Reply With QuotecOOL
Do you have some info in how to use it?
...Kaspersky made a tool that you could run from a bartpe / vistape / erd2007 or in safe mode on a PC that would remove viruses and spyware - and updated it several times a day - and it was free to use.
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
It must be nearly christmas time
I'm using Windows 7 - you got a problem with that?
cOOL
Do you have some info in how to use it?
Self explanatory - download it and run it - it has full GUI.
Last edited by Curio; November 16th, 2008 at 18:56 PM.
I'm using Windows 7 - you got a problem with that?
lol
Got it, it is a stand alone tool similar to Stinger, right? I downloaded it but I havent run it yet. It was kind of chaotic at work on Friday
The app looks good, but if you're using a PE burnt to DVD how do you update the virus detection definitions? Or can you use the Tool from USB and update on another PC first?
--- 0wN3D by 3gG ---
the PE will create a ram drive for temp files and it allows you to set up your network settings at bootup via manual or dhcp.
Thanks PhishOriginally Posted by phishhead
--- 0wN3D by 3gG ---
Unlike stinger, MRT and similar apps it has a full database of all signatures for spyware and virus/trojan apps and is not just a targeted subset of the latest or most prevalent. I would suggest that good practice is to burn to CD or boot from a PE disk of some description and use because multi-infected machines will infect your USB sticks with various nastyware and you will go around happily infecting other machines via your sticks.
It is a tool which can be used whatever way you like, but along with things like roguefix and MBAM will enable you to clean a machine of active threats in a relatively quick manner compared to a full AV scan with a resident program (which may already be compomised). I would also use standard manual techniques like checking the windows\system32 dir and the drivers dir for the most recently created files. One of your problems with rootkit type infections is they will intercept system calls and return false information so booting from a PE environment is always favourite for me personally.
Unfortunately many newer threats use a multi level infection system which can involve many components and it is usually a toss up between recovery or re-install depending on the system's importance and value. For a home PC you are probably looking at a wipe/reload being economically the better solution as the time involved can be pretty much predicted. Any RK infected machine may have also legit backdoor configuration like opening remote desktop, adding GoToMyPC or LogMeIn software or reverse shell connection through telnet and SSH. These will not usually be picked up by an AV tool as they are legit files bent to a illegit purpose. For a real nasty infection only wipe and reload can be considered a real clean up.
I'm using Windows 7 - you got a problem with that?
I thought this was gonna be a Beach Boys thread...
We have a cadbury chocolate TV advert that has this song... hmm Chocolate!I thought this was gonna be a Beach Boys thread...
--- 0wN3D by 3gG ---
What is Vista PE?
How did you get that many viruses?
Thanks in advance.
Thank you rik.
Why would anyone want to use vista PE? You could not write a CD with vista PE. At 200 MB, you could not do much with it. Is it for diagnostic purposes?
Thanks in advance.
Veronica
Vista PE is a bootable windows disk, you can do many things with one including diagnostic tests. It will be of most interest to people that work with computers for their jobs - network admins, technicians etc...
I'm using Windows 7 - you got a problem with that?
Thank you very much Curio.
Posting Permissions
Bookmarks