Live CD Distro/Anti Virus

Linkex

Linkex

Linkex

Associate
Joined
4 May 2011
Posts
1,065
This weekend I have offered to go round and fix a friends PC - from the sounds of it, its totally infected with viruses, and the browser has been hijacked so you can't view any web pages. I've dealt with these kinds of things before for her, and its always arduous. This time I would like to be prepared with a live CD.

So, imagine you are in my situation - you are going to fix the above machine, with very little prior knowledge of the problem, provided by a very non-technical user. Reinstalling windows is an option, but the user would rather repair if possible.

What's on your live CD (and why) to ensure you are ready for anything?
 
Well im not sure you need a live CD. You need to run a virus scan / anti rootkit scan like Malware bytes, so id set it to boot in safe mode and take those malwarebytes style software over to scan the HDD and remove all the rubbish.
 
A live CD will not be slowed down by all the **** on her system trying to run at the same time - the whole process will be faster
If the virus has any "counter-measures" to defend against AV scans, they will not work against a scan from a live CD
If I want to go online to look up specifics about removing a virus, I can do so from a Live CD, not something I could do from within windows when the browser has been hijacked.

I appreciate the input, but I understand what I am doing and why I want to do it - However I do not use linux day to day, so I do not know what has come out in the last year, which is why I would like suggestions from people who do. If not, I'll use Knoppix and a couple of linux AV packages.
 
KIA said:
First approach should be boot to safe mode and run MBAM with latest definitions. It will take care of 90% of malware.
Everything I know about malware tells me that Live CD would have a better success rate than scanning within the infected OS, as well as being generally quicker assuming the crap is slowing the host OS down.

Now, I'm happy to be corrected, but to my mind that suggests that Live CD is the better option because with safe boot scan, you have to then re-run with Live CD 10% of the time anyway.

If this is not valid, please feel free to explain why.
Click to expand...
Click to expand...
 
Nah. As said, a Live CD is a white whale. Get rid of the idea.

Boot from safe mode, run MBAM and try again. Or if you can, have a seperate windows XP hard drive and boot from that again run AV. Dont forget Live Cd's are INCREDIBLY SLOW also.
 
as I say, if you have a reason not to use the boot cd I will listen, but just saying its slow is not valid. we've all seen PCs ****ed up by users, where they can take 20 mins just to laid into windows and fire up a scan, a live cd would be much faster in that situation.

not come across hirens before, looks like exactly what i wanted to know. many thanks.
 
LiveCD's are slow to boot and slow to load apps. Other than this they should be very quick. IF there was a fantastic linux av app then it would run at a very good speed from a livecd. Reading from the hard disk would be as fast as from within windows. Once livecd's are booted and apps are in memory then they fly along.
 
masterluke said:
LiveCD's are slow to boot and slow to load apps. Other than this they should be very quick. IF there was a fantastic linux av app then it would run at a very good speed from a livecd. Reading from the hard disk would be as fast as from within windows. Once livecd's are booted and apps are in memory then they fly along.
Click to expand...

Why would it? The seek time on a CD is horrendous. Im assuming you think it will load the entire image into some kind of tmpfs file system? Thats not how it works last i checked, hence the thrashing the disk (the racket is generally a give away).

Anyway, let us know how you get on with MBAM / Hirens
 
Generally stuff you load sits in memory once youve loaded it. The loading is slow but after that it is retrieved from memory. I would be VERY surprised if a virus scan under linux from a livecd would thrash the cd after the scan has begun.
 
you could always download the Kaspersky rescue live cd ?

http://support.kaspersky.com/viruses/rescuedisk?level=2

long as you connected to the net, it can also update virus defs and run a full scan (can take a few hours) then once in windows, combofix/malwarebytes should get rid of anything if its still there.

Or remote access her pc and install malwarebytes may still do the trick.

Or ask her to backup her important files, go round and simply restore the pc.... sometimes thats way easier/quicker then running scans all day long.
 
Linkex said:
as I say, if you have a reason not to use the boot cd I will listen, but just saying its slow is not valid. we've all seen PCs ****ed up by users, where they can take 20 mins just to laid into windows and fire up a scan, a live cd would be much faster in that situation.
Click to expand...

We are speaking from experience. A lot of malware won't run in safemode including the usual start-up bloat. The machine should be relatively nippy in safemode.
 
You must log in or register to reply here.
Back
Top Bottom