manumit

Malwarebytes boot cd...

15 posts in this topic

Any plan for having a cd or drive iso to boot from to do the full scan pre-windows? I noticed you are working on after reboot removals, but sometimes windows won't even boot into safemode :-)

Share this post


Link to post
Share on other sites

No reply to this yet. Anyone have any Spyware removal apps that can be burned to boot and run from a cd before windows starts. This would be good for when you aren't able to get into safemode.

Share this post


Link to post
Share on other sites
No reply to this yet. Anyone have any Spyware removal apps that can be burned to boot and run from a cd before windows starts. This would be good for when you aren't able to get into safemode.

Try F-Secure Rescue CD 3.00

Rescue CD will by default scan:

-all hard drives in the computer

-all USB drives attached to the computer

-Windows FAT and NTFS drives

-Virus definition databases are updated automatically if the computer has an internet connection

-Virus definition databases can be updated manually by using a USB drive

-The Rescue CD Guide (pdf) has step by step instructions how to use the CD

I did test it on my machine and it did a good job.

http://www.f-secure.com/linux-weblog/2008/06/

Share this post


Link to post
Share on other sites

Avira makes an iso you can use offline http://dl.antivir.de/down/vdf/rescuecd/rescuecd.iso Safer networking (the guys behind spybot search&destroy) have also made one, but it's more of a beta and difficult to update as it uses the ms wim image format. UBCD is an excellent option (uses bart's pe) and allows you to run spybot, asquared, ad-aware and countless others from the disk. MS D.A.R.T 6.0 (new version of ERD commander) also has a full offline scanner, but it's a bit harder to get your hands on (requires volume licensing membership).

Share this post


Link to post
Share on other sites

I've been using UBCD4WIN for a couple of years now and have customized so my network engineers can use it in the field. There are many good Anti-spyware utilities out there, but as anyone knows, there is not one that gets them all. It's usually a combination (i.e. Malwarebytes, Combofix, S&D, etc.) My whole premise for using UBCD4WIN is to have the ability to run all these from one bootable CD. I have searched high and low for a plugin for Malwarebytes for BartPE or UBCD4WIN but to no avail. I know there have been other posts regarding no support for visual basic under BartPE. Isn't S&D compiled under VB? That seems to run just fine under BartPE or UBCD4WIN?

Share this post


Link to post
Share on other sites
I've been using UBCD4WIN for a couple of years now and have customized so my network engineers can use it in the field. There are many good Anti-spyware utilities out there, but as anyone knows, there is not one that gets them all. It's usually a combination (i.e. Malwarebytes, Combofix, S&D, etc.) My whole premise for using UBCD4WIN is to have the ability to run all these from one bootable CD. I have searched high and low for a plugin for Malwarebytes for BartPE or UBCD4WIN but to no avail. I know there have been other posts regarding no support for visual basic under BartPE. Isn't S&D compiled under VB? That seems to run just fine under BartPE or UBCD4WIN?

I got further in making my BartPE install but it still failed. Anyway, I did search and found the "VBrun" plugin that installs the VB runtime files for BartPE...

Share this post


Link to post
Share on other sites

You'll still want to run Malwarebytes' on the system live once you can get it to boot because it won't detect many/most of the threats in it's database from a boot disc.

Share this post


Link to post
Share on other sites

UBCD4WIN is an excellent choice even without MBAM support. Once the system is back up and running THEN scan it again with MBAM for added safety precautions.

Share this post


Link to post
Share on other sites

Yes, there is no point in running MBAM from a PE disk because of the way our heuristics work. A live install isn't just the best way, it's the only way. But rest assured that our software will, when installed properly and run properly, eradicate malware better than anything else.

Share this post


Link to post
Share on other sites
Yes, there is no point in running MBAM from a PE disk because of the way our heuristics work. A live install isn't just the best way, it's the only way. But rest assured that our software will, when installed properly and run properly, eradicate malware better than anything else.

Thanks for the insight, but I would like to point out something to the contrary. I work as a PC tech and malware cleanup is one of the primary services we offer. I regularly use MBAM for cleanup, since it currently is the easiest and most reliable utility available. I agree that running live is the ideal solution, however, there are times where that is not doable, do to either an infection that stops MBAM from installing, or the system isn't bootable. In these situations, we have resorted to pulling the drive and scanning with MBAM and sometimes other utilities as well. This has usually gotten it to the point that we can install MBAM and run in live.

So, being able to MBAM in a PE environment would be EXTREMELY useful. I'm currently trying to get it to work, but have run into some snags. One of these days....

Share this post


Link to post
Share on other sites
So, being able to MBAM in a PE environment would be EXTREMELY useful. I'm currently trying to get it to work, but have run into some snags. One of these days....

If you have to resort to such measures, then use something like RunAlyzer to try to disable the trojan from a BartPE disk, and then do the cleanup while booted normally. It's often only one or two trojans causing the serious problems, and these issues can often be killed simply by disabling the startup entry or service that is the issue.

Share this post


Link to post
Share on other sites
Thanks for the insight, but I would like to point out something to the contrary. I work as a PC tech and malware cleanup is one of the primary services we offer. I regularly use MBAM for cleanup, since it currently is the easiest and most reliable utility available. I agree that running live is the ideal solution, however, there are times where that is not doable, do to either an infection that stops MBAM from installing, or the system isn't bootable. In these situations, we have resorted to pulling the drive and scanning with MBAM and sometimes other utilities as well. This has usually gotten it to the point that we can install MBAM and run in live.

So, being able to MBAM in a PE environment would be EXTREMELY useful. I'm currently trying to get it to work, but have run into some snags. One of these days....

100% correct my friend! Other AV progs have done this with great results. Sometimes because of the nature of certain "rogue" AV software, it is damn-near impossible to access Malwarebytes or any other AV software. Ya need to be able to clean the offending program *BEFORE* "Safe Mode"! This is a no-brainer.

As a long-time programmer, and all-around PC tech, I simply do not understand the "heuristics" cop-out the good folks that the good folks at Malwarebytes are using to justify their reasoning about this issue.

Message to Malwarebytes programmers: In this day and age, do not let lesser companies steal your thunder. If you drop the ball on this, you're gonna have big problems down the road my friends!

Share this post


Link to post
Share on other sites
As a long-time programmer, and all-around PC tech, I simply do not understand the "heuristics" cop-out the good folks that the good folks at Malwarebytes are using to justify their reasoning about this issue.

Since our white list and System File Protection is useless from a bootable disk, this would mean that heavily infected computers would wind up with missing System Files and broken configurations. This is a very bad idea.

Message to Malwarebytes programmers: In this day and age, do not let lesser companies steal your thunder. If you drop the ball on this, you're gonna have big problems down the road my friends!

We already remove things with Windows running normally that other vendors (especially anti-virus) cannot touch without boot disks and Safe Mode tricks. That is where our focus is. Boot disks rarely help the average home user. They are geared towards techs, or at least computer savvy people who know how to burn CD's and change their boot order.

Share this post


Link to post
Share on other sites
Since our white list and System File Protection is useless from a bootable disk, this would mean that heavily infected computers would wind up with missing System Files and broken configurations. This is a very bad idea.

While I agree that bootable disks are for the technically savvy, the white list and System File Protection information is referenced data from one or more OS installations on the disk but could be added to a bootable CD/DVD/Flash build. A bootable disk could (and IMHO, should) be part of responsible tech's toolkit. After all, a heavily infected machine can do more damage during the de-infection/repair process risking customer data loss or corruption if forced to boot first from the HD before troubleshooting. My 2 cents anyway.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.