Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tools of the trade


  • Please log in to reply
6 replies to this topic

#1 Peterid

Peterid

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 04 September 2011 - 01:37 AM

I have around 6 years of professional experience in computer sales and service. However, I have been out of the business for awhile. Recently, I began repairing computers again. I feel as though I've fallen out of touch with what security software and tools I can use. Of course I have combofix, gmer, rkill, malwarebytes and such in my toolkit, but I'm wondering what's new out there that anyone could recommend.

Also, just PC repair tools in general, if anyone has any thoughts they would care to share.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:29 AM

Posted 05 September 2011 - 09:47 AM


IMPORTANT!: ComboFix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for viruses. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Further, when issues arise due to complex malware infections, possible false detections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.
[/b].

Edited by quietman7, 07 September 2011 - 06:35 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 coxchris

coxchris

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:05:29 AM

Posted 05 September 2011 - 09:57 AM

that first link is invalid.

you could find a bag of rocks or a computer repair kit at any bestbuy location

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,840 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:05:29 AM

Posted 05 September 2011 - 11:41 AM

Freeware Replacements for Common Commercial Apps

Correct URL posted.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 180tech

180tech

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 05 September 2011 - 11:49 AM

Also getting back in to computer repair. Was in the IT world of Microsoft Exchange for the last 10 years. Now looking at getting back into the fun lower level system stuff. :)

Kind of related as a tool but really more in methodology:

It seems to be a good idea but am curious to know if it really is a good idea to physically remove an infected drive and put it onto another system as a slave drive, and then scan the whole drive (all partitions) on the other system with Malwarebytes etc?

My only concern would be it wouldn't get the registry entries but it could enable a quick clean up and at least be able to boot into a clean system.

Thanks for any advice on that!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:29 AM

Posted 07 September 2011 - 06:50 AM

am curious to know if it really is a good idea to physically remove an infected drive and put it onto another system as a slave drive, and then scan the whole drive (all partitions) on the other system with Malwarebytes etc?

That can work in some cases but it really depends on the infection you are dealing with and what damage was done.

The problem with some malware infections, especially when dealing with backdoor Trojans and rootkits is that they often are responsible for downloading additional malicious files and the severity of damage will vary.

If you are dealing with a dangerous file infector there is no guarantee that some files will not get corrupted during the disinfection process. This means that infected executables and system files can become unusable after attempting to repair them and afterward, there is still no guarantee the virus is really gone. Since many of the affected files are legitimate critical files required by the operating system, deletion is not a viable option. Further, when slaving an infected hard drive, there is always the risk of the file infector spreading to the clean drive.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 07 September 2011 - 07:33 AM

am curious to know if it really is a good idea to physically remove an infected drive and put it onto another system as a slave drive, and then scan the whole drive (all partitions) on the other system with Malwarebytes etc?


You can do this, and there are also alternatives to this: Live CDs with AV.
Several AV vendors offer free Live CDs with their AV for download. You download the Live CD, burn the image to a CD, then boot from the CD and scan your harddrive.
This way, your harddrive is scanned with a clean OS.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users