Bootable Scanners

[MajorHertz]

I can do a google search for this but it won't reveal people's opinions/stories on the software so I'll post here.

Does anyone know of a (preferably free) bootable CD (linux distro, DOS, etc) that is a virus scanner, spyware scanner, rootkit scanner, and any other scanner that detects bad stuff? I need one that will scan from outside of windows that will scan for both viruses and spyware because neither Norton and AVG in conjunction with spybot and Ad-aware will find this thing.

 

[Osiris]

I can find it. How do you know you have something? Nothing is the hidden

 

[MajorHertz]

I'm fixing a friend's machine which I'm not getting any restitution (I'm just a nice guy) so I just don't feel like doing all the SARC research I would do normally. I know this thing was really really infected as I've removed 8-12 viruses she could not find, in addition to 12 she did originally find with Norton (her Norton subscription ran out last week... funny how things work out). Also 40+ spyware/malware was removed.

There is something still hijacking her IE homepage that I can't find. Its forwarding to a local html document (c:/seure32.htm) and when I delete it, it is instantly put back. I can't see this thing in the running processes.

I know there is still other stuff on this system that AVG, Norton, Spybot, Ad-aware, and I have not found which is why I'm looking for this bootable solution. Plus if its linux, I know linux better than I remember DOS and this solution, independent of XP, may identify things faster and easier and remove them without worrying about security policies.

 

[Osiris]

No problem

Run Adaware SE 1.6 make sure to update spyware definitions
Spybot 1.4 make sure to update spyware definitions
Microsoft Antispy Beta make sure to update spyware definitions
All Free from www.majorgeeks.com

Remove everything they find
Delete the prefetch folder C:\WINDOWS\Prefetch, this folder will come back on next reboot
Delete all cookies and TIF's
Go to Start, run, type msconfig, go to startup, disable everything except your antivirus, apply, dont reboot yet.

Now go to control panel, display, desktop, customize desktop, web, click on security and then click delete, if you dont see security, thats good, dont worry about this step then

Go into safemode
Run your spyware programs again and remove anything they find. Reboot and run the programs once more in normal mode and remove everthing they find.


Scan with Hijackthis! 1.99 and post your log here

 

[MajorHertz]

I've done all that minus Microsoft's solution and the prefetch and ran two different virus scan programs (AVG up-to-date, Norton one week old) and still have this issue. Unfortunately, the machine is not in front of me so I can't show you the hijack this log.

Regardless, I still want this bootable solution to add to my tools collection for use in a later situation, should it arise.

 

[Osiris]

Well you need to do Microsoft also and I need to see your log. I can tell you what you have so post it here, not as an attachment, and we will get it fixed for ya

 

[MajorHertz]

Incase anyone out there reading this wants the same soltion as I do, I came accross this shell script which you can run from Knoppix bootable linux distro that will install f-prot into memory and then can scan an NTFS disk and scan and disinfect FAT disks.

#
# Install f-prot - useful in combination with persistant home
#
# GPL
#
# Author: Fabian Franz <knx-f-prot@fabian-franz.de>;
#

mkdir -p $HOME/software/
cd $HOME/software/
wget [url]ftp://ftp.f-prot.com/pub/linux/fp-linux-sb.tar.gz[/url]
tar xzf fp-linux-sb.tar.gz

mkdir -p $HOME/man/man8
mkdir -p $HOME/bin

ln -fs $(pwd)/f-prot/f-prot.sh $HOME/bin/f-prot
ln -fs $(pwd)/f-prot/check-updates.sh $HOME/bin/check-updates.sh
ln -fs $(pwd)/f-prot/man8/f-prot.8 $HOME/man/man8/
ln -fs $(pwd)/f-prot/man8/check-updates.sh.8 $HOME/man/man8/

# Setting up Manpath & PATH for f-prot

cp $HOME/.bashrc $HOME/.bashrc.templ
cat $HOME/.bashrc.templ | grep -v "export MANPATH=\$HOME/man" 
| grep -v "export PATH=\$HOME/bin/"> $HOME/.bashrc
echo "export MANPATH=\$HOME/man/:\$MANPATH" >> $HOME/.bashrc
echo "export PATH=\$HOME/bin/:\$PATH" >> $HOME/.bashrc
rm -f $HOME/.bashrc.templ

# Fix pathes

cp f-prot/f-prot.sh /tmp/f-prot.$$
sed 's%/usr/local/f-prot/%'$(pwd)'/f-prot/%g' /tmp/f-prot.$$ > f-prot/f-prot.sh

cp f-prot/check-updates.sh /tmp/f-prot.$$
sed 's%/usr/local/f-prot/%'$(pwd)'/f-prot/%g' /tmp/f-prot.$$ > f-prot/check-updates.sh
rm -f /tmp/f-prot.$$

# cleanup

rm -f fp-linux-sb.tar.gz

I guess this will suffice.

 

[Osiris]

your not going to try my suggestion?

 

[MajorHertz]

Sure I will try the suggestion but, as mentioned, I do not have the machine here with me. As a result, when I try to fix it again, I would like to have my option ready incase not all of the stuff can be removed through your suggestions.

Also, as I said, I still wanted a bootable solution to add to my tools collection for use in a later situation, should it arise.

Now I have two seperate options using two seperate techniques. One or a combination of both should resolve the issue.

Regardless. I will post the output log of hijack this when I get back to the machine.

 

[Osiris]

You need to look into ERD Commander and the Techi Tools is good that I have, it has many bootable scanners but I cant see to copy all the programs, do a search for Techi Tool Kit and download them and see if you can use it