bootable virus scanner?

April 12, 2009

Since virus nowadays have anti-anti-virus ability, booting up a suspect

computer to scan for virus is unreliable, even in safe mode.

Where can I buy/download/make a bootable CD with virus scanner? I'd like the

virus scanner to be up-to-date, so either this CD image is downloadble and

is constantly refreshed, or the virus scanner that comes with it can update

itself via internet, which would require the bootable CD to boot with

internet support.

A slow way is to remove the hard drive from the suspect computer and add it

to a good computer as a D: drive. Then I can boot up the good computer and

scan D: drive. However, I'd like to have a solution that doesn't require

removing the drive -- it takes a lot of time.

April 12, 2009

james wrote:

>

> Since virus nowadays have anti-anti-virus ability, booting up a suspect

> computer to scan for virus is unreliable, even in safe mode.

>

> Where can I buy/download/make a bootable CD with virus scanner? I'd like

> the virus scanner to be up-to-date, so either this CD image is

> downloadble and is constantly refreshed, or the virus scanner that comes

> with it can update itself via internet, which would require the bootable

> CD to boot with internet support.

>

> A slow way is to remove the hard drive from the suspect computer and add

> it to a good computer as a D: drive. Then I can boot up the good

> computer and scan D: drive. However, I'd like to have a solution that

> doesn't require removing the drive -- it takes a lot of time.

>

Have a look at:

http://www.techmixer.com/free-bootable-ant...-download-list/

I'd be a little wary of Kaspersky - it used to leave "undeletable" files

behind though I don't know if that's still the case.

--

HTH

Dick K

April 12, 2009

From: "james" <nospam@nospam.com>

| Since virus nowadays have anti-anti-virus ability, booting up a suspect

| computer to scan for virus is unreliable, even in safe mode.

| Where can I buy/download/make a bootable CD with virus scanner? I'd like the

| virus scanner to be up-to-date, so either this CD image is downloadble and

| is constantly refreshed, or the virus scanner that comes with it can update

| itself via internet, which would require the bootable CD to boot with

| internet support.

| A slow way is to remove the hard drive from the suspect computer and add it

| to a good computer as a D: drive. Then I can boot up the good computer and

| scan D: drive. However, I'd like to have a solution that doesn't require

| removing the drive -- it takes a lot of time.

Avira AntiVir Rescue CD

http://dl.antivir.de/down/vdf/rescuecd/rescuecd.exe

http://www.raymond.cc/blog/archives/2008/0...emovable-virus/

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

April 12, 2009

If you have a 32 bit O/S installed Avast AntiVirus (FREE or Professional)

supplies a boot time scan option.

--

Richard Urban

Microsoft MVP

Windows Desktop Experience

"james" <nospam@nospam.com> wrote in message

news:#iOJf32uJHA.1916@TK2MSFTNGP02.phx.gbl...

>

> Since virus nowadays have anti-anti-virus ability, booting up a suspect

> computer to scan for virus is unreliable, even in safe mode.

>

> Where can I buy/download/make a bootable CD with virus scanner? I'd like

> the virus scanner to be up-to-date, so either this CD image is downloadble

> and is constantly refreshed, or the virus scanner that comes with it can

> update itself via internet, which would require the bootable CD to boot

> with internet support.

>

> A slow way is to remove the hard drive from the suspect computer and add

> it to a good computer as a D: drive. Then I can boot up the good computer

> and scan D: drive. However, I'd like to have a solution that doesn't

> require removing the drive -- it takes a lot of time.

>

April 12, 2009

"Dick K" <not@this.com> wrote in message

news:Oh0s%23m3uJHA.1240@TK2MSFTNGP02.phx.gbl...

> james wrote:

>>

>> Since virus nowadays have anti-anti-virus ability, booting up a

>> suspect computer to scan for virus is unreliable, even in safe mode.

>>

>> Where can I buy/download/make a bootable CD with virus scanner? I'd

>> like the virus scanner to be up-to-date, so either this CD image is

>> downloadble and is constantly refreshed, or the virus scanner that

>> comes with it can update itself via internet, which would require the

>> bootable CD to boot with internet support.

>>

>> A slow way is to remove the hard drive from the suspect computer and

>> add it to a good computer as a D: drive. Then I can boot up the good

>> computer and scan D: drive. However, I'd like to have a solution that

>> doesn't require removing the drive -- it takes a lot of time.

>>

>

> Have a look at:

>

> http://www.techmixer.com/free-bootable-ant...-download-list/

>

> I'd be a little wary of Kaspersky - it used to leave "undeletable"

> files

> behind though I don't know if that's still the case.

