Boot-up AV Scanner

Discussion in 'other anti-virus software' started by Reggie B., Aug 3, 2005.

Thread Status:
Not open for further replies.
  1. Reggie B.

    Reggie B. Guest

    I'm looking for a really good 'boot-up' AV scanner that can detect and clean an infected boot sector (MBR).

    From what I've read around here, McAfee's Avert Stinger and Dr. Web's Cureit 'fill the bill' (and are free)... Do I understand that correctly?

    Also, it seems as if Stinger is only updated every few months (that doesn't seem to bode well for it)! Is that also true of Cureit? Are there any others I should consider?

    Thanks in advance!
     
  2. smf

    smf Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    31
    If you have a FAT based filesystem, there are several dos based antivirus that you can run from bootable media. F-Prot is a good antivirus for this approach.

    If you want a bootable antivirus solution that can scan and disinfect a Windows based system with an NTFS filesystem, Avast's BARTCD is one of the best solutions available. Several other antivirus vendors offer linux bootable diskette or CDs that will allow you to scan and infected system, but the ones I've tested aren't as elegant as the BARTCD.

    Basically the BARTCD installs a program that will download the latest definitions from AVAST and dynamically create a new ISO image for you to create a bootable CD. Because this product is WinPE based, it is cable or reading AND writing to the NTFS filesystem. Many other bootable solutions will only scan/read NTFS but not write. (No disinfection or deletion possible)

    There are several people that have built their own bootcd's using Bart's PE Builder which will give you equivalent capabilities, but requires some effort on your part. You can also look at the Ultimate Boot CD.
     
  3. smf

    smf Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    31
    If all you are interested in scanning is the MBR, you just need a scanner that can read the MBR on write-protected bootable media. I think Stinger only runs under windows, so you will have to use PEBuilder. It would be easier to create something for DOS like F-Prot.
     
  4. AndreyKa

    AndreyKa Registered Member

    Joined:
    Feb 25, 2005
    Posts:
    93
    Location:
    Russia
    McAfee's Avert Stinger is widespread worms and Trojans remover.
    Dr. Web's CureIt is restricted antivirus (no real time monitor and archive scan).
    CureIt updates daily.
     
  5. Reggie B.

    Reggie B. Guest

    Thanks to all who replied. Btw, this is for a Win XP NTFS system.

    smf, where can I get Avast's BARTCD?

    AndreyKa, I'm not sure I understand what you are telling me about Cureit's capabilities. Can you please elaborate on this?
     
  6. Ned Slider

    Ned Slider Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    169
    You don't need an AV package to fix your MBR - just use your OS boot disk. If you're running a DOS-based OS (Win9x), use your (clean) dos boot floppy and do:

    Code:
    sys A: C:
    or if you're using WinXP, boot from the CD and from the recovery console, use /fixmbr.

    If you're not sure how to use the recovery console, I suggest you read up here:

    http://www.microsoft.com/resources/...windows/xp/all/reskit/en-us/prmb_tol_kfma.asp

    Either of these two methods will rewrite your MBR removing any virus you may or may not have in the process.

    To be honest, I thought boot sector viruses were extinct - I haven't seen one in the wild for many years.

    Ned
     
  7. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,400
    Location:
    California - USA
    Reggie, exactly what are the symptoms?
     
  8. Reggie B.

    Reggie B. Guest

    This is my friend's system (a Dell with P4 2.8GHz HT, 1GB DC-RAM, WinXP). It boots up ok (albeit slowly) but then it runs like its only got 128MB RAM! The first thing I did was to check-out the RAM (2 x512MB sticks) using Memtest86 and it tested just fine.

    I next did a file and registry cleanup, but that didn't solve the problem so then I scanned the system for infections. The AV installed on that system is Trend Micro's PC-cillin and a full system scan didn't show any problems. Ewido, found and cleaned a few spyware/trojan problems but none of them accounted for the sluggishness. Frankly, I'm stumped.
     
  9. 235423435

    235423435 Guest

    Is there a bootable scanner that can detect spywares as well?

    I used BitDefenders product called LinuxDefender, ic can read/write NTFS but does not detect spywares which are 90% probilem on Windows machines...

    Nice product but missing some capabilities.

    BARTCD Avast is very expensive!

    ================================
     
  10. Ned Slider

    Ned Slider Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    169
    You can make your own BartPE CD using your own WinXP licence/CD:

    http://www.nu2.nu/pebuilder/

    There are plugins available for McAfee AV, Ad-Aware and Spybot. I've also successfully added ewido too (just copy the folder from c:\program files once you've installed it).

    You should be able to add any programs that will run directly from CD (ie don't need installing or the installation dir can be copied and run from another location) such as stinger, MWAV eScan, CWShredder, Trend Micro Sysclean etc.

    Ned
     
  11. AndreyKa

    AndreyKa Registered Member

    Joined:
    Feb 25, 2005
    Posts:
    93
    Location:
    Russia
    Dr. Web's Cureit = Dr. Web's Scaner (GUI) without archives scanning capability.
     
Loading...
Thread Status:
Not open for further replies.