevent future operation and while it is harder to see the offline Registry hives without using something like RegEditPE, you can delete the files themselves first. For example, with a kernel driver, deleting the executable is just as effective as removing the SCM entry from the currently selected control set.
So given a UBCD "distro" or a Knoppix CD with the ability to drive an anti-virus scan (either online or off), you could scan/clean all the disk volumes (hard drives) on the computer first, and then boot back into the infected OS and run additional scans to clean Registry and other related data files.
This is something (BartPE compatibility) I really want to add to our embryonic scanner.
Philip Sloss
--
Feedback? e-mail: stuff@lupwa.org |
|
quepasa
@fastxdsl.nl
| reply to CTS
»windowsxp.mvps.org/peboot.htm
»www.911cd.net/forums//index.php?···pic=8715
never used this, but seems like it could be useful:
»ezpcfix.net/html/docs.html |
|
CTS
Premium
join:2001-12-23
Bayside, NY
clubs:
| Has anyone ever fixed malware/spyware thru' BartPE
I was just wondering if anyone had used BartPE or UBCD to fix malware or spyware and whatnot and if that works? I know that when using BartPE or UBCD, they have their own registry so in a sense, you can't really fix the Window's infected registry unless you use a plugin that allows remote registry or how does that work?
Just wanted to hear some opinions on this.
Thanks
--
Operation Hold `Em"Shuffle Up and Deal" |
|
