[plug] Anti Virus LiveCD

Chris Caston caston at arach.net.au
Wed Jun 22 11:34:37 WST 2005 

On Wed, 2005-06-22 at 11:17, Craig Ringer wrote:
> On Wed, 2005-06-22 at 10:50 +0800, Chris Caston wrote:
> > On Wed, 2005-06-22 at 10:18, Onno Benschop wrote:
> > > Hi all,
> > > 
> > > Going on-site each day and needing to install AVG, AdAware and SpyBot, 
> > > then update them, then running a full scan for each application takes 
> > > the better part of two hours for most machines, longer if their machine 
> > > is completely toast.
> > > 
> > 
> > You can use BartPE, run the mcafee command line scanner and run adaware
> > but it only removes the files and not the registry entries.
> > 
> > The problem I find with cleaning up infected machines is trying to work
> > out if will in fact fix all the problems or if in fact its best to do a
> > clean reinstall.
> 
> Even if cleaning it breaks the machine totally (not unheard of),
It can be the little things like Windows media player wants to send a
cryptic error report to Microsoft, IE is still busted, search is missing
but you still get the puppy dog. You can try to fix many of these things
but it can take a long time.  

>  it
> means that any clean reinstall lets you archive the old data without
> fear of reinfection.


If you have a server that gets compromised do you close the backdoor,
removed any installed programs and keep going? 

Best practise is to take it down and reinstall from scratch. 

In an ideal solution to to a virus/spyware ridden windows machine:

1. if they don't know their internet/e-mail passwords use mailpv or
dunrecover to get them 
2. Backup outlook express (copy the mailbox store folder or use
ABFoutlookexpress backup) e-mails and contacts or Outlook pst
3. Backup device drivers (there are apps like windriverbackup) and or
locate motherboard/other hardware CDs
4. Backup accounting software 
5. Install a new HD on the PC of greater capacity to their current one
6. Put their existing HD in a USB HD caddie and virus scan it from
another machine or laptop 
7 Reinstall Windows with the latest updates using their media and or
serial numbers
8. Install of their software from their orginal CDs
9. Install printers, scanners, webcams etc
10. Install anti virus/antispyware software
11. Copy back their data from the ext hd once it is finished virus
scanning. Usually just take the documents and settings folder of they
are using w2k or above. You do need to look out as they may have MYOB
folder or done things like saved a spreadsheet under program files.
Desktop is saved under Windows folder in 98 and so are things like
favourites and fonts.
12. Setup their old HD for backup using ntbackup, karens replicator or
the Windows port of rsync

regards,

Chris Caston

More information about the plug mailing list