One CD!

Hi Guys,

My community has a 'Mentor' program, where we help the community wit computer problems. I find myself cleaning or trying to cleam more & more infected machines. I would like to have one disc, that would be able to wipe out most malware that:

1. Could be updated
2. Most likely to cure from, one disc.

So far my favorites are "SAS, & Mbam, Avira, & HJT" the installers never are up to date & age rapidly. Next I'm not always able to have an internet connection, while fighting malware on the road.

A big disappointment is/was 'F-Secure' boot, rescue disc.

What would you put on a single CD to fight malware?

Thanks
Rico

 

If I had to pick just one cd to use it'd be UBCD4Win.It's a BartPE disk that not only contains multiple AV/AS scanners such as Avira,A2 and MBAM,it has a whole range of other tools,registry editors,file recovery tools,partition utils,etc,etc.

It has networking support so the scanners can all be updated on the fly and it supports flash/USB thumbdrives.

http://www.ubcd4win.com/

 

Hi Andy,

I've made both & have used them, sometimes when out & about it's difficult to get on line with these. Hmmmm! Can they be updated then taken on the road?

 

One CD to rule them all!

Sorry, I couldn't resist You might look at CureIt. I haven't tried to put it on a CD (USB works) but it may not work for your purposes because it will use the internet for updates.

SourMilk out

 

I have the same problem i have to redownload the tools or at least their updates before i visit a client.
drweb's rescue cd is good, its a live live cd and has a bultin updater

 

Personally I create an updated DVDRW weekly,with all the latest definitions/software versions and also I have a copy that runs from a USB drive if I need an update inbetween the builds.The current version 3.5 has extensive support for numerous network adapters so not being able to get online to update on-the-fly hasn't really been an issue of late.

Apart from the standard stuff I've added a lot of additional plugins such as Macrium,Dr Web Cureit and some additional multiboot items like VistaRD and Spinrite,I couldn't imagine going out to fix systems without this disk now TBH.Nothing else comes close to it's overall functionality IMO,the problem with these standard AV boot disks is that no individual product will detect everything.

 

So, you leave today to fix a computer at cousin Hermin's house. Hermin has 'another' virus and has called you 'again'. You pack up your uber cd, with all it's bag-O-tricks ready to go. The only problem is, you burned it about 2 months ago. Ok, no problemo, you download a fusebundle or whatever AV you will use. The manual updates. Takes a couple minutes, you save it to USB stick, and you leave.

You get to Hermin's house, find his computer full of yucky byte-code, and proceed to clean house. Here at Hermin's house you find you cannot access the internet, so it is a good thing you brought your USB stick with manual updates. But, the AV scan finds nothing.

Oh well, maybe next week the AV files will be updated to include whatever Hermin has contracted. In the mean-time, Hermin can fire up is sluggish computer, send some emails to his pals (your OTHER cousins) and spread it around. At some point, those virus defs will catch up to the yucky stuff. Right?

Good thing they make AV programs to handle those viruses. I sleep better at night knowing Hermin is using Norton, wouldn't you?

lol, I know AV's can be helpful, but is there really only updated definition type applications that can clean a drive out? Assuming you are booting in PE, and you wish to have a program that scans a harddrive for possible yuckies. It would seem we are forever dependent on 'definitions'...

Sul.

 

Yes SourMilk, yes Sully, you are right: only updated definition type software applications.
Like HijackThis, ESET SysInspector, GMER, kX-Ray, RootRepeal, Process Hacker, SREng, SecCheckUI, CCleaner, PureRa, JavaRa.
And MBAM, Avira AntiVir - updated on 3 seconds.

Yours PROROOTECT

 

There's much more to UBCD4Win than simple signature scanners,the runscanner plugin allows the use of registry editing tools and A2 hijackfree,etc.The OP asked which one cd would best serve his purpose and while there is no panacea,this utility offers the maximum functionality on that single disk.

 

Hi Guys,

Nice post, Sul enjoyed your wit!

When did computers start, (BIOS) start allowing, boot from memory USB stick?

Tis a great idea instead of CD keep the tools on mem stick for updating. It's Hermin's lucky day

Thanks
Rico

 

Booting from USB on most motherboards I would say started around 2000 with regularity. My original athlon board did not have it, the very first nvidia motherboard that came out, did not have it. But by the athlon xp era, it was seen on many motherboards. I believe that was right around 2000/2001.