Kaspersky is really good AV software. I'm wondering about that comment -

the only 'undeletable files' I've ever heard of weren't really files at

all.

April 12, 2009

FromTheRafters wrote:

> "Dick K" <not@this.com> wrote in message

> news:Oh0s%23m3uJHA.1240@TK2MSFTNGP02.phx.gbl...

>> james wrote:

>>> Since virus nowadays have anti-anti-virus ability, booting up a

>>> suspect computer to scan for virus is unreliable, even in safe mode.

>>>

>>> Where can I buy/download/make a bootable CD with virus scanner? I'd

>>> like the virus scanner to be up-to-date, so either this CD image is

>>> downloadble and is constantly refreshed, or the virus scanner that

>>> comes with it can update itself via internet, which would require the

>>> bootable CD to boot with internet support.

>>>

>>> A slow way is to remove the hard drive from the suspect computer and

>>> add it to a good computer as a D: drive. Then I can boot up the good

>>> computer and scan D: drive. However, I'd like to have a solution that

>>> doesn't require removing the drive -- it takes a lot of time.

>>>

>> Have a look at:

>>

>> http://www.techmixer.com/free-bootable-ant...-download-list/

>>

>> I'd be a little wary of Kaspersky - it used to leave "undeletable"

>> files

>> behind though I don't know if that's still the case.

>

> Kaspersky is really good AV software. I'm wondering about that comment -

> the only 'undeletable files' I've ever heard of weren't really files at

> all.

>

>

Kaspersky's AV software does indeed have a good reputation,

which I wouldn't question. However I did experience a problem

with their rescue disk, which is the only software of theirs

that I've used. The problem, and my efforts to solve it, are

described in boring detail at:

http://www.pcreview.co.uk/forums/thread-3662422.php

Windows Disk Defragmenter reported a file size of 45MB in 59

fragments so the file seemed real enough. I still have a

similar file on my desktop PC, so if you've any new ideas

about how to get rid of it I'd be grateful. The one thing

I haven't tried is booting a Linux distro from CD, mounting

the C: drive and attempting a deletion.

--

Dick K

April 12, 2009

James

As was posted to your other posts (multipost )

http://www.free-av.com/en/tools/12/avira_a...cue_system.html

--

Peter

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

"james" <nospam@nospam.com> wrote in message

news:%23iOJf32uJHA.1916@TK2MSFTNGP02.phx.gbl...

>

> Since virus nowadays have anti-anti-virus ability, booting up a suspect computer

> to scan for virus is unreliable, even in safe mode.

>

> Where can I buy/download/make a bootable CD with virus scanner? I'd like the virus

> scanner to be up-to-date, so either this CD image is downloadble and is constantly

> refreshed, or the virus scanner that comes with it can update itself via internet,

> which would require the bootable CD to boot with internet support.

>

> A slow way is to remove the hard drive from the suspect computer and add it to a

> good computer as a D: drive. Then I can boot up the good computer and scan D:

> drive. However, I'd like to have a solution that doesn't require removing the

> drive -- it takes a lot of time.

>

April 12, 2009

"Dick K" <not@this.com> wrote in message

news:u3%23Cbm6uJHA.1164@TK2MSFTNGP03.phx.gbl...

> FromTheRafters wrote:

>> "Dick K" <not@this.com> wrote in message

>> news:Oh0s%23m3uJHA.1240@TK2MSFTNGP02.phx.gbl...

>>> james wrote:

>>>> Since virus nowadays have anti-anti-virus ability, booting up a

>>>> suspect computer to scan for virus is unreliable, even in safe

>>>> mode.

>>>>

>>>> Where can I buy/download/make a bootable CD with virus scanner? I'd

>>>> like the virus scanner to be up-to-date, so either this CD image is

>>>> downloadble and is constantly refreshed, or the virus scanner that

>>>> comes with it can update itself via internet, which would require

>>>> the bootable CD to boot with internet support.

>>>>

>>>> A slow way is to remove the hard drive from the suspect computer

>>>> and add it to a good computer as a D: drive. Then I can boot up the

>>>> good computer and scan D: drive. However, I'd like to have a

>>>> solution that doesn't require removing the drive -- it takes a lot

>>>> of time.

>>>>

>>> Have a look at:

>>>

>>> http://www.techmixer.com/free-bootable-ant...-download-list/

>>>

>>> I'd be a little wary of Kaspersky - it used to leave "undeletable"

>>> files

>>> behind though I don't know if that's still the case.

>>

>> Kaspersky is really good AV software. I'm wondering about that

>> comment - the only 'undeletable files' I've ever heard of weren't

>> really files at all.

