Jump to content











Photo
* * * * * 1 votes

AntiVirus PE Disk


  • Please log in to reply
83 replies to this topic

#51 _deXter_

_deXter_

    Newbie

  • Members
  • 25 posts
  •  
    New Zealand

Posted 12 April 2010 - 01:37 AM

What about if we add a new forum section called AntivirusPE?

Other projects are usually binded to a specific OS but this project could continue evolving as newer windows PE also appear as long as the goal of remaining as an antivirus tool remains similar.

What do you guys think about this?

:)


Well in my opinion, a stand-alone AntiVirus PE project/topic isn't that large enough to warrant an entire forum.. AntiVirus and other rescue tools go hand-in-hand. Why would you want to have a ~300 MB image only for removing viruses, when it can also be used to recover deleted data, restore backups, repair corrupted files/file-systems, perform diagnostics and maintenance, etc? It's always good to have all these tools at hand and ready, when dealing with an infected system.

So at the most, I would recommend stickying this topic so users looking to add malware-fighting tools in their PE projects can get some ideas. :cheers:

#52 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10522 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 12 April 2010 - 01:49 AM

a stand-alone AntiVirus PE project/topic isn't that large enough to warrant an entire forum

It's not an entire forum, just a new forum section.. :)

It's always good to have all these tools at hand and ready, when dealing with an infected system.

Yes, scripts can be added or removed but there is no specialized edition for malware fighting.

For that matter, I would rather use a specific project than having the work of going back and forth. A malware fighting project could surely include a more extensive array of antivirus solutions, traffic monitoring tools and forensic tools to look at a system than you would find on a project targeted for recovery of systems.

With a project of this kind is easy to identify its purpose very quickly.

#53 techvslife

techvslife

    Member

  • Members
  • 77 posts
  •  
    United States

Posted 12 April 2010 - 03:43 AM

Only a layman, but I would have to agree with _dexter_. When fighting viruses, there is such a huge overlap of tools with a recovery image that I don't see the point of distinguishing them, especially when you have a dvd room of space to add utilities.

For example, many malware and rootkits hide in such a way that you need mbr utilities, disk inspection utils, partition data and repair utils, undelete utils, registry utils, diagnostics utils, and access to backup copies (to repair damage). Then you need network and internet access to get further information or make backup copies or quarantine copies etc.

I think it's harmful to separate out the two, since one always ends up not having the disk one needs with the utility to completely solve a problem. A pe disk should be a swiss army knife, no compromise in generalizing tools that need to be specialized, but no compromise in omitting or segregating tools from one another. Completely self-sufficient and exhaustive, the be all and end all, perfection as man can know it etc.

However, no harm in a different forum if it doesn't result in a separate project, but just a subset of apps to deal with malware etc. It could be a project in the sense of a special folder in apps with more extensive or specialized malware utilities. but please not another project to build yet another type of pe disk--life is too short.

UPDATE: Of course, if you wanted to sell it to consumers, then you would want more of a turnkey/automatic system for detection and removal, but that would take a lot of work ("do no harm" would be a tough test) and be a very different type of disk I think.

#54 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10522 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 12 April 2010 - 05:10 AM

I'm just suggesting a project with a simple goal.

No need for a swiss knife as I'm sure that so many people get dazzled with the already available projects that they don't even know where to start because they don't seem simple.

#55 techvslife

techvslife

    Member

  • Members
  • 77 posts
  •  
    United States

Posted 12 April 2010 - 05:54 AM

well think of the ultimate boot cd (ubcd) -- simple, one iso, one download, and also tries to be a swiss army knife. there are disadvantages with it, but it's simple to make and to use.

the confusion to me is in having multiple projects despite mainly overlapping apps and shared goals, and in having to test and choose different apps and project mixes, with slightly different setups and routines and quirks or limitations. I don't know how it strikes other people. but i think of all those open source projects where someone opens yet another fork that works on 3 of 5 linux derivations of debian when using kde but not gnome etc.

