Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Live Bootable Anti-virus/malware Rescue Tools...?


  • Please log in to reply
6 replies to this topic

#1 SafetySteve

SafetySteve

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California.
  • Local time:10:45 AM

Posted 30 July 2015 - 03:59 PM

Observation and question for the group...

 

It seems to me that installing or running an antivirus/malware scanner on a possibly infected machine and expecting it to work correctly is a big gamble.  If the wrong trojan/exploit/worm is running it can interfere with the scanner functions.  And often does.

 

What is the groups observations and experiences with the free commercial live bootable Antivirus rescue tools?  

 

I am helping a friend with an infected Windows computer.  I downloaded and installed five different products one at a time and removed a total of 6 actual infections.  Then they found no more infections.  Then I ran a common and well rated linux based scanner.  It found a total of five more.  After removing them the computer now appears to be working correctly.  I do plan to ask for assistance and see what the group finds.  But thoughts in general on the effectiveness of these point and click bootable scanners?

 

Thank you!

 

 



BC AdBot (Login to Remove)

 


#2 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 PM

Posted 30 July 2015 - 04:12 PM

Dr.Web and ESET are best in my opinion. Dr.Web is great against Sality or patching viruses because it has slow but great disinfection capabilities.



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:45 PM

Posted 30 July 2015 - 04:12 PM

LiveCD/Rescue CD/USB utilities are tools provided by most anti-virus vendors to assist with difficult to remove malware without having to boot into Windows. They are primarily used to boot from and repair unbootable or damaged systems, rescue data, and scan the system for malware infections. With a bootable virus scanning utility, you create a flash drive or CD/DVD disc from a working computer and then use it on an infected machine to scan the hard drive for malware. These types of utilities permit offline scanning which can disinfect malware from outside the infected Windows system. The advantage of offline scans is that they can be used when the malware is not running and interfering with the clean-up process. Rescue CD’s typically come as an ISO image file that can be written to a CD or installed on a USB flash drive which is then used to boot-up the computer to run the live operating system in memory. However, there are some issues to be aware of...see Linux Rescue CD: a help or a hinderance?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:45 PM

Posted 30 July 2015 - 04:25 PM

Dr.Web and ESET are best in my opinion. Dr.Web is great against Sality or patching viruses because it has slow but great disinfection capabilities.

I wouldn't try to disinfect file infectors, to be honest.

Even if the virus code is removed, parts of the files are already destroyed and no AV can repair that. Because of that, the executables that was infected with the virus will have bugs introduced in them that can range from subtle to catastrophic.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:45 PM

Posted 30 July 2015 - 04:34 PM

I agree with Alex....I do not know of any security vendor who will guarantee complete removal of file infectors since they cannot ensure that some files will not get corrupted during the disinfection process. This means that infected executables and system files can become unusable after attempting to repair them which then may affect the stability of the computer or worst, keep it from booting properly. If the computer is able to boot afterward, there is still no guarantee the virus is really gone. Since many of the affected files are legitimate critical files required by the operating system, deletion is not a viable option. Many anti-virus vendors even admit that some malicious programs like file infectors cannot be properly disinfected by their products.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 SafetySteve

SafetySteve
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California.
  • Local time:10:45 AM

Posted 31 July 2015 - 09:59 AM

Thank you for the responses.  I was not aware of the limitation of the linux based tools to scan the windows registry.  So maybe a BartPE based tool as well?

 

The blog that Quietman7 linked to has good information.

 

Thank you.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:45 PM

Posted 31 July 2015 - 11:56 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users