>

> Kaspersky's AV software does indeed have a good reputation,

> which I wouldn't question. However I did experience a problem

> with their rescue disk, which is the only software of theirs

> that I've used. The problem, and my efforts to solve it, are

> described in boring detail at:

>

> http://www.pcreview.co.uk/forums/thread-3662422.php

>

> Windows Disk Defragmenter reported a file size of 45MB in 59

> fragments so the file seemed real enough. I still have a

> similar file on my desktop PC, so if you've any new ideas

> about how to get rid of it I'd be grateful. The one thing

> I haven't tried is booting a Linux distro from CD, mounting

> the C: drive and attempting a deletion.

Try deleting the file by using the pathname up to but not including the

colon character. This should delete the host file of the Alternate Data

Stream denoted by the colon character. ADSs cannot be deleted by

themselves - but their host file (or directory) can be.

April 12, 2009

From: "Dick K" <not@this.com>

| Kaspersky's AV software does indeed have a good reputation,

| which I wouldn't question. However I did experience a problem

| with their rescue disk, which is the only software of theirs

| that I've used. The problem, and my efforts to solve it, are

| described in boring detail at:

| http://www.pcreview.co.uk/forums/thread-3662422.php

| Windows Disk Defragmenter reported a file size of 45MB in 59

| fragments so the file seemed real enough. I still have a

| similar file on my desktop PC, so if you've any new ideas

| about how to get rid of it I'd be grateful. The one thing

| I haven't tried is booting a Linux distro from CD, mounting

| the C: drive and attempting a deletion.

| --

| Dick K

Oh so this is related to a malware ADS file.

Gmer is perfect for that. Note ADS scan is enabled by default.

http://www.gmer.net/files.php

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

April 13, 2009

> As was posted to your other posts (multipost )

> http://www.free-av.com/en/tools/12/avira_a...cue_system.html

I see a few rescue cd that boots up linux and then can scan for virus.

I'm confused; do they scan for linux virus or windows virus?

April 13, 2009

From: "james" <nospam@nospam.com>

>> As was posted to your other posts (multipost )

>> http://www.free-av.com/en/tools/12/avira_a...cue_system.html

| I see a few rescue cd that boots up linux and then can scan for virus.

| I'm confused; do they scan for linux virus or windows virus?

Signatures are OS independent.

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

April 13, 2009

On Sun, 12 Apr 2009 05:54:47 -0700, "james" <nospam@nospam.com> wrote:

>

>Since virus nowadays have anti-anti-virus ability, booting up a suspect

>computer to scan for virus is unreliable, even in safe mode.

>

>Where can I buy/download/make a bootable CD with virus scanner? I'd like the

>virus scanner to be up-to-date, so either this CD image is downloadble and

>is constantly refreshed, or the virus scanner that comes with it can update

>itself via internet, which would require the bootable CD to boot with

>internet support.

>

>A slow way is to remove the hard drive from the suspect computer and add it

>to a good computer as a D: drive. Then I can boot up the good computer and

>scan D: drive. However, I'd like to have a solution that doesn't require

>removing the drive -- it takes a lot of time.

In addition to what others have pointed out:

VIPRE Rescue Program

http://live.sunbeltsoftware.com/

--

Best Wishes,

Steve Winograd, MS-MVP (Windows Desktop Experience)

Please post any reply as a follow-up message in the news group

for everyone to see. I'm sorry, but I don't answer questions

addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program

http://mvp.support.microsoft.com

April 13, 2009

David H. Lipman wrote:

> From: "Dick K" <not@this.com>

>

> | Kaspersky's AV software does indeed have a good reputation,

> | which I wouldn't question. However I did experience a problem

> | with their rescue disk, which is the only software of theirs

> | that I've used. The problem, and my efforts to solve it, are

> | described in boring detail at:

>

> | http://www.pcreview.co.uk/forums/thread-3662422.php

>

> | Windows Disk Defragmenter reported a file size of 45MB in 59

> | fragments so the file seemed real enough. I still have a

> | similar file on my desktop PC, so if you've any new ideas

> | about how to get rid of it I'd be grateful. The one thing

> | I haven't tried is booting a Linux distro from CD, mounting

> | the C: drive and attempting a deletion.

>

> | --

>

> | Dick K

>

> Oh so this is related to a malware ADS file.

>

> Gmer is perfect for that. Note ADS scan is enabled by default.

>

> http://www.gmer.net/files.php

>

No. It's an "undeletable" file on my XP desktop PC

left behind by the Kaspersky Rescue CD. Filename:

C:\Documents and Settings\All Users\Application Data\

Kaspersky Lab\AVP8\avp8.00.06_13:41_leab.ALL.log

Haven't tried GMER but LADS from Frank Heyne Software

(http://www.heysoft.de) reported no ADS files found

in the directory.

