Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    iNET Interactive
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    698
    Thanks
    11
    Thanked 67 Times in 53 Posts

    The ultimate virus scan: Clean outside Windows




    BEST PRACTICES

    The ultimate virus scan: Clean outside Windows

    ByLincoln Spector

    No matter how good your precautions, malware can still infect your computer.

    If you suspect an infection but your antivirus program tells you otherwise, take Windows out of the calculation and run your AV in a non-Windows environment where the infection can't hide.

    The full text of this column is posted at WindowsSecrets.com/best-practices/the-ultimate-virus-scan-clean-outside-windows/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Feb 2011
    Location
    Seattle
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    F-Secure's user guide has this rather ominous warning:
    Using the Rescue CD on a working operating system may rename
    essential system files and so cause your operating system to no longer
    start. If this happens you can use your operating system repair disk to
    reinstall the operating system. Note that this may reinstall a fresh
    operating system and so remove any personal settings and files you
    have.
    Sounds like the cure could be worse than the disease. How should we take this warning?
    Last edited by sprinter; 2012-10-18 at 14:10.

  3. #3
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    I would take such warnings seriously. But you are already infected badly, or else you wouldn't be doing this extreme cleanup. Any extreme measures to clean up a virus infection risk the same damages to the OS or loss of data contained within the OS.

    This is why you need an ongoing data backup strategy, and an occasional System Image backup as well.

    By spending less than 15 minutes a couple of times per week, you can rest reasonably assured that if a virus cleanup or other mishap really wrecks your OS installation, you can fearlessly restore the whole OS and all your data in under an hour (frequently 20 minutes or less). This will leave your OS clean and fully refreshed, with minimal loss of recent data and no missing or damaged critical System Files.

    I also back up my drivers to a single ZIP archive once in a long while.

    There are also Repair Options on the retail install disks (or the Repair Disk you can burn from any Windows 7 version) for most versions of Windows. If a Repair doesn't work, you may indeed end up reinstalling the OS. But a non-destructive reinstall should preserve your personal data and many settings, and most software will continue to work in many cases.

    So yes, the warnings are warranted. And this is one more reason to BACKUP BACKUP BACKUP! Preferably in advance of any sort of trouble.

    The cure is never worse than the disease. Never continue to use a known to be infected PC. Clean it up or reinstall or roll back using a known clean (scanned before backing up) System Image.
    Last edited by bobprimak; 2012-10-18 at 13:53.
    -- Bob Primak --

  4. #4
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,146
    Thanks
    203
    Thanked 207 Times in 199 Posts
    A very easy, and effective, way to scan and clean your computer is with Windows Defender Offline. Best of all, it's free!

    Basically, you go to the Microsoft website to download the program: http://windows.microsoft.com/en-US/w...fender-offline

    You choose 32-bit or 64-bit, you put a CD or DVD in the drive, and download the program.

    You then boot the infected PC with the CD or DVD you made.

    It will scan and clean your computer pre-Windows (before Windows gets a chance to load).

    Wait till you need it to download it, so that it will be up-to-date.

  5. #5
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,432
    Thanks
    128
    Thanked 494 Times in 454 Posts
    Cleaning ouside of Windows is not too dissimilar from cleaning inside of windows in that you will always run the risk
    of removing something vital or essential thereby necessitating a specific repair, or a full repair install of the entire OS
    ...after the virus or malware removal is completed.

    A "quick and easy fix" to any virus or malware issue is the exception not the rule.
    Instead of brooding over the thought of spending a considerable amount of time over a malware or virus cleanup, get yourself
    setup with a well coordinated backup regimen based on imaging and hard copy backups of your data.

    If your finding yourself with no other recourse than to attempt a complex virus or malware cleanup, then that should tell you that your
    means of backup is seriously lacking and that you are in need of a well thought out backup regimen.

    Instead of focusing on cleanup and removal, focus on prevention and backup.
    You can either spend hours cleaning up or minutes restoring. You get to choose.
    Last edited by CLiNT; 2012-10-21 at 12:00.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Windows 8.1, 64 bit
    Motherboard: DX58SO2*Chipset: X58 Express/Intel ICH10*BIOS: SOX5820J.86A.0888.2012.0129.2203*Processor: Intel Core i7 CPU X 990
    GPU: Nvidia GTX 580*Memory: Corsair 12 GB, 4x3@1600*PSU: Corsair HX1000*Hard drives: REVO X2 160GB*OCZ VERT X3 120GB*5 mechanical storage drives (12 TB) total.

  6. #6
    2 Star Lounger
    Join Date
    Mar 2010
    Location
    Midwest USA
    Posts
    120
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Working in a shop where 75%+ of our work is malware removal, these CDs are an excellent resource and our first shot at most malware removal jobs.

    The Windows Defender Offline tool seems to cycle between catching lots of crap and catching nothing. A new version was just released, 4.1.522. I used this one a lot, but it's being surpassed by...

    The Kaspersky tool is excellent, except that the update downloads are horribly slow. They need better servers or something.

    The AVG offline scanner works, I think, but it's hard to follow what it's been doing. Crappy interface. I used it a few times with some tough infections but don't use it anymore because I can't tell what it's up to or what it's done or what to do next.

    We will definitely play with the F-Secure tool.

    -John

  7. #7
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    Quote Originally Posted by John-O View Post
    Working in a shop where 75%+ of our work is malware removal, these CDs are an excellent resource and our first shot at most malware removal jobs.

