what is best way to remove viruses from windows ?
#1
Posted 28 May 2010 - 04:53 AM
his windows is starting but is very slow.
you take your ultimate super usb and go to his place.
you starting and you see this shit motherboard ami bios 2001 which is not starting from usb.
you dont have cd, only usb stick.
and this ami bios 2001 can not boot from it.
so what is important to have on such pendrive to remove viruses from his existing system ?
maybe (my idea but i dont tried it yet):
to have virtualbox on usb, run it with some vistape iso or smth else, attach his physical disk partition and run some nod32 scanner...
but i dont know if that will work.
some .sys viruses are hidden so you can not see files or registry entries because system srvicedispatchtable is modified by hook....
so what can be better way ?
safe mode is too not always good because some viruses are working in safe mode too....
You do not have access to cd, only to usb.
what you should have on usb to help him even then ?
#2
Posted 28 May 2010 - 06:11 AM
For example - friend ask you for help to remove viruses from his hd.
his windows is starting but is very slow.
you take your ultimate super usb and go to his place.
you starting and you see this shit motherboard ami bios 2001 which is not starting from usb.
you dont have cd, only usb stick.
and this ami bios 2001 can not boot from it.
so what is important to have on such pendrive to remove viruses from his existing system ?
maybe (my idea but i dont tried it yet):
to have virtualbox on usb, run it with some vistape iso or smth else, attach his physical disk partition and run some nod32 scanner...
but i dont know if that will work.
some .sys viruses are hidden so you can not see files or registry entries because system srvicedispatchtable is modified by hook....
so what can be better way ?
safe mode is too not always good because some viruses are working in safe mode too....
You do not have access to cd, only to usb.
what you should have on usb to help him even then ?
Sorry for the essay, but here's some thoughts:
I recommend getting and learning Autoruns, Process Explorer, FileAssassian, Spybot S&D, and some anti-rootkit tools. GMER or whatever is popular in that category. With Autoruns you kind of need an internet connection to research potetial threats. If you carry a laptop you can buy a cheap crossover cable, link two computers, and PXE boot the machine into a live enviroment that way assuming you have the ram. That's a little trickier though.
Attaching a VM to a physical hard drive in use by the system can be extremely dangerous, and doesn't deal with the really tricky virii that are currently running.
You could theoretically 'inject' your rescue disk. If your buddy doesn't mind you changing his boot-loader, back up his MBR, install grub and copy the ISO of your rescue disk to the hard drive then reboot. Variations on this solution exist.
#3
Posted 28 May 2010 - 10:00 AM
Boot Land has a younger brother forum called Virus removal, would you mind posting this question over there as well?
The idea is to keep boot land more focused on boot disks and use the new community to explore and discuss in more detail how give a good fight to malware.
Thank you!
http://virusremoval.pro
#4
Posted 28 May 2010 - 12:03 PM
EXPERIMENT ONE:
Installed virtual box, mount iso file with winpe based on windows xp.
vbox manage internalcommands createrawvmdk bla bla bla \\.\physicaldrive0 (this where original host windows is installed),
in guest system i double click my computer go to that disk and on host i had file a.exe and b.exe (open office with changed name to a.exe and copy of it as b.exe)....
i deleted a.exe =
on guest = deleted, disapear from disk,
on host = nothing - still exist.
i changed name on guest from b.exe to test1.exe -
on guest name changed,
on host nothing.
i shutdowned guest and go to host system -
a.exe still exist, b.exe - still exist test1.exe - no such file on disk.
i tried to run a.exe = run ok.
i tried to run b.exe = WINDOWS CAN NOT FIND THIS FILE" or smth.
tried to delete b.exe = as above.
chkdsk - file b.exe disappeared.
strange shit.
END OF EXPERIMENT ONE.
#5
Posted 28 May 2010 - 12:30 PM
Get yourself plop from plop.at.
In the archive is a ready made iso image. Burn that to a CD. Use said CD to boot your USB-Stick.
Suggestion 2:
Create a CD instead of a USB-Stick, it's more useful on older computers.
Suggestion 3:
Take the infected HDD out and connect it to another computer for virus removal.
#6
Posted 28 May 2010 - 01:24 PM
i know about plop.
i know that there is such thing as cd
My question was = you have only USB with you.
and you friend has bootable but infected system.
so the best way is take with you plop on those usb, change his mbr, boot from usb, clean and restore or not prev mbr.
but if system wont be bootable even in safe mode - there it will be problem. i am working on solution, i will post it when it will work or if it will work, i will try to change usb firmware to be seen as floppy and check on those old ami 2001 bios.... i will post later what happend, probably in 1 week.
#7
Posted 28 May 2010 - 01:41 PM
The point you're ignoring is, that the best way to deal with an infected system is to not boot from it! AT ALL!so the best way is take with you plop on those usb, change his mbr, boot from usb, clean and restore or not prev mbr.
Besides a good virus infects your stick the second you connect it to the infected system.
You can save yourself the time and work. If the BIOS can't boot from USB at all, fixing the firmware of the Stick does not help.i will try to change usb firmware to be seen as floppy and check on those old ami 2001 bios....
If you wanna boot a Stick on those machines and refuse to use a bootloader from Floppy or CD, there's only one thing left.
Fix the BIOS.
But imo this only makes sense, if one constantly wants to boot from USB on that machine.
#8
Posted 28 May 2010 - 02:10 PM
no, it wont infect, i will make on it partition - read only, run plop installer for windows or grub4dos to install mbr on hdd and it will not work only if there are viruses on this system hooking mbr write or smth to modify mbr...The point you're ignoring is, that the best way to deal with an infected system is to not boot from it! AT ALL!
