Jump to content











Photo
- - - - -

Malicious Software Removal Tool


  • Please log in to reply
18 replies to this topic

#1 PaPeuser

PaPeuser

    Silver Member

  • Advanced user
  • 787 posts
  •  
    United States

Posted 20 December 2008 - 05:14 PM

Hello
I run this under PE now. (Never tested on an Infected Machine in VistaPE)
I don’t write script so I ask how about a script that updates at build time.
WebSite Malicious Software Removal Tool
New Malicious Software List

I found that some computers i can"t even boot to desktop because of fake antivirus programs and other so called fixers .
So i boot to PE and sometimes using this tool i have a place to start. This is one of many tools in my custom folder.

Thanks in advance :cheers:
Brad

#2 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 20 December 2008 - 05:34 PM

Hello
I run this under PE now. (Never tested on an Infected Machine in VistaPE)
I don't write script so I ask how about a script that updates at build time.
WebSite Malicious Software Removal Tool
New Malicious Software List

I found that some computers i can"t even boot to desktop because of fake antivirus programs and other so called fixers .
So i boot to PE and sometimes using this tool i have a place to start. This is one of many tools in my custom folder.

Thanks in advance :cheers:
Brad

Just to give you a good motivation first:
What you are thinking about, is possible.

But now some restrictions:

In order to download latest virus definitions, your PE needs to be WRITABLE.
(Now my first incompetence: I know the nativeEX world, I do not know whether to expand into the Vista world.)
You make your PE writable by either using BootSDI or FBWF

Some antivir progs work ONLY on the system drive. Maybe they scan the file system on all drives, but they do not take care on registries on non-system drives.

In clear: a virus in the system drive's registry (your PE drive X: which should be clean) is detected. (nice, but not very helpful)
But a virus in any C:... registry file (your standard system) is not detected. (That's what you intended to do)

As a result: When using such antivir apps in the PE, you must know, what they can do!
And try only antivir apps which also check 'remote' registries!

Peter

#3 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7100 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 20 December 2008 - 05:46 PM

In order to download latest virus definitions, your PE needs to be WRITABLE.

Which poses a CATCH22 situation, since if the PE is writeble it is possible that it can affected by a Virus. :cheers:

NOT "likely", but "possible".

jaclaz

#4 PaPeuser

PaPeuser

    Silver Member

  • Advanced user
  • 787 posts
  •  
    United States

Posted 20 December 2008 - 06:03 PM

Which poses a CATCH22 situation, since if the PE is writeble it is possible that it can affected by a Virus. :cheers:

NOT "likely", but "possible".

jaclaz


OK i understand
this is one file an EXE, size 7,466kb, thats why i ask if a script for this could update when disk is built
I will work on it
Thanks ALL

#5 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 20 December 2008 - 06:45 PM

PaPEuser

we have drweb, which is also one file, and we already have script for that (which updates during build if you want) etc.

Also we have other av software scripts (ex: mcaffee) which works nicely too

look apps section for these.

#6 billonious

billonious

    Silver Member

  • .script developer
  • 528 posts
  • Location:greezeland
  • Interests:curiosity

Posted 22 December 2008 - 06:12 PM

But a virus in any C:... registry file (your standard system) is not detected.

if a small virus cleaner runs after loading c:\ registry with runscanner?

#7 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 22 December 2008 - 06:34 PM

OK i understand
this is one file an EXE, size 7,466kb, thats why i ask if a script for this could update when disk is built
I will work on it
Thanks ALL

It seems to be no issue to download a 'fixed' address when the disk is built and put it to the PE. I think that there already some scripts exist, doing so.
Sorry, I understood you as wanting to have an actual version during boot ...

Btw: 'fixed' means really a constant URL, nothing like 'http://my.antivir.com/Update_<date or version>'

Peter

#8 PaPeuser

PaPeuser

    Silver Member

  • Advanced user
  • 787 posts
  •  
    United States

Posted 22 December 2008 - 07:52 PM

I never expect an Antivirus program to completely clean an infected computer in any PE environments. I always double check after windows loads by updating and running client’s antivirus and doing a few online scans. At this point is when I would address any registry problems. Sometimes I can’t install or run any programs till I boot to PE and clean up as much as I can. Just the other day in PE AdAwareSE found over 12,000 infected files and DR. Web found 18,000 plus when I boot this computer it cane up to not the desk top but to a fake alert screen and locked. And of course all I heard was SAVE MY DATA (music files)……………sigh

Personally? I would not know what to do except format and reload a computer with out PE. I could rant a rave some more or just think of it as job security

I found a tool a FAKE VIRUS to test some Antivirus's and Malware. This test virus probably does not edit the registry so I may not be a good example of what you describe.

I will do some testing over holidays
Merry Xmas
Brad

#9 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 22 December 2008 - 08:02 PM

Maybe a lack of my English knowledge, but I have the feeling that I did not completely understand your post..

Please allow me that therfore I start 'from scratch'

You want to have a script wich installs the <xyz> antivir program into your PE, including the latest virus definitions.

That can be done (and I would try to create an according script). But maybe there are really some scripts which can do that currently.

Because I'm working on the development of WinBuilder.exe itself, I'm not sure to know all current solutions which possibly fullfill your requirements.

@ALL: Please post possible solutions here!

@PaPeuser: If there is no current script fulfilling your requirements: Be sure, I try to fulfill!
BTW: your choice which tool: Some may refuse to work on a PE!