I exhausted all reasonable efforts to get rid of a

similar file on my XP laptop and eventually had to

restore and update a clone dating from before the

creation of the file. Wasn't worth the effort and

I'm reluctant to waste any more time on the issue.

Thanks for trying to help.

--

Dick K

April 13, 2009

FromTheRafters wrote:

> "Dick K" <not@this.com> wrote in message

> news:u3%23Cbm6uJHA.1164@TK2MSFTNGP03.phx.gbl...

>> FromTheRafters wrote:

>>> "Dick K" <not@this.com> wrote in message

>>> news:Oh0s%23m3uJHA.1240@TK2MSFTNGP02.phx.gbl...

>>>> james wrote:

>>>>> Since virus nowadays have anti-anti-virus ability, booting up a

>>>>> suspect computer to scan for virus is unreliable, even in safe

>>>>> mode.

>>>>>

>>>>> Where can I buy/download/make a bootable CD with virus scanner? I'd

>>>>> like the virus scanner to be up-to-date, so either this CD image is

>>>>> downloadble and is constantly refreshed, or the virus scanner that

>>>>> comes with it can update itself via internet, which would require

>>>>> the bootable CD to boot with internet support.

>>>>>

>>>>> A slow way is to remove the hard drive from the suspect computer

>>>>> and add it to a good computer as a D: drive. Then I can boot up the

>>>>> good computer and scan D: drive. However, I'd like to have a

>>>>> solution that doesn't require removing the drive -- it takes a lot

>>>>> of time.

>>>>>

>>>> Have a look at:

>>>>

>>>> http://www.techmixer.com/free-bootable-ant...-download-list/

>>>>

>>>> I'd be a little wary of Kaspersky - it used to leave "undeletable"

>>>> files

>>>> behind though I don't know if that's still the case.

>>> Kaspersky is really good AV software. I'm wondering about that

>>> comment - the only 'undeletable files' I've ever heard of weren't

>>> really files at all.

>> Kaspersky's AV software does indeed have a good reputation,

>> which I wouldn't question. However I did experience a problem

>> with their rescue disk, which is the only software of theirs

>> that I've used. The problem, and my efforts to solve it, are

>> described in boring detail at:

>>

>> http://www.pcreview.co.uk/forums/thread-3662422.php

>>

>> Windows Disk Defragmenter reported a file size of 45MB in 59

>> fragments so the file seemed real enough. I still have a

>> similar file on my desktop PC, so if you've any new ideas

>> about how to get rid of it I'd be grateful. The one thing

>> I haven't tried is booting a Linux distro from CD, mounting

>> the C: drive and attempting a deletion.

>

> Try deleting the file by using the pathname up to but not including the

> colon character. This should delete the host file of the Alternate Data

> Stream denoted by the colon character. ADSs cannot be deleted by

> themselves - but their host file (or directory) can be.

>

>

Thanks but not an ADS file unfortunately.

--

Dick K

April 13, 2009

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:%23ILhs$BvJHA.228@TK2MSFTNGP03.phx.gbl...

> From: "james" <nospam@nospam.com>

>

>>> As was posted to your other posts (multipost )

>>> http://www.free-av.com/en/tools/12/avira_a...cue_system.html

>

> | I see a few rescue cd that boots up linux and then can scan for virus.

> | I'm confused; do they scan for linux virus or windows virus?

>

> Signatures are OS independent.

I understand signatures are os independent, I'm just surpirsed that someone

wrote anti-virus software that runs on linux but scans for windows virus.

April 13, 2009

On 04/13/2009 07:09 AM, james sent:

>

> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

> news:%23ILhs$BvJHA.228@TK2MSFTNGP03.phx.gbl...

>> From: "james" <nospam@nospam.com>

>>

>>>> As was posted to your other posts (multipost )

>>>> http://www.free-av.com/en/tools/12/avira_a...cue_system.html

>>

>> | I see a few rescue cd that boots up linux and then can scan for virus.

>> | I'm confused; do they scan for linux virus or windows virus?

>>

>> Signatures are OS independent.

>

> I understand signatures are os independent, I'm just surprised that

> someone wrote anti-virus software that runs on linux but scans for

> windows virus.

Hello James:

I have more than one scanner in my main Linux system. My feeling is,

stop the malware lest we spread it to others. Mine are freeware, easy

for me to setup, update and schedule.

