Bootable antivirus/antimalware CDs

V

venm11

2[H]4U
Joined
Oct 6, 2004
Messages
2,236
Does anyone have any recommendations for bootable antivirus/antimalware CDs? I tried a bitdefender and trinity at the below link, which don't boot on any of the PCs I've tried (hang at knoppix message). Knoppix install cds, however, do boot.

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Any other ideas are welcome. I'm trying to recover a PC absolutely destroyed by one of those hey-click-on-this things; it's totally locked the machine down.
 
I have had this same problem with few pc's before and honestly unless theres some important info on the machine your better off reformating the drive and starting off with a fresh install. This particular spyware/virus really jacks up alot of stuff registry wise and so on and in my opinion it would be foolish to try and keep running the system if you were able to recover it from this infection..If its a matter of files preservation then you can try malwarebyte software do a google search. I have had luck with it in safe mode but like I said it didnt run real good after words and just ended up reformating the system which I should have done in first place..HTH
 
They don't work. Sure they find viruses but can't seem to ever clean them. The best thing to do is pull the drive and scan it on another computer. Those USB hdd docks would be great.
 
venm11 said:
Does anyone have any recommendations for bootable antivirus/antimalware CDs? I tried a bitdefender and trinity at the below link, which don't boot on any of the PCs I've tried (hang at knoppix message). Knoppix install cds, however, do boot.

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Any other ideas are welcome. I'm trying to recover a PC absolutely destroyed by one of those hey-click-on-this things; it's totally locked the machine down.
Click to expand...

Ultimate Boot CD is fairly useful. Winternals (ERD Commander) for manually cleaning, but that is tough.
If Windows is still bootable then boot to safe mode with a usb stick already inserted with a copy of ComboFix on it. Rename ComboFix.exe to CF.com before putting it on the infected machine. If you can boot to safe mode with networking you can install the recovery console and CF will be able to clean more.

Good luck!
 
bigdogchris said:
They don't work. Sure they find viruses but can't seem to ever clean them. The best thing to do is pull the drive and scan it on another computer. Those USB hdd docks would be great.
Click to expand...

I second this...I've tried a few over the years, even AntiVirs....they never seem to be a fraction as effective as slaving a drive into another computer.
 
tec805 said:
Ultimate Boot CD is fairly useful. Winternals (ERD Commander) for manually cleaning, but that is tough.
If Windows is still bootable then boot to safe mode with a usb stick already inserted with a copy of ComboFix on it. Rename ComboFix.exe to CF.com before putting it on the infected machine. If you can boot to safe mode with networking you can install the recovery console and CF will be able to clean more.

Good luck!
Click to expand...

Yes, I actually succeeded using combofix and malwarebytes in safe mode and manually searching the filesystem and registry for all of the process files in question, which worked. However, two weeks (uh, now) later it came back with a vengeance, locking down every executable that could interfere, including the above and explorer, task manager, sysinternals process explorer, etc. This time, nothing is working, including renaming executables. They load and are immediately shut down.

Fyi, I believe this came from an infected copy of K-lite codec pack, which I've had good luck with previously.
 
YeOldeStonecat said:
I second this...I've tried a few over the years, even AntiVirs....they never seem to be a fraction as effective as slaving a drive into another computer.
Click to expand...

Yeah, this will be my next step. However, there's still a danger that windows will read something on the drive automatically and get infected through some kind of injection or buffer overrun in the process.. This would be worse with a USB dock and all that autorun/autoscan/autoindex bullshit, although USB is a heck of alot easier to deal with.

Wiping is ultimately the solution, but I'd like to get some stuff off there with it still running (need to export some data and settings from software).
 
Last edited:
Bump.

Anyone have any more advice about this?

I was able to use the boot CDs and the "dirty" hart drive in another computer (2.5" 44-pin adapter), update over the internet but they seemed to be unable to fix 75% of the problems found, be it delete, quarantine OR repair.
 
So, FWIW, this computer is working again.

I used BitDefender to repair the disk on another PC, and whatever it couldn't repair quarantine, and whatever it couldn't quarantine, delete. Then booted the drive back in the laptop in safe mode+networking, and updated+ran MalwareBytes. It took about 3 reboots / rescans to get the threat count down to 0. Rebooted normal as admin- no signs of reinfection.

However, antivirus (avg) is still defeated and won't scan; some registry entry is locked that would allow me to uninstall or reinstall.
 
Surprised no one mentioned this one:

Avira AntiVir Rescue System

The Avira AntiVir Rescue System a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.
Click to expand...

Get it at:

http://www.avira.com/en/support/support_downloads.html

Has proven to be quite a useful tool at times. Only downside is that it's distributed as a Windows-based executable that makes a Linux-based bootable disc. Go figure... ;) There are a bunch of other very useful utilities on that same page so make sure to read over it, you could find something that fits into precisely what you're trying to accomplish.
 
venm11 said:
Good one!

What do you prefer over AVG? It sounds like you don't like it.
Click to expand...

Microsoft Security Essentials.
Kicks the living cr@p out of AVG (but then again, what doesn't)

Last Sunday I just got done with the worst malware infected PC I've come across in my career..started it about 2 in the afternoon...slaved the infected laptops drive to my laptop, started scanning with MSE 'n MalwareBytes, while it was scanning I changed the oil on my Jeep and the wifes 'ute. After dinner put infected drive back in laptop, finished the rest. It was a new variant of Windows Police Pro..did everything and then some to prevent cleaning, have a thread about it over in the networking and security forum. Had it cleaned up by 9pm or so.
 
venm11 said:
Is it knoppix-based, like the others?
Click to expand...
Knoppix has it's own set of "utilities" that are useful, even if your not using a malware scanner on it. Anyways, it's a live CD so being in a true OS environment from that is different than a bootable disc environment. I would say any updated definition malware scanner inside Knoppix would run better than something installed on the box since nothing on the hard drive is actually being used.
 
From the article:
http://www.esecurityplanet.com/feat...-Viruses-Spyware-and-other-Malware-Part-1.htm

"The sophisticated approach makes the malware very hard to detect by any software running within the corrupted copy of Windows."


Note that this article discusses using a bootable cd to recover the system by:
  • Booting the infected computer with the ultimate boot cd
  • Configuring networking on the infected computer running the ultimate boot cd
  • Sharing the C drive of the infected computer via the ultimate boot cd
  • Using a clean windows pc to scan the now shared C drive across the network.
Seems like a novel approach if you have access to a LAN.

If not they have these things for like 30 bucks or less.
 
bigdogchris said:
Knoppix has it's own set of "utilities" that are useful, even if your not using a malware scanner on it. Anyways, it's a live CD so being in a true OS environment from that is different than a bootable disc environment. I would say any updated definition malware scanner inside Knoppix would run better than something installed on the box since nothing on the hard drive is actually being used.
Click to expand...

Yes. I ultimately used bitdefender in exactly this way. I ask about knoppix because I tried several such boot disks and they just don't run on certain computers (see above).
 
You must log in or register to reply here.
Back
Top