#56 TomT64

TomT64

    Newbie

  • Members
  • 21 posts
  •  
    United States

Posted 12 April 2010 - 04:26 PM

You don't need a full-blown Kaspersky in a rescue environment - Just get the standalone Kaspersky Virus Removal Tool. ;)

Posted Image


This is a good tool and I can see how I could update the definitions using the zips provided by kaspersky. What I would like to do is download it when creating the disc from a script and include it in the disc somehow, then inside of the disc allow a further download of the updates. That functionality is not provided in the toolkit. I'm also noticing a lot of AV programs using RunScanner to make it possible to run from PE. So has anyone made a script for this program or a program like it where it downloads to the disc creation, and further allows a download of the definitions once inside?

#57 TomT64

TomT64

    Newbie

  • Members
  • 21 posts
  •  
    United States

Posted 12 April 2010 - 04:38 PM

Only a layman, but I would have to agree with _dexter_. When fighting viruses, there is such a huge overlap of tools with a recovery image that I don't see the point of distinguishing them, especially when you have a dvd room of space to add utilities.

For example, many malware and rootkits hide in such a way that you need mbr utilities, disk inspection utils, partition data and repair utils, undelete utils, registry utils, diagnostics utils, and access to backup copies (to repair damage). Then you need network and internet access to get further information or make backup copies or quarantine copies etc.

I think it's harmful to separate out the two, since one always ends up not having the disk one needs with the utility to completely solve a problem. A pe disk should be a swiss army knife, no compromise in generalizing tools that need to be specialized, but no compromise in omitting or segregating tools from one another. Completely self-sufficient and exhaustive, the be all and end all, perfection as man can know it etc.

However, no harm in a different forum if it doesn't result in a separate project, but just a subset of apps to deal with malware etc. It could be a project in the sense of a special folder in apps with more extensive or specialized malware utilities. but please not another project to build yet another type of pe disk--life is too short.

UPDATE: Of course, if you wanted to sell it to consumers, then you would want more of a turnkey/automatic system for detection and removal, but that would take a lot of work ("do no harm" would be a tough test) and be a very different type of disk I think.


My personal goal with such a disk would be to include AV tools that catch the most viruses and spyware when used in conjunction or right after each other with very few false positives, tools that work well for scanning the HDD and other hardware, any good tools that aid in repairing damage caused by viruses (without duplicates), and all of these allowing for definition updates WITHIN the disc, and as many tools as possible being run from the PE environment rather than from a separate GRUB option (though I have already included MemTest and want to include some other HDD tools like Drive Fitness Test just to be thorough). Oh yeah, and try to fit all that into a CD, just to deal with the older machines.

At this point it could hardly be called an AntiVirus only PE disc, but it is a repair disc and does act as a swiss army knife in a way. It would sure be nice to start all of the scanners automatically one after the other, create logs, and parse those logs after the scans are done to see how many viruses were removed, etc. Someone would probably have to actually program something specifically for this purpose.

I do have a project based on Win7RescuePE already that allows me to do most of this except that none of it is automated and I am usually faced with fixing windows from within windows, including running a second set of scans. That is what I want to try to avoid.

#58 techvslife

techvslife

    Member

  • Members
  • 77 posts
  •  
    United States

Posted 12 April 2010 - 05:19 PM

I think with the rare older machines without a dvd, an external dvd drive is cheap and could be used, rather than build specially to fit in cds (which are also less reliable medium than dvds for computer data due to weaker error correction and other factors.)

I agree if you make it automated, or largely automated, that a separate project makes sense. Though I still think it should then become a separate boot option on the multi-boot cd (virus/malware sweep) and folded back in.

#59 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10522 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 12 April 2010 - 05:58 PM

I'm not saying that people shouldn't add more features. I'm just mentioning that a project focused on security is something that we really need.

My proposal is that we talk about an Antivirus centric project inside it's own forum section instead of single huge topic that will soon become too large to navigate.

#60 techvslife

techvslife

    Member

  • Members
  • 77 posts
  •  
    United States

Posted 12 April 2010 - 06:44 PM

ok I agree with the usefulness of a separate forum section.

but a separate project is more work and possibly more confusion. obviously that's a decision for the people who will be working on it. If you're gungho about it, maybe some obsolete project can be dropped to compensate for the adding of a new one? or possibly indicate which are perhaps secondary projects or superceded projects (e.g. maybe vistape superceded by win7 pes, which work in vista also? maybe not.). or maybe that's not agreed on yet.

As a new user I would remark only that I see a lot of projects and forums and at first that is somewhat confusing, discovering what they do and selecting the right one, testing it, seeing how things work etc. Even the overarching order of approach to this is not clearly spelled it, e.g. if you want a win7x64 pe go here, download this project, do this etc. lots of pinned topics, all very useful, but no one short simple sweet super topic guide that I can see in a very obvious place. you know, just to see the forest from the trees.

Note--it's fantastic, great work, this is just a minor first glance macro organizational thing that strikes a newcomer more than perhaps people who live here daily: where do I begin, what are the big steps and the order of events, where is what, etc. The program itself, winbuilder, is very easy to use.

I'm not saying that people shouldn't add more features. I'm just mentioning that a project focused on security is something that we really need.

My proposal is that we talk about an Antivirus centric project inside it's own forum section instead of single huge topic that will soon become too large to navigate.



#61 TomT64

TomT64

    Newbie

  • Members
  • 21 posts
  •  
    United States

Posted 13 April 2010 - 03:47 AM

I think with the rare older machines without a dvd, an external dvd drive is cheap and could be used, rather than build specially to fit in cds


The rare older machine is also far less likely to support USB booting from a DVD drive. I would still prefer a flash drive in a USB boot situation.

(which are also less reliable medium than dvds for computer data due to weaker error correction and other factors.)

<--- irrelevant. Their unreliability gap is minimal considering the ways in which they can become unreliable (scratching and such). Besides, it's easy enough to simply reburn the ISO.

I agree if you make it automated, or largely automated, that a separate project makes sense. Though I still think it should then become a separate boot option on the multi-boot cd (virus/malware sweep) and folded back in.


I'm not making a case for a separate project, but I do think that anyone working on a mostly AV disc should look towards automating the process as much as possible, since it would save "touch time" on machines.

#62 techvslife

techvslife

    Member

  • Members
  • 77 posts
  •  
    United States

Posted 13 April 2010 - 03:55 AM

The rare older machine is also far less likely to support USB booting from a DVD drive. I would still prefer a flash drive in a USB boot situation.


ok, good. usb drives are now bigger than even dvd drives, so no point in restricting content to cd size. but I suppose there may be a few machines that can boot ONLY from cd, not usb? ouch.

#63 TomT64

TomT64

    Newbie

  • Members
  • 21 posts
  •  
    United States

Posted 19 April 2010 - 07:37 PM

Alright so here's an update on my progress:

I've learned enough about scripts to add the following programs to Win7RescuePE:
-Astra32 (a diagnostic utility)
-Defraggler
-Drive Fitness Test (with download option, only boot from GRUB menu)
-FileASSASSIN
-Intel Chip Utility 3.25 (but it apparently doesn't work in PE!)
-Magical Jellybean Keyfinder 2.0.8
-Roadkil's Diskwipe
-Sharepod (doesn't work yet, needs .NET and I'm having difficulty getting that to work)
-Shredder
-SpaceMonger

I've modified some scripts, either because they didn't work or they didn't have current versions:
-CCleaner
-HiJackThis!
-Speccy
-Unknown Devices
-Western Digital Data Lifeguard for windows

I've added the following programs by using existing scripts without modification:
-MalwareBytes Anti-Malware (although MBAM itself will NOT catch everything because of the way it is coded, not because of the script)
-NTPWEdit
-Recuva (Skybeam's version)
-SpyBot Search and Destroy (SkyBeam's version)
-TestDisk and PhotoRec (Skybeam's version)

I am not currently willing to put the scripts up until I am sure they are all working correctly.

Currently working on adding Kaspersky Virus Removal Tool and allowing updates from within the disc. Stay tuned for that, and let me know if you want any of the scripts.

#64 maanu

maanu

    Gold Member

  • Advanced user
  • 1133 posts
  •  
    Pakistan

Posted 19 April 2010 - 08:02 PM

just few suggestions ,

1. add dr.web and avz (avz works all right with runscanner )
2. add file scavanger
3. drop mbam ,dr.web and kaspersky are enough for the show . if u need Avira can also join the show . ( JFX made a portable of it a while ago which can update itself ).

