Jump to content











Photo
* * * * * 1 votes

AntiVirus PE Disk


  • Please log in to reply
83 replies to this topic

#1 FesterJester

FesterJester

    Member

  • Advanced user
  • 38 posts
  • Location:Wisconsin
  • Interests:Many! Making computers do things they don't or aren't supposed to do is one of the top.
  •  
    United States

Posted 12 March 2010 - 10:18 PM

Hey all,

I am looking to create a Win7PE disk to clean viruses/malware from computers. I currently hookup the hard drives to a dedicated machine to perform a malwarebytes and f-prot scan as well as manually remove files.

I would like to have my PE disk have malwarebytes, f-prot, ad-aware, jellybean key finder (or one that works with XP, Vista, and 7), and a password reset utility that works with at least XP, Vista, and 7. I have been unable to find f-prot and jellybean key finder for Win7PE so far. If there are far better utilities to perform these tasks, please inform me.

I have tried using the Win7RescuePE project several times, but most of the applications failed to run. I will be building on a system that is running Windows 7 x32 with WAIK installed, using a Windows 7 x32 DVD. I am also open to making a WinXPpe disk if what I am trying to do will be far easier than with a Win7PE disk, but a Win7PE disk would be preferred.

A complete side note here, but anyone know where to get the Buster Sandbox Analyzer? Looks like a very good application.

Thanks in advance for help and information.

#2 PaPeuser

PaPeuser

    Silver Member

  • Advanced user
  • 787 posts
  •  
    United States

Posted 12 March 2010 - 11:21 PM

Hello

Look at this post about scripts for RescuePE, most of what you ask for can be found here
http://www.boot-land...?...ost&p=79071

#3 Tense

Tense

    Newbie

  • Members
  • 24 posts
  •  
    United States

Posted 13 March 2010 - 08:24 AM

Unfortunately you are not going to have much luck. Most of the VistaPE scripts are not ready for Win7PE.. Even in that posting there is a disconnected set of scripts. Antivirus and Anti-malware are seriously lacking. Some of them has never existed in a PE environment for Vista, let alone Win 7.

#4 maanu

maanu

    Gold Member

  • Advanced user
  • 1134 posts
  •  
    Pakistan

Posted 13 March 2010 - 09:08 AM

dr.web works .

AVZ Toolkit works . but are enough to fix a system . but i tried both of them as portables in 7 P3 ..

#5 jaswcomp

jaswcomp
  • Members
  • 3 posts
  • Location:Tulsa, OK
  •  
    United States

Posted 13 March 2010 - 06:59 PM

We have started using Win7PE in our shop.

I chose the Win7PE project because it seems to have a good number of active members on this website AND boots so much faster than any XP or Vista based solution I've used so far.

Here is how I am cleaning heavily infected systems.

From Win7PE USB:
1. Malwarebytes
2. Spybot
3. AVZ

Boot Safe mode:
1. Malwarebytes
2. Trend
3. Spybot

At this point if the system isn't clean it's time to decide if it's worth trying snipe the virus manually or just carpet bomb the system and start over :lol:

Addititionally, it took me alot of trial and error with Winbuilder and Win7PE to make it work.

Some beginner tips:

1. Create a very basic image and get it working (one or two apps)
2. Add applications incrementally and test it. You'll find that some scripts need to be modified to play nice with other scripts.
3. Backup good configurations. I use ShadowProtect and do quick incremental image backups.

#6 FesterJester

FesterJester

    Member

  • Advanced user
  • 38 posts
  • Location:Wisconsin
  • Interests:Many! Making computers do things they don't or aren't supposed to do is one of the top.
  •  
    United States

Posted 13 March 2010 - 10:45 PM

@PaPeuser
Thanks I am creating a build using those scripts, but I am not able to use the joshua.winbuilder.net/Projects server for the build as it is access denied for some reason. Instead I am using the Win7Rescue project that's in the winbuilder servers already.

@Tense
That is what I was fearing :lol: . I hope that more antivirus and antimalware tools are in development. Wish I had the knowledge to make script for some of the malware/virus tool I currently use.