FWIW

Pete

--

1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

April 13, 2009

From: "Dick K" <not@this.com>

| David H. Lipman wrote:

>> From: "Dick K" <not@this.com>

>> | Kaspersky's AV software does indeed have a good reputation,

>> | which I wouldn't question. However I did experience a problem

>> | with their rescue disk, which is the only software of theirs

>> | that I've used. The problem, and my efforts to solve it, are

>> | described in boring detail at:

>> | http://www.pcreview.co.uk/forums/thread-3662422.php

>> | Windows Disk Defragmenter reported a file size of 45MB in 59

>> | fragments so the file seemed real enough. I still have a

>> | similar file on my desktop PC, so if you've any new ideas

>> | about how to get rid of it I'd be grateful. The one thing

>> | I haven't tried is booting a Linux distro from CD, mounting

>> | the C: drive and attempting a deletion.

>> | --

>> | Dick K

>> Oh so this is related to a malware ADS file.

>> Gmer is perfect for that. Note ADS scan is enabled by default.

>> http://www.gmer.net/files.php

| No. It's an "undeletable" file on my XP desktop PC

| left behind by the Kaspersky Rescue CD. Filename:

| C:\Documents and Settings\All Users\Application Data\

| Kaspersky Lab\AVP8\avp8.00.06_13:41_leab.ALL.log

| Haven't tried GMER but LADS from Frank Heyne Software

| (http://www.heysoft.de) reported no ADS files found

| in the directory.

| I exhausted all reasonable efforts to get rid of a

| similar file on my XP laptop and eventually had to

| restore and update a clone dating from before the

| creation of the file. Wasn't worth the effort and

| I'm reluctant to waste any more time on the issue.

| Thanks for trying to help.

| --

| Dick K

Too bad because Gmer is the best AntiRootkit utility.

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

April 14, 2009

"Dick K" <not@this.com> wrote in message

news:%23x%23lypCvJHA.5684@TK2MSFTNGP03.phx.gbl...

> FromTheRafters wrote:

>> "Dick K" <not@this.com> wrote in message

>> news:u3%23Cbm6uJHA.1164@TK2MSFTNGP03.phx.gbl...

>>> FromTheRafters wrote:

>>>> "Dick K" <not@this.com> wrote in message

>>>> news:Oh0s%23m3uJHA.1240@TK2MSFTNGP02.phx.gbl...

>>>>> james wrote:

>>>>>> Since virus nowadays have anti-anti-virus ability, booting up a

>>>>>> suspect computer to scan for virus is unreliable, even in safe

>>>>>> mode.

>>>>>>

>>>>>> Where can I buy/download/make a bootable CD with virus scanner?

>>>>>> I'd like the virus scanner to be up-to-date, so either this CD

>>>>>> image is downloadble and is constantly refreshed, or the virus

>>>>>> scanner that comes with it can update itself via internet, which

>>>>>> would require the bootable CD to boot with internet support.

>>>>>>

>>>>>> A slow way is to remove the hard drive from the suspect computer

>>>>>> and add it to a good computer as a D: drive. Then I can boot up

>>>>>> the good computer and scan D: drive. However, I'd like to have a

>>>>>> solution that doesn't require removing the drive -- it takes a

>>>>>> lot of time.

>>>>>>

>>>>> Have a look at:

>>>>>

>>>>> http://www.techmixer.com/free-bootable-ant...-download-list/

>>>>>

>>>>> I'd be a little wary of Kaspersky - it used to leave "undeletable"

>>>>> files

>>>>> behind though I don't know if that's still the case.

>>>> Kaspersky is really good AV software. I'm wondering about that

>>>> comment - the only 'undeletable files' I've ever heard of weren't

>>>> really files at all.

>>> Kaspersky's AV software does indeed have a good reputation,

>>> which I wouldn't question. However I did experience a problem

>>> with their rescue disk, which is the only software of theirs

>>> that I've used. The problem, and my efforts to solve it, are

>>> described in boring detail at:

>>>

>>> http://www.pcreview.co.uk/forums/thread-3662422.php

>>>

>>> Windows Disk Defragmenter reported a file size of 45MB in 59

>>> fragments so the file seemed real enough. I still have a

>>> similar file on my desktop PC, so if you've any new ideas

>>> about how to get rid of it I'd be grateful. The one thing

>>> I haven't tried is booting a Linux distro from CD, mounting

>>> the C: drive and attempting a deletion.

>>

>> Try deleting the file by using the pathname up to but not including

>> the colon character. This should delete the host file of the

>> Alternate Data Stream denoted by the colon character. ADSs cannot be

>> deleted by themselves - but their host file (or directory) can be.

> Thanks but not an ADS file unfortunately.

iStreams?