    The Windows Defender Offline tool seems to cycle between catching lots of crap and catching nothing. A new version was just released, 4.1.522. I used this one a lot, but it's being surpassed by...

    The Kaspersky tool is excellent, except that the update downloads are horribly slow. They need better servers or something.

    The AVG offline scanner works, I think, but it's hard to follow what it's been doing. Crappy interface. I used it a few times with some tough infections but don't use it anymore because I can't tell what it's up to or what it's done or what to do next.

    We will definitely play with the F-Secure tool.

    -John
    Virus writing and virus removal is always a cat and mouse game, with the numbers favoring the virus writers. At least we currently have detection, removal and prevention schemes which usually work. This may not always be the case in the future, I fear. The very public and yet anonymous nature of the Internet is largely to blame for this state of affairs. As long as folks can hide behind proxies and fake screen names and such, there will always be a criminal element with financial motives which will keep anti-virus engineers very busy, I'm afraid.
    -- Bob Primak --

  8. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Santa Rosa,Ca,USA
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    thanks for the "Clean outside Windows", very informative. there is an Outside Windows antivirus etc., that you might want to take a look at from www.fixMeStick.com which I have been using for a few months. comes with its own OS on a Thumb Drive. simply insert into a USB slot and restart your computer making sure you have an Internet Connection for updates. Highly recommended

  9. #9
    2 Star Lounger
    Join Date
    Mar 2010
    Location
    Midwest USA
    Posts
    120
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Bob...I'm glad we rarely run into something that the scanners can't remove. The damage left behind? That's a whole other can-o-worms. The one that scares me are future rootkits. The offline scanners do well with the current crop of rootkits, but the potential for really serious undetectables is strong.

    The strategy of using several scanners has served me well.

    -John

  10. #10
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,146
    Thanks
    203
    Thanked 207 Times in 199 Posts
    I agree fully with having a good backup strategy in place. But if you don't, and if you get hit with something before you can do a clean backup, then the best option is an offline (pre-Windows) virus scan from several different scanners.

  11. #11
    2 Star Lounger
    Join Date
    Mar 2010
    Location
    Midwest USA
    Posts
    120
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Ran the F-Secure disk on a couple known-infected systems. Works fine, seems speedy. But, it's hard to tell what it's caught. The report at the end is on a 'DOS' screen and the names of the malware are off the right edge. Maybe there's a way around this or details on the bugs somewhere that I can't find? This is where the Microsoft WDO disk shines: I get a clear list of scan results along with descriptions of the malware and their seriousness. I also get to choose how to handle the bugs individually, including so-called PUPs...potentially unwanted programs, which is the legal way of saying shitware.

    As a side note, I've been removing malware every day for a year, and I have yet to see malware that destroys user data. I see a lot of busted Windows installs...Update won't run or MSE won't update or whatever, but never any lost data due to malicious software. We used to see lots of machines with data hidden by malware, but that's easy to fix.

    I think this is bacause today's malware isn't destructive like it was in the 80s and 90s, and early in the last decade. Today it's all about botnets and getting money from you. I think backups are essential because hard drives regularly fail, but malware as a reason for a backup solution isn't a good rationale in my little piece of the world, unless you're selling backup solutions.

  12. #12
    2 Star Lounger
    Join Date
    Mar 2010
    Location
    Midwest USA
    Posts
    120
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Regarding F-Secure...ran it on a customer's infected machine, it found two or three things but I couldn't identify what they were because the path to them extended beyond the end of the screen...not a useful setup.

    Ran Kaspersky's disk right behind, and it found a trojan, a trojan dropper, and the pihar.c rootkit.

    That's a bad review. Not only can't I tell what F-Secure might have caught, it missed some serious stuff.

  13. #13
    New Lounger
    Join Date
    Dec 2009
    Location
    Lakeland, FL, USA
    Posts
    19
    Thanks
    0
    Thanked 1 Time in 1 Post

    Why Not Windows Defender Offline?

    As usual, we thank you for a very informative article.

    Just out of curiosity, why didn't you consider Windows Defender Offline? It may be using a subset of the Windows operating system, but it isn't using the OS that is infected and cannot be influenced by it. Also, it can be updated and you have the choice of a Quick or Full scan all on the first page. It shows you what it found and even gives you the opportunity see details on each intrusions.

  14. #14
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,146
    Thanks
    203
    Thanked 207 Times in 199 Posts
    Windows Defender Offline is easy to obtain and easy to use. Best of all, it's free.

    Just put a blank CD or DVD in a clean machine, go to the Microsoft website, and choose 32-bit or 64-bit.

    Then just boot the infected machine with the disk you just created. It's a bit slow to get going, but extremely easy.

  15. #15
    New Lounger
    Join Date
    Dec 2009
    Location
    Pasadena, CA
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have used UBCD4win (UBCD4win.com) quite successfully, as it includes several anti-spyware and antivirus programs that can be run with a single boot. Various versions of this utility have included different anti-malware programs. A very useful feature is the ability to add programs of your choice to the options, although this might not be a preferred option for the technologically faint of heart.

    I have also removed the suspect hard disk from the infected computer and scanned it on other systems that have different anti-malware programs installed (typically using a USB or eSATA hard disk dock). This utility can be installed on either a bootable DVD or USB stick.

    Regardless, I have always made a full image backup of the infected disk prior to scanning, lest an over-enthusiastic scan resulted in removing an essential file or setting.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •