Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Using BartPE or others to remove infections


  • Please log in to reply
3 replies to this topic

#1 shinomen

shinomen

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 03 January 2009 - 09:38 PM

For quite some time I've been using a bartpe CD with the XPE plugin that has Ad-aware, A Squared, and AVG 7.5 plugins on it to fight viruses and spyware infection from outside of the windows OS. But I'm finding that as time goes by, these programs are not as capable of getting rid of some of the harder to fight infections that Combofix and Malware Bytes Anti-Malware can detect and remove.

In my opinion it's better to boot from a cd and remove spyware and virus infections from the outside since the infections aren't actively running and trying to avoid the scanners. It would be great if combofix and Malware Bytes Anti-malware could run on such a tool as the bartpe or even the UBCD4win CD since both of these softwares are able to load and access the registry for scanning of the PC on which it is running without having to boot the infected OS.

I don't know if this has been suggested or asked and whether or not it has been answered but can anyone shed any light on this for me?

Thanks.

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:01:50 AM

Posted 04 January 2009 - 12:14 AM

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

There will be no discussion of ComboFix, outside of the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum.
If you wish to discuss other programs, that is fine.

Any further mention, of this program, will result in this topic being closed.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 shinomen

shinomen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 04 January 2009 - 09:11 AM

OK.

Edited by shinomen, 04 January 2009 - 09:24 AM.


#4 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:50 AM

Posted 07 January 2009 - 11:36 PM

MalwareBytes will not be ported to BartPE.

The way our heuristics work, MBAM's detection capabilities would be crippled when running in BartPE. The malware needs to be running normally for our heuristics to be the most effective, that means Windows needs to be booted normally.

For LiveCD cleaning of a Windows machine have a look at Trinity Rescue Kit.
http://trinityhome.org/Home/index.php?wpid=1&front_id=12

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users