@maanu
What is "dr.web" and where can I find it?

@jaswcomp
I agree with the fact that the Win7PE boot much faster. I am going to try AVZ in my next PE build.

@ everyone
Thanks for the information. I will let everyone know how this disk turns out for me.

#7 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10535 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 13 March 2010 - 11:28 PM

This is a very cool concept.

If you guys want to join up, I'm sure this would be a kickass project for many admins out there.

If you having troubles in finding updated scripts or even writing new ones then you should write a request here: http://www.boot-land...hp?showforum=74

Might take some work but I'm sure that the end result would be a one-click pleasant experience to build boot disks.

Hope you find other developers willing to make this project a reality for everyone!

:lol:

#8 Tense

Tense

    Newbie

  • Members
  • 24 posts
  •  
    United States

Posted 14 March 2010 - 05:36 AM

We have started using Win7PE in our shop.

I chose the Win7PE project because it seems to have a good number of active members on this website AND boots so much faster than any XP or Vista based solution I've used so far.

Here is how I am cleaning heavily infected systems.

From Win7PE USB:
1. Malwarebytes
2. Spybot
3. AVZ

Boot Safe mode:
1. Malwarebytes
2. Trend
3. Spybot

At this point if the system isn't clean it's time to decide if it's worth trying snipe the virus manually or just carpet bomb the system and start over :lol:

Addititionally, it took me alot of trial and error with Winbuilder and Win7PE to make it work.

Some beginner tips:

1. Create a very basic image and get it working (one or two apps)
2. Add applications incrementally and test it. You'll find that some scripts need to be modified to play nice with other scripts.
3. Backup good configurations. I use ShadowProtect and do quick incremental image backups.


How did you get Malwarebytes to work with Win7RescuePe on USB? I cannot.. First it won't put itself into the Start Menu.. and then when I navigate to the USB/Program Files and try to run MBAMstart.exe it fails with an error 0.. Any help would be great.

#9 maanu

maanu

    Gold Member

  • Advanced user
  • 1134 posts
  •  
    Pakistan

Posted 14 March 2010 - 06:21 AM

@maanu
What is "dr.web" and where can I find it?


google it .

also try to use runscanner with AVZ . here

start /wait runscanner.exe /sd avz.exe

#10 odino

odino
  • Members
  • 3 posts
  •  
    Italy

Posted 14 March 2010 - 10:24 AM

For your information ...

Nod32 has a special utility (Nod32 Rescue) to create, using the Windows AIK, a CD/DVD bootable with the program inside.
After we can just integrate all the other programs that we want inside and that's it. ;)

Bye!


PS : Sorry for my English :cheers:

#11 maanu

maanu

    Gold Member

  • Advanced user
  • 1134 posts
  •  
    Pakistan

Posted 14 March 2010 - 12:42 PM

For your information ...

Nod32 has a special utility (Nod32 Rescue) to create, using the Windows AIK, a CD/DVD bootable with the program inside.
After we can just integrate all the other programs that we want inside and that's it. :cheers:

Bye!


PS : Sorry for my English ;)


and there are around 20 more tools like nod32 with this facility ... :lol:

#12 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14323 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 14 March 2010 - 12:49 PM

and there are around 20 more tools like nod32 with this facility ... :cheers:

.... and even more people that like to post this kind of info without listing the actual tools available that satisfy this condition.... ;)

:lol:

Wonko

#13 odino

odino
  • Members
  • 3 posts
  •  
    Italy

Posted 14 March 2010 - 12:56 PM

.... and even more people that like to post this kind of info without listing the actual tools available that satisfy this condition.... ;)

:cheers:

Wonko

:lol:

#14 Jim Miller

Jim Miller
  • Members
  • 2 posts
  •  
    United States

Posted 14 March 2010 - 02:06 PM

I have been using a freeware app called Bootsage, which preps and formats the flash drive, then copies the WinPE3 project files automatically for booting. This seems to solve at least half of the problem.

