GrubDOS question
#1
Posted 02 February 2009 - 03:40 AM
I find the concept of using a separate DOS to boot a computer fascinating, and would like to pose a question.
As a helper on an AntiMalware site, the idea of being able to use an independent DOS language, makes me wonder if it can be used in removing malware.
Many files that malware use are hidden from the Windows API. Is it possible that GrubDOS could be used to boot a machine, search for and then delete files that are normally hidden to Windows?
Regards,
RatHat
#2
Posted 02 February 2009 - 04:19 AM
Hi RatHat, welcomeHi there,
I find the concept of using a separate DOS to boot a computer fascinating, and would like to pose a question.
As a helper on an AntiMalware site, the idea of being able to use an independent DOS language, makes me wonder if it can be used in removing malware.
Many files that malware use are hidden from the Windows API. Is it possible that GrubDOS could be used to boot a machine, search for and then delete files that are normally hidden to Windows?
Regards,
RatHat
There are av progs that run from dos, like fprotdos and f-secure etc. but afaik, they don't work any better than the windows version. What usually happens is the virus/mw corrupts the windows installed version so you can't use it normally from a windows desktop but you can use it from a PE desktop like LiveXP
#3
Posted 02 February 2009 - 04:25 AM
Yes there are many different tools that will use the reboot of a machine to remove malware before the main system files are loaded, however they can also have difficulties, with rootkits for example.
What I am interested in is whether there is an independent operating system that could be downloaded and run from a CD or USB, that does not require any of the Windows architecture to start the machine.
If this is possible, and it could read the Windows file system, then there is a possibility that it could be used to delete files that are normally hidden.
Regards,
RatHat
#4
Posted 02 February 2009 - 05:20 AM
So you're saying that a PE boot disk like LiveXP, VistaPE (or BartPE ftm) which boot independent of hdd installed os, would not work for this because they are based on windows arch? Is there a test for this? A 'dummy rootkit' that could placed in a host system and scanned from PE to confirm your suspicion? I find it hard to believe that no virus/rk scanner (designed for windows) has found a way to check for these hidden filesHi amalux,
Yes there are many different tools that will use the reboot of a machine to remove malware before the main system files are loaded, however they can also have difficulties, with rootkits for example.
What I am interested in is whether there is an independent operating system that could be downloaded and run from a CD or USB, that does not require any of the Windows architecture to start the machine.
If this is possible, and it could read the Windows file system, then there is a possibility that it could be used to delete files that are normally hidden.
Regards,
RatHat
#5
Posted 02 February 2009 - 07:42 AM
I am not really familiar with LiveXP, VistaPE, or BartPE ftm, so unable to comment on these. I know I will need to learn more about them.
It is the concept, maybe it is impossible, that a completely independent OS could be used to boot an infected machine to a command prompt, where a search function could be used to look at the Windows files, and then a delete function be used to wipe them.
I don't know if this if feasible, and would imagine that if it was, someone would have already done it, but the concept is intriguing to me.
#6
Posted 02 February 2009 - 09:10 AM
#7
Posted 02 February 2009 - 10:22 AM
Regards,
RatHat
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users