...Kaspersky made a tool that you could run from a bartpe / vistape / erd2007 or in safe mode on a PC that would remove viruses and spyware - and updated it several times a day - and it was free to use.

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

It must be nearly christmas time :)

cOOL
Do you have some info in how to use it?

Self explanatory - download it and run it - it has full GUI.

lol
Got it, it is a stand alone tool similar to Stinger, right? I downloaded it but I havent run it yet. It was kind of chaotic at work on Friday

The app looks good, but if you're using a PE burnt to DVD how do you update the virus detection definitions? Or can you use the Tool from USB and update on another PC first?

the PE will create a ram drive for temp files and it allows you to set up your network settings at bootup via manual or dhcp.

the PE will create a ram drive for temp files and it allows you to set up your network settings at bootup via manual or dhcp.

Thanks Phish :)

Unlike stinger, MRT and similar apps it has a full database of all signatures for spyware and virus/trojan apps and is not just a targeted subset of the latest or most prevalent. I would suggest that good practice is to burn to CD or boot from a PE disk of some description and use because multi-infected machines will infect your USB sticks with various nastyware and you will go around happily infecting other machines via your sticks.

It is a tool which can be used whatever way you like, but along with things like roguefix and MBAM will enable you to clean a machine of active threats in a relatively quick manner compared to a full AV scan with a resident program (which may already be compomised). I would also use standard manual techniques like checking the windows\system32 dir and the drivers dir for the most recently created files. One of your problems with rootkit type infections is they will intercept system calls and return false information so booting from a PE environment is always favourite for me personally.

Unfortunately many newer threats use a multi level infection system which can involve many components and it is usually a toss up between recovery or re-install depending on the system's importance and value. For a home PC you are probably looking at a wipe/reload being economically the better solution as the time involved can be pretty much predicted. Any RK infected machine may have also legit backdoor configuration like opening remote desktop, adding GoToMyPC or LogMeIn software or reverse shell connection through telnet and SSH. These will not usually be picked up by an AV tool as they are legit files bent to a illegit purpose. For a real nasty infection only wipe and reload can be considered a real clean up.

I thought this was gonna be a Beach Boys thread... :o

I thought this was gonna be a Beach Boys thread... :o

We have a cadbury chocolate TV advert that has this song... hmm Chocolate!

Self explanatory - download it and run it - it has full GUI.What is Vista PE?

How did you get that many viruses?

Thanks in advance.

http://en.wikipedia.org/wiki/VistaPE

Thank you rik.

Why would anyone want to use vista PE? You could not write a CD with vista PE. At 200 MB, you could not do much with it. Is it for diagnostic purposes?

Thanks in advance.

Veronica

Vista PE is a bootable windows disk, you can do many things with one including diagnostic tests. It will be of most interest to people that work with computers for their jobs - network admins, technicians etc...

Thank you very much Curio.