..and yes, I am including a link. :lol:

http://firesage.com/bootsage/

-James

#15 patsch

patsch

    Silver Member

  • Advanced user
  • 785 posts
  •  
    Germany

Posted 14 March 2010 - 02:13 PM

I have been using a freeware app called Bootsage, which preps and formats the flash drive, then copies the WinPE3 project files automatically for booting. This seems to solve at least half of the problem.

what problem?

#16 Tense

Tense

    Newbie

  • Members
  • 24 posts
  •  
    United States

Posted 14 March 2010 - 03:19 PM

I have been using a freeware app called Bootsage, which preps and formats the flash drive, then copies the WinPE3 project files automatically for booting. This seems to solve at least half of the problem.

..and yes, I am including a link. :lol:

http://firesage.com/bootsage/

-James


Win7RescuePe already includes the ability to build out to USB. It is included in the Finish step when you open Winbuilder.

Also, here is the topic for AVZ download and discussion. I have tested it in Win7RescurePe.

http://www.boot-land...showtopic=10439

#17 FesterJester

FesterJester

    Member

  • Advanced user
  • 38 posts
  • Location:Wisconsin
  • Interests:Many! Making computers do things they don't or aren't supposed to do is one of the top.
  •  
    United States

Posted 14 March 2010 - 04:47 PM

Ok, so far I have a build that has Antivir, Spybot, and AVZ.
AVZ starts up and after running for a bit, crashes with "The instruction at 0x005f86d9 referenced memory at 0x0c02af50. The memory could not be written"
Spybot has "Spybot could not load library D:\programs\spybot\advcheck.dll" error and I confirmed that file is in that location.
Antivir crashes with an "Out of memory" error. I think this is due to me having run other programs before it. Will find out later today.

I am also not able to get the network initialized from the PE disk. Not sure why, but it's not a big deal as the machines I clean don't have network access anyway.

I am trying to make this disk to replace at least two steps of my cleaning process.
Step 1. Remove all folders named "Temp" and empty all "Temporary Internet" folders. (Easy as this is done manually)
Step 2. Scan entire drive with Malware Bytes and F-Prot. (Have not yet found F-Prot for a PE disk and have not successfully run Malware Bytes from a PE disk.)

The rest is done from the already installed OS.

@Nuno Brito
I would like to contribute what I can. I am going to school right now, so I have little time. I have about two months till I graduate and get my IT certification. Otherwise I would certainly like to contribute to this. It will be of much use to me and many others in the future. Anyone else interested in helping out?

#18 Tense

Tense

    Newbie

  • Members
  • 24 posts
  •  
    United States

Posted 14 March 2010 - 05:02 PM

Ok, so far I have a build that has Antivir, Spybot, and AVZ.
AVZ starts up and after running for a bit, crashes with "The instruction at 0x005f86d9 referenced memory at 0x0c02af50. The memory could not be written"
Spybot has "Spybot could not load library D:\programs\spybot\advcheck.dll" error and I confirmed that file is in that location.
Antivir crashes with an "Out of memory" error. I think this is due to me having run other programs before it. Will find out later today.

I am also not able to get the network initialized from the PE disk. Not sure why, but it's not a big deal as the machines I clean don't have network access anyway.

I am trying to make this disk to replace at least two steps of my cleaning process.
Step 1. Remove all folders named "Temp" and empty all "Temporary Internet" folders. (Easy as this is done manually)
Step 2. Scan entire drive with Malware Bytes and F-Prot. (Have not yet found F-Prot for a PE disk and have not successfully run Malware Bytes from a PE disk.)

The rest is done from the already installed OS.


I would suggest starting over with a clean build of Winbuilder.

I have the exact same antivirus/spyware tools and they all work fine. Plus, I have network working as well. There is really no sense in trying to fix all those problems. Just delete the Winbuilder folder. Start a new one. Build a disc without adding anything. Make sure it works, and then add the apps one at a time... till everything works.

Also... if you look over at portable apps you can grab a couple of those and stick them in the custom folder.

Now, if anyone can tell me how to add a shortcut to the desktop/start menu in Winbuilder to get to the custom folder that would be excellent.