#65 TomT64

TomT64

    Newbie

  • Members
  • 21 posts
  •  
    United States

Posted 19 April 2010 - 10:02 PM

just few suggestions ,

1. add dr.web and avz (avz works all right with runscanner )
2. add file scavanger
3. drop mbam ,dr.web and kaspersky are enough for the show . if u need Avira can also join the show . ( JFX made a portable of it a while ago which can update itself ).


I have never heard of Dr. Web. Looking at it, it looks nice... but why do you recommend it? I usually recommend Kaspersky because once it's loaded on a system I have not seen anything get past it (if updated and working properly). However, tracking cookies stay. Is Dr. Web a faster scanner? I am trying to find out why I would need to include it. More importantly, is there already a script for it? Same questions for Avira actually, since it seems to be recommended but I have no one telling me why. SpyBot is on there already to deal with a "final cleanup."

I am thinking of dropping MBAM from the build anyway since it doesn't actually help, once Kaspersky is in there and working right of course.

I will not be including File Scavenger since it is not a free program, and I already have a file recovery tool on there (Recuva). It seems to catch whatever I need back in an "accidentally deleted" sense. PhotoRec is on there for Memory card data retrieval. I don't really need another one unless it scans MUCH deeper than either of these for lost files.

Also, as a note, I am not the original poster of this thread, just in case you or anyone else was wondering. I just happen to be working on a project that includes necessary antivirus tools.

#66 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10522 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 20 April 2010 - 12:14 AM

Topic moved to the Antivirus & Malware section.

:ranting2:

#67 maanu

maanu

    Gold Member

  • Advanced user
  • 1133 posts
  •  
    Pakistan

Posted 20 April 2010 - 06:51 AM

spybot is crap .
kaspersky takes way more space ( i updated mine last month for a pe for my friend , and it was 99 MB in wim . but it uses industry's leading techniques to unpack executables .
avira is nice . and fast scanner .
dr.web . i like it most for its CURING technique . specially when u got hit by VIRUT or one of its variants.
AVZ , i use it for manual removal from pe . it loads remote registry so it is heaven for me .
another cool toolkit is MRI . in case u have heard of it i before . but it is not free.

#68 TomT64

TomT64

    Newbie

  • Members
  • 21 posts
  •  
    United States

Posted 21 April 2010 - 10:00 PM

spybot is crap .
kaspersky takes way more space ( i updated mine last month for a pe for my friend , and it was 99 MB in wim . but it uses industry's leading techniques to unpack executables .
avira is nice . and fast scanner .
dr.web . i like it most for its CURING technique . specially when u got hit by VIRUT or one of its variants.
AVZ , i use it for manual removal from pe . it loads remote registry so it is heaven for me .
another cool toolkit is MRI . in case u have heard of it i before . but it is not free.

Isn't MRI Geek Squad/Best Buy's toolkit? I am fully aware of it and used to work for them, but needless to say I cannot use it for any official business. I do like how they are able to use Kaspersky in PE and it was what brought me to attempting to create my own PE disc, and to try to make it do a self update and be automated for virus removal.

My main goal is to catch every possible virus with very few false positives, and secondary goal is to do it fast. In my experience, Kaspersky catches most things and Malwarebytes can clean up the rest. I also confused Spybot with Spyware Doctor when I made my initial discs, the latter being the one I prefer. Currently in the process of changing that.

You mentioned that you updated Kaspersky for a PE for a friend. Did you do it in a Win7/WinPE 3.0 environment, or something else? I am trying very hard to get it onto a Win7 PE disc but it's not working too well so far. Even the Virus Removal Tool (AVPTool) won't work properly in any of my attempts so far.

The best I can hope for with my current PE disc is to selectively target any viruses or malware that get in the way of booting the main system so I can get in there and install things, like Malwarebytes and Kaspersky, to clean up the rest of the computer. I am open to suggestions on how to do more work on the PE side (preferably all of it minus some minor OS fixes) in less time overall.