With the colon, "Windows'" NTFS support may think it is. It might

consider the path up to the colon as a path to a file (not sure what the

extra dots might mean) - and the ADS name following the colon. I just

thought that the //?/ "path to filename:streamname" might not work but

//?/ "path to filename" might suffice to delete the file - and hence the

alternate stream.

....could be the dots too..

Download the live cd Backtrack and use it to delete the file. Linux

might not have qualms about manipulating what Windows considers to be

reserved characters or words. Even if it doesn't work, I think you may

like the cd anyway.

April 14, 2009

"james" <nospam@nospam.com> wrote in message

news:eneztFEvJHA.4364@TK2MSFTNGP03.phx.gbl...

>

> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

> news:%23ILhs$BvJHA.228@TK2MSFTNGP03.phx.gbl...

>> From: "james" <nospam@nospam.com>

>>

>>>> As was posted to your other posts (multipost )

>>>> http://www.free-av.com/en/tools/12/avira_a...cue_system.html

>>

>> | I see a few rescue cd that boots up linux and then can scan for

>> virus.

>> | I'm confused; do they scan for linux virus or windows virus?

>>

>> Signatures are OS independent.

>

> I understand signatures are os independent, I'm just surpirsed that

> someone wrote anti-virus software that runs on linux but scans for

> windows virus.

Would you want your Linux fileserver to house viruses that could infect

Windows workstations?

Keep in mind that originally AV was for detecting viruses - not for

protecting you from malware.

April 15, 2009

FromTheRafters wrote:

> "Dick K" <not@this.com> wrote in message

> news:%23x%23lypCvJHA.5684@TK2MSFTNGP03.phx.gbl...

>> FromTheRafters wrote:

>>> "Dick K" <not@this.com> wrote in message

>>> news:u3%23Cbm6uJHA.1164@TK2MSFTNGP03.phx.gbl...

>>>> FromTheRafters wrote:

>>>>> "Dick K" <not@this.com> wrote in message

>>>>> news:Oh0s%23m3uJHA.1240@TK2MSFTNGP02.phx.gbl...

>>>>>> james wrote:

>>>>>>> Since virus nowadays have anti-anti-virus ability, booting up a

>>>>>>> suspect computer to scan for virus is unreliable, even in safe

>>>>>>> mode.

>>>>>>>

>>>>>>> Where can I buy/download/make a bootable CD with virus scanner?

>>>>>>> I'd like the virus scanner to be up-to-date, so either this CD

>>>>>>> image is downloadble and is constantly refreshed, or the virus

>>>>>>> scanner that comes with it can update itself via internet, which

>>>>>>> would require the bootable CD to boot with internet support.

>>>>>>>

>>>>>>> A slow way is to remove the hard drive from the suspect computer

>>>>>>> and add it to a good computer as a D: drive. Then I can boot up

>>>>>>> the good computer and scan D: drive. However, I'd like to have a

>>>>>>> solution that doesn't require removing the drive -- it takes a

>>>>>>> lot of time.

>>>>>>>

>>>>>> Have a look at:

>>>>>>

>>>>>> http://www.techmixer.com/free-bootable-ant...-download-list/

>>>>>>

>>>>>> I'd be a little wary of Kaspersky - it used to leave "undeletable"

>>>>>> files

>>>>>> behind though I don't know if that's still the case.

>>>>> Kaspersky is really good AV software. I'm wondering about that

>>>>> comment - the only 'undeletable files' I've ever heard of weren't

>>>>> really files at all.

>>>> Kaspersky's AV software does indeed have a good reputation,

>>>> which I wouldn't question. However I did experience a problem

>>>> with their rescue disk, which is the only software of theirs

>>>> that I've used. The problem, and my efforts to solve it, are

>>>> described in boring detail at:

>>>>

>>>> http://www.pcreview.co.uk/forums/thread-3662422.php

>>>>

>>>> Windows Disk Defragmenter reported a file size of 45MB in 59

>>>> fragments so the file seemed real enough. I still have a

>>>> similar file on my desktop PC, so if you've any new ideas

>>>> about how to get rid of it I'd be grateful. The one thing

>>>> I haven't tried is booting a Linux distro from CD, mounting

>>>> the C: drive and attempting a deletion.

>>> Try deleting the file by using the pathname up to but not including

>>> the colon character. This should delete the host file of the

>>> Alternate Data Stream denoted by the colon character. ADSs cannot be

>>> deleted by themselves - but their host file (or directory) can be.

>> Thanks but not an ADS file unfortunately.

>

> iStreams?

>

> With the colon, "Windows'" NTFS support may think it is. It might

> consider the path up to the colon as a path to a file (not sure what the

> extra dots might mean) - and the ADS name following the colon. I just

> thought that the //?/ "path to filename:streamname" might not work but

> //?/ "path to filename" might suffice to delete the file - and hence the

> alternate stream.

