[ale] OT: offline malware removal tool for windoze
Robert Reese
ale at sixit.com
Mon Aug 13 16:25:40 EDT 2007
Hi Sid,
*********** REPLY SEPARATOR ***********
On 8/13/2007 at 1:45 PM Sid Lane wrote:
>does anyone know of any malware removal tools I could run from a CD/offline
>(ideally booting from it as well)?
Don't forget Hijack This! http://www.download.com/HijackThis/3000-8022_4-10379544.html and Rootkit Revealer http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx from the company formerly known as Systernals. BartPE is definitely the way to go for a full-scale attack on the problem *if* they don't want to backup the data and wipe and reinstall Windows. Unfortunately, even with BartPE the system remains permanently hosed until it is redone from scratch. Of course, you'll need to ensure there's no rootkit no matter what. If there is, you'll want to put your Linux skills to use to clean out the hidden parts of the harddrive where the rootkit(s) reside before installing Windows.
In other words, think of it as putting a band-aid on the situation. Plus, you'll find that it takes about as long to sanitize an existing Windows installation (and the damage will never be really mitigated) as it does to backup the harddrive so all the data isn't lost and to reinstall Windows and add the necessary patches, and then reinstall the programs. I'd suggest to the teacher that you go this route rather than try and clean it.
Obviously, a lesson in computing safety plus a couple of free Comodo products http://www.comodo.com will help the teacher tremendously. If you do go the route of wiping and reinstalling, help the teacher out by preinstalling Firefox and/or Opera as well as a good alternative to Outlook/Outlook Express (in addition to the free antimalware and firewall Comodo products). I'd also recommend installing OpenOffice.org just in case, as the potential for infection from an MS Office document is significant. Worst case scenario is that you've spend an extra 20 minutes installing software the teacher never uses; best case scenario is that the teacher thwarts 99% of the threats she faces.
I do SMB Windows support, and on my own machine I use a non-html email client, Opera 9.x browser, and OpenOffice.org. I'm always trying out different firewalls and have various anti-spyware and anti-malware programs (all of which are turned OFF) and a Comodo anti-virus that stays OFF. Nonetheless, I don't unintentionally get infected. Ever. :c)
If you need help or get into a tight spot, contact me off-list if you wish.
Cheers,
Robert Reese~
------------------------------------------------------
* Microsoft is NOT a standard. *
------------------------------------------------------
SIXIT Consulting
O: (478) 599-1301
Cell: 678-438-6955 or (478) 599-1301
Fax: 866-355-3720 (Toll-Free)
2907-I Watson Blvd
#308
Warner Robins, GA 31093-8535
United States
More information about the Ale
mailing list