Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Has anyone ever fixed malware/spyware thru' BartPE
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Blackworm Warning !! »
« HJT Log,computer overrun by popups & EXTREMLY SLOW  
AuthorAll Replies

psloss
Premium
join:2002-02-24
Alpharetta, GA

reply to CTS
Re: Has anyone ever fixed malware/spyware thru' Ba

Yes; if I have physical access to the computer (a real console session), it's the fastest way to regain control of the computer away from "commercial" malware. (Malware that is not targeting specific individuals.)

Since the first step in removal is to stop the software from running, BartPE or WinPE or a Knoppix CD accomplishes that step on startup.

The next step is to prevent future operation and while it is harder to see the offline Registry hives without using something like RegEditPE, you can delete the files themselves first. For example, with a kernel driver, deleting the executable is just as effective as removing the SCM entry from the currently selected control set.

So given a UBCD "distro" or a Knoppix CD with the ability to drive an anti-virus scan (either online or off), you could scan/clean all the disk volumes (hard drives) on the computer first, and then boot back into the infected OS and run additional scans to clean Registry and other related data files.

This is something (BartPE compatibility) I really want to add to our embryonic scanner.

Philip Sloss
--
Feedback? e-mail: stuff@lupwa.org
to forum · permalink · · 2006-01-28 08:43:18 · Reply to this
Forums » Up and Running » Security » SecurityBlackworm Warning !! »
« HJT Log,computer overrun by popups & EXTREMLY SLOW  

Wednesday, 02-Dec 14:45:56 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [159] Comcast Releasing Promised Usage Meter
· [76] Latest Consumer Reports Survey Not Kind To AT&T
· [74] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [69] Baltimore To Ban Lazy Cable Installs
· [60] Broadband Killed The Game Console
· [54] Rogers Unveils The ISP Dream Model
· [46] ACTA: Global Three Strikes
· [41] Rural Carriers Quickly Embracing Fiber
· [38] Charter Exits Chapter 11
· [33] AT&T Top Lobbyist Cicconi Has His Feelings Hurt
Most people now reading
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· bandwidth tool offline til when? [TekSavvy]
· DK Weapon Upgrade [World of Warcraft]
· A little freaky, not sure if its legit. [Spam, Scam and Phishbusters]
· UBB round 2 at the CRTC [Canadian Broadband]
· LFM Overkill [World of Warcraft]
· MS admits Windows Updates principally created to annoy [Security]
· Am I the only one that loves to work in IT? [No, I Will Not Fix Your #@$!! Computer]
· Ooma changing features [VOIP Tech Chat]
· Windows 7 boot manager editing questions [Microsoft Help]