>

> ...could be the dots too..

>

> Download the live cd Backtrack and use it to delete the file. Linux

> might not have qualms about manipulating what Windows considers to be

> reserved characters or words. Even if it doesn't work, I think you may

> like the cd anyway.

>

>

OK! I had a Knoppix live CD to hand so I tried that

instead of Backtrack and the file manager zapped the

offending file, no problem.

I think the problem went far deeper than a mere

invalid file name. To give just one example of the

anomalies associated with the file, hovering the

cursor over its name in Windows Explorer showed a

file size of 837 KB whereas file properties reported

a size of 0 bytes.

Thanks for taking an interest and, in effect, rousing

me from fatalistic acceptance of a nagging irritation.

--

Dick K

April 15, 2009

"Dick K" <not@this.com> wrote in message

news:%23X$vlAWvJHA.1088@TK2MSFTNGP04.phx.gbl...

> FromTheRafters wrote:

>> "Dick K" <not@this.com> wrote in message

>> news:%23x%23lypCvJHA.5684@TK2MSFTNGP03.phx.gbl...

>>> FromTheRafters wrote:

>>>> "Dick K" <not@this.com> wrote in message

>>>> news:u3%23Cbm6uJHA.1164@TK2MSFTNGP03.phx.gbl...

>>>>> FromTheRafters wrote:

>>>>>> "Dick K" <not@this.com> wrote in message

>>>>>> news:Oh0s%23m3uJHA.1240@TK2MSFTNGP02.phx.gbl...

>>>>>>> james wrote:

>>>>>>>> Since virus nowadays have anti-anti-virus ability, booting up a

>>>>>>>> suspect computer to scan for virus is unreliable, even in safe

>>>>>>>> mode.

>>>>>>>>

>>>>>>>> Where can I buy/download/make a bootable CD with virus scanner?

>>>>>>>> I'd like the virus scanner to be up-to-date, so either this CD

>>>>>>>> image is downloadble and is constantly refreshed, or the virus

>>>>>>>> scanner that comes with it can update itself via internet,

>>>>>>>> which would require the bootable CD to boot with internet

>>>>>>>> support.

>>>>>>>>

>>>>>>>> A slow way is to remove the hard drive from the suspect

>>>>>>>> computer and add it to a good computer as a D: drive. Then I

>>>>>>>> can boot up the good computer and scan D: drive. However, I'd

>>>>>>>> like to have a solution that doesn't require removing the

>>>>>>>> drive -- it takes a lot of time.

>>>>>>>>

>>>>>>> Have a look at:

>>>>>>>

>>>>>>> http://www.techmixer.com/free-bootable-ant...-download-list/

>>>>>>>

>>>>>>> I'd be a little wary of Kaspersky - it used to leave

>>>>>>> "undeletable" files

>>>>>>> behind though I don't know if that's still the case.

>>>>>> Kaspersky is really good AV software. I'm wondering about that

>>>>>> comment - the only 'undeletable files' I've ever heard of weren't

>>>>>> really files at all.

>>>>> Kaspersky's AV software does indeed have a good reputation,

>>>>> which I wouldn't question. However I did experience a problem

>>>>> with their rescue disk, which is the only software of theirs

>>>>> that I've used. The problem, and my efforts to solve it, are

>>>>> described in boring detail at:

>>>>>

>>>>> http://www.pcreview.co.uk/forums/thread-3662422.php

>>>>>

>>>>> Windows Disk Defragmenter reported a file size of 45MB in 59

>>>>> fragments so the file seemed real enough. I still have a

>>>>> similar file on my desktop PC, so if you've any new ideas

>>>>> about how to get rid of it I'd be grateful. The one thing

>>>>> I haven't tried is booting a Linux distro from CD, mounting

>>>>> the C: drive and attempting a deletion.

>>>> Try deleting the file by using the pathname up to but not including

>>>> the colon character. This should delete the host file of the

>>>> Alternate Data Stream denoted by the colon character. ADSs cannot

>>>> be deleted by themselves - but their host file (or directory) can

>>>> be.

>>> Thanks but not an ADS file unfortunately.

>>

>> iStreams?

>>

>> With the colon, "Windows'" NTFS support may think it is. It might

>> consider the path up to the colon as a path to a file (not sure what

>> the extra dots might mean) - and the ADS name following the colon. I

>> just thought that the //?/ "path to filename:streamname" might not

>> work but //?/ "path to filename" might suffice to delete the file -

>> and hence the alternate stream.

>>

>> ...could be the dots too..