Besides a good virus infects your stick the second you connect it to the infected system.
so i have 50% chances that not.
i will try modify firmware anyway. just to be sure....
and this bios is seeing usb, i can change in bios to boot from usb but it wont work, it is not booting even FBINST.... rmprep, every possible combination zip usb etc....
so i will try to floppy.
#9
Posted 28 May 2010 - 02:50 PM
You wanna boot up the infected system, then connect the USB-Stick to install plop from it.no, it wont infect, i will make on it partition - read only, run plop installer for windows or grub4dos to install mbr on hdd and it will not work only if there are viruses on this system hooking mbr write or smth to modify mbr...
so i have 50% chances that not.
The second you plug your stick in, you allow all active virii, worms, trojans and whatever to fiddle with your stick.
I would do that only if the stick had a write protect switch, which hardly any have these days anymore.
On those old BIOS turning the USB-Stick into USB-HDD usually does the trick.i will try modify firmware anyway. just to be sure....
and this bios is seeing usb, i can change in bios to boot from usb but it wont work, it is not booting even FBINST.... rmprep, every possible combination zip usb etc....
so i will try to floppy.
#10
Posted 28 May 2010 - 03:48 PM
- "business card CD's" do exist
- CD's have been cut to shape
http://www.businessc...sign-guide.html
How small can a CD be cut to to contain PLoP, in order to increase it's portability?
Would a small plastic disc with a diameter of around 60 mm be too bulky to be carried together with a "super" USB stick?
Wonko
#11
Posted 28 May 2010 - 04:01 PM
If it is purely used on laptops, as small as it fits. For dektop computers, a miniCD, not smaller, you're bound to that size by the tray.How small can a CD be cut to to contain PLoP, in order to increase it's portability?
#12
Posted 28 May 2010 - 05:38 PM
even lexar boot it - changed to usb fixed - nothing, fbinst, rmprep bootice most combinations = nothing
#13
Posted 28 May 2010 - 07:37 PM
I don't understand a word.
#14
Posted 29 May 2010 - 05:38 AM
does not the trick because as i wrote i set it to usb hdd using lexar boot it utility.On those old BIOS turning the USB-Stick into USB-HDD usually does the trick.
there is option - switch removable bit and then usb stick is visible as usb hdd fixed disk.
BTW - fbinst as far as i know create hidden partition as hdd.
so if fbinst doesnt work there is 90% that anything at all will work.
#15
Posted 29 May 2010 - 12:01 PM
Non of the tools that prepare (partition) a USB-Stick, made the slightest difference.
Eighter a computer accepted a stick regardless or he rejected a stick regardless.
On those computers, that did not boot from all sticks, only the one that was detected as USB-HDD worked.
#16
Posted 29 May 2010 - 12:42 PM
#17
Posted 29 May 2010 - 01:11 PM
The only general solution is, to have a Floppy or CD with plop, just in case.
Hopefully next version will have better performance.
#18
Posted 29 May 2010 - 01:19 PM
next version of what ?What did work for me, was a USB-Stick, which got detected as a USB-HDD. But even this stick required that the BIOS had an option, to boot from USB devices.
The only general solution is, to have a Floppy or CD with plop, just in case.
Hopefully next version will have better performance.
#19
Posted 29 May 2010 - 01:26 PM
The actual version transfers only 1,3MB/s with USB 2.0 and between 200-600KB/s with USB1.1.
#20
Posted 01 June 2010 - 06:02 AM
Sorry but you were wrong.....
You can save yourself the time and work. If the BIOS can't boot from USB at all, fixing the firmware of the Stick does not help.
...
fixing fw on stick helps.
in this case = yes.
I did what i said i will do.
Lexar retrax - 16gb usb pendrive.
Chipset = SMI.
Flashboot.ru -mass production tool, create multi lun.
Created floppy.
Now pendrive is visible as removable disk smth about 14.9 gb and 1.44mb floppy (as normal floppy device in computer).
And this ami 2001 old bios -this bios booted it - YES - it is visible as USB FDD and booted...
USB-ZIP - not boot.
FBINST - not boot.
FIXED DISK, USB HDD - not boot.
USB as cdrom from sandisk (u3) - NOT BOOT.
but modified firmware in usb to be visible as floppy - yes !!!!
yes !!!!
yes!!!!
SO - lexar + smi chip + smi mpt + modify to create separate lun as floppy, create it bootable (as normal floppy in windows) and boot even on old bios.
Maybe i will find bios that will not boot it, i dont know but for now this is working on oldest 2001 ami bios i had my hands on.
#21
Posted 01 June 2010 - 08:07 AM
Guess why some people is looking for this kind of stick?
http://www.boot-land...?showtopic=4977
Wonko
#22
Posted 01 June 2010 - 11:30 AM
Maybe i should have been more clear.Sorry but you were wrong.You can save yourself the time and work. If the BIOS can't boot from USB at all, fixing the firmware of the Stick does not help.
fixing fw on stick helps.
in this case = yes.
Your BIOS appearantly supports booting from USB, even if just in a very limited way.If the BIOS can't boot from USB at all, fixing the firmware of the Stick does not help.
Besides that, congratulations to our success.
#23
Posted 28 September 2010 - 10:20 AM
* Problem is that people never have backups (I have daily) & sometimes also don't have OS CD/DVDs.
-----------
spam links removed by moderator
#24
Posted 28 September 2010 - 04:21 PM
You could try to change the mode (USB-ZIP/USB-HDD) via Bootice first. It seems to me that firmware just sets the default appearance, that can be overrided by reformatting utility.but modified firmware in usb to be visible as floppy - yes !!!!
Andrew Kevin
It depends. If you don't have any backup -- sure you start tinkering about that garbage )Personally, I would never bother with an infected drive, I would 'nuke & pave'
#25
Posted 28 September 2010 - 06:16 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users