Peter

#10 PaPeuser

PaPeuser

    Silver Member

  • Advanced user
  • 787 posts
  •  
    United States

Posted 22 December 2008 - 08:39 PM

IT's ok no one else understands me either... LOL

Microsoft's Malicious Software Removal Tool (link in first post) is a free MS tool to clean Malicious software. I looking to add this to my VistaPe build. It looks to me MS only updates this once a month and it only cleans the worst Virues or Malware. So i dont think updating when you build a disk is important.

the problem i have is the name of file (windows-kb890830-v2.4.exe) did not seem to work with windbuilder so i renamed it (MSremovaltool.exe) and will try it again

Thanks again
Brad

#11 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 22 December 2008 - 08:42 PM

IT's ok no one else understands me either... LOL

Microsoft's Malicious Software Removal Tool (link in first post) is a free MS tool to clean Malicious software. I looking to add this to my VistaPe build. It looks to me MS only updates this once a month and it only cleans the worst Virues or Malware. So i dont think updating when you build a disk is important.

the problem i have is the name of file (windows-kb890830-v2.4.exe) did not seem to work with windbuilder so i renamed it (MSremovaltool.exe) and will try it again

Thanks again
Brad

It looks like that I'm starting to understand you ... (sorry again my poor Engish understanding)

Let me do some researches!

Peter

#12 amalux

amalux

    Platinum Member

  • Tutorial Writer
  • 2813 posts
  •  
    United States

Posted 22 December 2008 - 08:57 PM

Probably already mentioned but DrWeb and Avast are my two fav's right now, both allow update prior to or during build and work quite well in PE for scanning host machine.

#13 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 22 December 2008 - 08:58 PM

it is now
windows-kb890830-v2.5
:cheers:

anyway, "Microsoft's Malicious Software Removal Tool" cant do better than dr web or mcaffee or others ;), as funs like to add best av software to pe environment msMsrt wont be needed too.

and about your concern for deleting av from pe environment; you can connect to internet and update av's you have on pe environment. Also some av on pe checks registry on hostdisk too. So after a clean you cant find any av on disk.

But as you described, some viruses have simply "bad" effect on files and may not be cleanable so deleted (or moved) by av, which in result make system unbootable, so as you write, you need to reinstall windows with "formatting". Or better solution, you can restore a backup copy of your partition. Best way is, after restoring backup, you scan viruses on other disks (like D: E: F: G:) so when you boot up your computer, you wont get effected again and as backup is a nonvirus backup, you wont have any virus concerns.

Returning to subject, you are searching for a way to make windows-kb890830-vx....exe search on C: in PE env. :cheers: Sorry, i dont know, but i hope you like the method i describe.

#14 PaPeuser

PaPeuser

    Silver Member

  • Advanced user
  • 787 posts
  •  
    United States

Posted 22 December 2008 - 09:11 PM

When I try to use Create a new script in WinBuilder [075 beta 5 H] I get a
Access violation at address 0056CD3A in module ‘Winbuilder.exe’Read of address 0000000C.

Maybe I should start over

#15 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 22 December 2008 - 09:18 PM

PaPeuser

try another version to create a new script
http://winbuilder.net/download.php

#16 PaPeuser

PaPeuser

    Silver Member

  • Advanced user
  • 787 posts
  •  
    United States

Posted 22 December 2008 - 09:37 PM

amulax - yes dr.web and avast, spybot, antimalware are my top picks - but do a norton online scan after i always find more infected files,

Lancelot - i will try different version - just wanted to report problem in case someone else has same problem

pcs - dont waste your time with this, i access from custom folder and run it from there.

I hate reloading a computer, takes hours - backup - reload - restore to proper place - update everthing- customer lost disk, or loaded something from a friend.
Thanks all
Brad

#17 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 22 December 2008 - 09:46 PM

amulax - yes dr.web and avast, spybot, antimalware are my top picks - but do a norton online scan after i always find more infected files,

Here we are starting 'unnecessary philosophic discussion'

Whenever you look into serious antivir app tests you will find:
  • Today: Program <abc> did not detect the new virus <123>. But program <xyz> did
  • Tomorrow: Program <xyz> did not detect the new virus <123>. But program <abc> did
For you and me as private consumers there is only one way: Read carefully some tests, and then decide for the antivir app, you trust!
There NEVER is a 100% security.

And, it looks like a joke, but it is reality:
If you tomorrow are infected with the <newvir>, all of the 'best tested' apps do not detect it, but the <last in the test> gets it!

That's life!

Peter

#18 billonious

billonious

    Silver Member

  • .script developer
  • 528 posts
  • Location:greezeland
  • Interests:curiosity

Posted 22 December 2008 - 10:02 PM

PaPeuser,
don't loose your time,
neither antimalware nor ms removal tool work under livexp. antimalware should work in vistape as far as maxreal made a script.

fullstop.

#19 amalux

amalux

    Platinum Member

  • Tutorial Writer
  • 2813 posts
  •  
    United States

Posted 23 December 2008 - 03:30 AM

When I try to use Create a new script in WinBuilder [075 beta 5 H] I get a
Access violation at address 0056CD3A in module ‘Winbuilder.exe’Read of address 0000000C.

Maybe I should start over

Here's a script for MRT that should work, program opens in PE and allows choosing host files but throws a typically cryptic error message at scan execution :cheers: - Feel free to play with it if you want but as billonious said, some programs just don't work in LiveXP (believe me, some don't work under VPE either).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users