>>

>> Download the live cd Backtrack and use it to delete the file. Linux

>> might not have qualms about manipulating what Windows considers to be

>> reserved characters or words. Even if it doesn't work, I think you

>> may like the cd anyway.

>

> OK! I had a Knoppix live CD to hand so I tried that

> instead of Backtrack and the file manager zapped the

> offending file, no problem.

>

> I think the problem went far deeper than a mere

> invalid file name. To give just one example of the

> anomalies associated with the file, hovering the

> cursor over its name in Windows Explorer showed a

> file size of 837 KB whereas file properties reported

> a size of 0 bytes.

An interesting inconsistency within Windows.

> Thanks for taking an interest and, in effect, rousing

> me from fatalistic acceptance of a nagging irritation.

I guess it stems from the different ways that the two OSes support the

NTFS filesystem.

May 2, 2009

> Have a look at:

>

> http://www.techmixer.com/free-bootable-ant...-download-list/

Thanks for the info.

Could someone tell me which of the rescue CD in this list can perform

scan-only WITHOUT repair?

The suspect computer is a business-critical computer. It still works, albeit

a little slow. If there is a virus on it, we would have to buy a new

computer and set it up with identical software before taking down the

infected one.

Since repair does not always work and sometimes render the PC unbootable,

virus-detection is all I need now.

May 3, 2009

james wrote:

>> Have a look at:

>>

>> http://www.techmixer.com/free-bootable-ant...-download-list/

>>

>

> Thanks for the info.

>

> Could someone tell me which of the rescue CD in this list can perform

> scan-only WITHOUT repair?

I can't speak for the other CDs but Avira does what you want.

Having clicked on the British flag to select English (the

default is German) it offers configuration options for "Action

at malware discovery". The alternatives are:"Protocol malware

records only" ("Protocol" meaning "Log" in a poor translation

from German) and "Try to repair infected files". Clearly you

would need to ensure that the the first option was selected.

--

HTH

Dick K

May 3, 2009

On Sun, 03 May 2009 16:33:32 +0100, Dick K <not@this.com> wrote:

>james wrote:

>>> Have a look at:

>>>

>>> http://www.techmixer.com/free-bootable-ant...-download-list/

>>>

>>

>> Thanks for the info.

>>

>> Could someone tell me which of the rescue CD in this list can perform

>> scan-only WITHOUT repair?

>

>I can't speak for the other CDs but Avira does what you want.

>Having clicked on the British flag to select English (the

>default is German) it offers configuration options for "Action

>at malware discovery". The alternatives are:"Protocol malware

>records only" ("Protocol" meaning "Log" in a poor translation

>from German) and "Try to repair infected files". Clearly you

>would need to ensure that the the first option was selected.

I've been having trouble with the Avira CD. The window that it

displays is bigger than the monitor's screen, so I can't click any of

the buttons to run a scan. Has anyone seen this? Any solution?

--

Thanks,

Steve Winograd, MS-MVP (Windows Desktop Experience)

Microsoft Most Valuable Professional Program

http://mvp.support.microsoft.com

May 4, 2009

Steve Winograd wrote:

> On Sun, 03 May 2009 16:33:32 +0100, Dick K <not@this.com> wrote:

>

>> james wrote:

>>>> Have a look at:

>>>>

>>>> http://www.techmixer.com/free-bootable-ant...-download-list/

>>>>

>>> Thanks for the info.

>>>

>>> Could someone tell me which of the rescue CD in this list can perform

>>> scan-only WITHOUT repair?

>> I can't speak for the other CDs but Avira does what you want.

>

> I've been having trouble with the Avira CD. The window that it

> displays is bigger than the monitor's screen, so I can't click any of

> the buttons to run a scan. Has anyone seen this? Any solution?

Apparently it's a known issue:

http://forum.avira.com/wbb/index.php?page=...&threadID=82578

You could try posting in the Avira forum to ask whether a fix

has been found.

Sorry I can't be of more help.

--

Dick K

Sign In

bootable virus scanner?

Recommended Posts

Guest james

Popular Days

Popular Days

Guest Dick K

Guest David H. Lipman

Guest Richard Urban

Guest FromTheRafters

Guest Dick K

Guest Peter Foldes

Guest FromTheRafters

Guest David H. Lipman

Guest james

Guest David H. Lipman

Guest Steve Winograd

Guest Dick K

Guest Dick K

Guest james

Guest 1PW

Guest David H. Lipman

Guest FromTheRafters

Guest FromTheRafters

Guest Dick K

Guest FromTheRafters

Guest james

Guest Dick K

Guest Steve Winograd

Guest Dick K

Join the conversation

Browse

Activity

Support