I am also waiting for a reply on how to get Malwarebytes working. Since there is people here with successful installs of that app.

#19 antman

antman
  • Members
  • 1 posts
  •  
    Australia

Posted 14 March 2010 - 06:25 PM

Microsoft have as part of thier MDOP programm a win pe 3 ERDisk maker that has as an option a antivirus that can update itself at disk creation and also then later on whilst in use over the net. I don't know how to get but there's some info on it at microsoft. might give you some ideas.

#20 patsch

patsch

    Silver Member

  • Advanced user
  • 785 posts
  •  
    Germany

Posted 14 March 2010 - 07:36 PM

Microsoft have as part of thier MDOP programm a win pe 3 ERDisk maker that has as an option a antivirus that can update itself at disk creation and also then later on whilst in use over the net. I don't know how to get but there's some info on it at microsoft. might give you some ideas.

yes, that is the autonomous system sweeper that can be updated at build time of the erdc-cd or that can be manually updated later in erdc
you can download the desktop optimization package from an existing msdnaa account (and then you have the needed msdart.exe in that package).
After iso-creation you can add this iso to your grub menu. Cave: for every existing operation system you need a special erdc.
Shirin Zaban explained how to integrate msdart into menu.lst here in this thread (please read all posts concerning msdart):
http://www.boot-land...?...ost&p=89062

You can also add antivir rescue cd in that way ...

#21 _deXter_

_deXter_

    Newbie

  • Members
  • 25 posts
  •  
    New Zealand

Posted 14 March 2010 - 10:04 PM

Why don't you just use the AntiVir rescue system?

#22 LittlBUGer

LittlBUGer

    Member

  • Advanced user
  • 31 posts
  • Location:MT, USA
  •  
    United States

Posted 15 March 2010 - 12:20 AM

The only boot CD that I know of that has a little bit of everything and was originally made to clean infected PCs is the UBCD4Win (Ultimate Boot CD 4 Windows) at: http://www.ubcd4win.com . Unfortunately it's getting a bit outdated and requires an XP CD as that's what it's built upon, so I'm not sure who well it would work on a Windows 7 machine, if at all. But it would be awesome if we could make something similar and better that works on newer systems. :lol:

#23 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10535 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 15 March 2010 - 12:58 AM

Hi LittlBUGer!

Long time no see. Welcome to Boot Land! :lol:

(even thought you're registered since 2006.. :cheers:)

#24 LittlBUGer

LittlBUGer

    Member

  • Advanced user
  • 31 posts
  • Location:MT, USA
  •  
    United States

Posted 15 March 2010 - 03:04 AM

;) :cheers:

#25 roamer_1

roamer_1

    Member

  • Members
  • 33 posts
  • Location:Montana
  •  
    United States

Posted 15 March 2010 - 08:00 PM

[...]

I would like to have my PE disk have malwarebytes, f-prot, ad-aware, jellybean key finder (or one that works with XP, Vista, and 7), and a password reset utility that works with at least XP, Vista, and 7. I have been unable to find f-prot and jellybean key finder for Win7PE so far. If there are far better utilities to perform these tasks, please inform me.


I prefer to run most of my apps from a usb drive (separate from the PE)- All of my PE's are very basic, mainly with networking, partitoning, imaging, and offline tools onboard. That way , the PE doesn't have to be updated very regularly, and it is quicker and smaller to boot up.

My portables, all on usb disk, are updated every day on their home machine, which then mirrors onto the USB drive when it gets plugged in at night. This fusion between PE, Portable, and a "home" machine works very well - and it causes me to only have to update the stick (and that automatically), while assuring that all of my PE's have the same worthy repertoire available to them all. Equally important, that stick works in any windows installation, so it is also useful when the guest machine is booted on it's own (w/o PE).

Jellybean works fine from a stick. So does virtually ANY portable app. It really is the way to go. The thing I am working on is trying to get the PE to recognize the stick, always putting it on the same drive, redirecting My Docs and etc onto the stick, and having personalized network settings and etc automatically determined by inifiles found in a particular place on the stick - A sort of "autorun" if the stick is found...

-Bruce




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users