#69 maanu

maanu

    Gold Member

  • Advanced user
  • 1133 posts
  •  
    Pakistan

Posted 22 April 2010 - 06:15 AM

i updated kaspersky in vmware . i dont like any antivirus stuff on my system . so i use vmware to update antivirus portables .

i have not yet tried it in win 7 p3 . but i will hopefully do it today with my old build .

#70 carloscape

carloscape

    Frequent Member

  • Advanced user
  • 108 posts
  •  
    Honduras

Posted 23 April 2010 - 09:54 PM

One of my favorite programs is the Sophos Dos Antivirus. I have it on a Bart PE disc, but haven't seen it on Winbuilder. As for Kaspersky AVP Tool, I am not sure if you can update its defs. I was under the impression you had to redownload a newer version. At least that is how the Bart PE plugin worked.

#71 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10522 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 25 April 2010 - 02:15 AM

Boot Land now has a younger brother forum at http://virusremoval.pro

You guys are more than welcome to continue this talk over there, I'm sure plenty of people will appreciate your comments and opinions about antivirus.

Thank you. :mellow:

#72 FesterJester

FesterJester

    Member

  • Advanced user
  • 38 posts
  • Location:Wisconsin
  • Interests:Many! Making computers do things they don't or aren't supposed to do is one of the top.
  •  
    United States

Posted 25 April 2010 - 08:27 PM

I must apologies for my absence lately, but finishing college is my #1 priority at the moment. I have about 4 weeks left and I am a bit behind. Until I am done, I will check in from time to time and possibly throw a post in. :mellow:

On the other hand, I seem to have started something that I didn't really expect to take off like this. It seems as though many of you think this is a great idea and many great ideas have appeared here. I do hope that many of these ideas turn out and that AntivirusPE, or something like it, becomes a fully working project in the near future.

I think someone mentioned this idea here already, but it sounds promising. Create a Linux live CD that contains the cleaning tools. The only downside is that many cleaning tools don't exists for Linux as far as I am aware, i.e. malwarebytes, f-prot, spybot, etc.


Windows-Nut/Linux-Wanabe

#73 breaker

breaker

    Frequent Member

  • Advanced user
  • 112 posts
  •  
    United States

Posted 26 April 2010 - 07:54 AM

spybot is crap .


Please elaborate. I am curious about this. I have used Spybot since it and Ad-Aware were the only real contenders in this department. I never saw any reason to stop using it in favor of something else. In fact, recently on a PC where none of my boot disks would work, I was able to go into safe mode, install Spybot (from a burned cd with some app installers), update and run a scan, upon reboot to regular XP, spybot was able to remove 4 things it couldn't without rebooting. After that the PC worked very well.

I know it's not the fastest, but it's not the slowest either.

tangent - But as far as bootable rescue Antivirus CDs, one of the slowest, yet most thorough is the Knoppix based BitDefender Rescue CD.

thanks,

breaker

#74 maanu

maanu

    Gold Member

  • Advanced user
  • 1133 posts
  •  
    Pakistan

Posted 26 April 2010 - 06:17 PM

Please elaborate. I am curious about this. I have used Spybot since it and Ad-Aware were the only real contenders in this department. I never saw any reason to stop using it in favor of something else. In fact, recently on a PC where none of my boot disks would work, I was able to go into safe mode, install Spybot (from a burned cd with some app installers), update and run a scan, upon reboot to regular XP, spybot was able to remove 4 things it couldn't without rebooting. After that the PC worked very well.

I know it's not the fastest, but it's not the slowest either.

tangent - But as far as bootable rescue Antivirus CDs, one of the slowest, yet most thorough is the Knoppix based BitDefender Rescue CD.

thanks,

breaker


i was talking ONLY INSIDE pe . mbam or any other tool will work fine inside windows .
but in PE tools like this does not do the job . search around u ll find out/

#75 TomT64

TomT64

    Newbie

  • Members
  • 21 posts
  •  
    United States

Posted 27 April 2010 - 07:21 PM

As for Kaspersky AVP Tool, I am not sure if you can update its defs. I was under the impression you had to redownload a newer version. At least that is how the Bart PE plugin worked.


You are correct. Unfortunately so far every attempt I have given to use it in PE 3.0 has resulted in "Databases are corrupted."

Working on KAV instead now....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users