[SGVLUG] scanning windows systems for viruses from live-CD's
Tom Emerson
osnut at pacbell.net
Sun Sep 24 12:26:12 PDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Well, my brother in law has finally done it -- he admits to "doing
something stupid" and now his system has a few viruses. Most of them
he's been able to clean, but one is a really persistent bugger -- it has
somehow invaded his browser such that if he "just opens a browser
session" instead of going to the defined home-page, it goes to another
site that tells him "your system is infected, click /here/ to get the
latest and greatest" (new virus to add to your system...) He seems to
think that just visiting this page enables more viruses to infect his
system (or, at the very least, system performance goes to hell)
Although he has scanned the system seven ways from sunday, it still
persists, so he believes it has gotten in so deep that system calls to
read the disk are being perverted so as not to return evidence of this
virus (hence scanners fail to find it) His next real recourse is to
pull this drive, slave it to another system, and run the scan from that
other system (i.e., so that none of the system files of the "infected"
drive are loaded) Before going to that extent, however, he has been
asking if any of the "live-CD" type distributions such as knoppix have
been built to scan windows systems.
"it had just so happened..." that earlier in the day I downloaded the
"embedded" Damn Small Linux (DSL, not to be confused with broadband)
which will actually boot and run as a process within windows or linux
(it uses qemu to create an environment to run within windows) the
download is 50 meg (though compressed) which makes it small enough to
load onto usb memory stick/pen drives. It may even be possible to
create a boot-from-usb-device version that would create his "live-cd"
environment, but I didn't see clamav or similar in the synaptic (apt)
installer.
Any thoughts? (and yes, I did go back through the recent thread on a
similar situation and saw Dustin's "tough love" post -- I know I've
tried getting him to use this on a regular basis, but of course, the
"problem" machine is one "at work" (or is it the one he plays on-line
web-based games that require specific active-x controls which don't work
well with firefox?)
- --
Top o' the Blog: latest Suse install in the least likely of places
http://osnut.homelinux.net/mtblog/ya_index.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFFtvUV/YHUqq2SwsRAl+GAJ9mLSit8IyP/yPxQoC1EPfAhS1RpQCgn5jX
WiXdBz3amkMSpJFMj3I7JcU=
=v7XN
-----END PGP SIGNATURE-----
More information about the SGVLUG
mailing list