You can put bartPE on USB stick for fast boots. CD-rom is probably the best as most every computer has that. You might check into using Bashrat's driver packs with a PE disk, if you have not already. There are lots of options for PE, and maybe you want to use other options. Maybe you can boot into dos and openGem if you have fat32

Glad you caught the humor

@andyman
I know, I am just poking fun at the whole idea of a security tool based on signatures that will always be behind current threats. While it works pretty well for older threats, which still abound, the idea of catching up to current threats is actually pretty funny. I mean, people pay money to buy a program that has to wait until a threat becomes a threat to find a way to stop the threat. If you get exposed to the threat, before your paid for protection can get you a cure for the threat, what good was your money and your product? Seems like a broken model. At least for new threats. For old stuff still floating around, it does a wonderful job.

Sul.

 

I seem to remember boot from usb being available around 2000 as well,at least on higher end mobos anyway.

@Sul I agree that single vendor AV disks are always going to be of limited use but even taking aside the AM tools the UBCD4Win has a myriad of uses.As to your point about the 'broken model' you may well have a valid point but while the AV companies are making a lot of profit from yearly subscriptions it's a case of "if it is broke don't fix it"

 

lol, that is very true. It is the case of providing a solution to a problem, but only a temporary solution. It really is a great business to be in I would imagine if your product is good. I wonder if they have much disdain for HIPS and other such tools that can stop potential problems even without signatures or definitions.

Sul.

 

Ol' Cousin Herman isn't such a problem from a BartPE CD if you have the right 'search' tools for malicious files and you know exactly what you are looking for ahead of time. Anti-Virus products can always be run later from Windows.

Just make sure after the cleaning you explain to Herman the power of 'defensive web surfing' along with a LUA + SRP.

 

Oh, you know cousin Hermin. You tell him to use this, it is easy enough. He does use it, but soon there is some kind of prompt asking what to do. Cousin Hermin, well he gets a little confused and at first blocks what he was wanting to do. Then he gets a bit upset and disables the protection. After all, cousin Hermin IS saavy enough to know what a tray icon is and how to disable. Oh well, at least he can do what it was he wanted to do. I think cousin Hermin should have ample supply of cold beer for me the next time I head over to his house

Sul.

 

All cousins Herman stopped asking me

Most cousins Herman are married, just make the connection of malware = scam sites = porn sites.

So while the PC crawls through it cycles, I copy some known scam website to the clipboard, then I go to youporn.

Ask cousine Herman what his favourite category is, when he fails to answer, just go for straight, play a few movies, while cousine Henriette starts throwing eyebals at cousing Herman. Next say, well lets see and go the a website rating service, clip the scam site and press.

Let them buy a AV software (I usallly choose A2 because of its IDS and Dutch language support) clean up the garbage

You know two things for sure
1. Cousin Herman will inform all other cousin that never never ask Kees to help you
2. Cousine Henriette will associate a virus intrusion with Hermans porn vieuwing, so Herman will go for better security (he does not want the hassle with Henriette).
3. Cousing Herman will inform other cousins that A2 did save his ass a few times, so indirectly he will influence their behavior also.
4. Cousing Henriette will ask other cousins on social events whether their guys PCs do crash a lot (they call themselves PC-widows) and possibly informs them on their husbies behavior


Off course I check some things before accusing cousins wrongly

 

You know, Cousin Herman reminds me of a few users I have to deal with on a daily basis working in an IT Department.

 

Oh, cousin Hermin, there is hope for you lol. Maybe a gift subscription to Wilders would be a good start for Henriette eh?

Sul.

 

Incorrect, Sul there's no hope for Hermin. Tomorrow I'm off to Hermin's house to remove yet another virus. I will update SAS, Mbam & AVira rescue boot, just before deparding to uncles house. Hopefully F8 will allow, the two attack dogs (SAS & Mbam) to install.

Take Care
Rico

 

Just remember Rico that the CD's greatest power is to be able to search for files, folders and registry entries and delete them manually.

 

Uncle Hermin is again malware free. The reason he's still virus free, is most likely due to him being out of town, therefore I can rest until he returns.

Hermin had the rogue AS 'Windows Anti Virus Pro' normally I've had good luck entering 'safe mode' installing SAS & M-bam, to gain control, this time trying to enter safe mode resulted in a 'STOP' error. Avira Rescue, kicked butt. Hermin & I got to catch up on old times, while the lengthy scans took place.

Take Care
Rico

 

If anyone requests, I'll list my latest computer repair toolkit here in a future post. See https://www.wilderssecurity.com/showthread.php?t=225107 for my past computer repair toolkit and also suggestions from others.

You might be interested in Ketarin.