Hello Group,

I recently started a technical support position and I sometimes need to
scan customer's computers for viruses and spyware.

I normally rely upon the online utilities from Spy Sweeper, and McAfee
or Symantec. But during a recent incident, I believe the online tool
was being spoofed by a virus or spyware program. I am not certain of
which computer germ it was because the machine had over a dozen, I
believe Adware.EliteBar may have been involved.

So I am now trying to determine a better strategy for battling these
computer germs on customers machines. I think the best strategy is to
boot from a CD to scan/clean the hard drive. This prevents the scanner
from being spoofed (unless the boot sequence in the BIOS is a
spoof...), and also avoids having to install software on customers
computers.

Unfortunately, after calling McAfee and Symantec, I was told that these
products are not capable of creating a Bootable CD. This is rather
disappointing but understandable, creating a bootable CD to scan a
computer requires something like Linux or perhaps Windows XP Embedded.
But these are large software companies, and bootable CDs are now
becoming more prevalent, e.g. Acronis True Image Server. (Evidently
KeyRoute Remover does create a bootable CD to do its work.)

On a side note, I am disappointed that the computer industry has
decided to differentiate between Computer Viruses and Spyware. They
both are programs that the typical user does not want running on their
computer and they both require similar techniques for removal. I hope
the industry will soon combine these terms into something like
"Computer Germ".

Please let me know if Symantec of McAfee can create a bootable CD,
and thank you for reading this posting.
Keller Beyer

On 22 Apr 2005 08:00:35 -0700, (E-Mail Removed) wrote:

[Snip]

>
>Please let me know if Symantec of McAfee can create a bootable CD,
>and thank you for reading this posting.

Visit <http://www.nu2.nu/pebuilder/> and download a Copy of PE
Builder.

You can use PE Builder to create you own bootable CD-ROM that includes
McAfee VirusScan & Stinger, Lavasoft Ad-aware and other utilities.


HTH.


Cheers-

Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

Jeffrey A. Setaro wrote:
> On 22 Apr 2005 08:00:35 -0700, (E-Mail Removed) wrote:
>
> [Snip]
>
>
>>Please let me know if Symantec of McAfee can create a bootable CD,
>>and thank you for reading this posting.
>
>
> Visit <http://www.nu2.nu/pebuilder/> and download a Copy of PE
> Builder.
>
> You can use PE Builder to create you own bootable CD-ROM that includes
> McAfee VirusScan & Stinger, Lavasoft Ad-aware and other utilities.
>
>
> HTH.
>
>
> Cheers-
>
> Jeff Setaro
> jasetaro@SPAM_ME_NOT_mags.net
> http://people.mags.net/jasetaro/
> PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
Jeff-
Do you know a way to create the disk without the OS installation media?
I have a used XP pro computer but no XP disk.
-max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
You can find my e-mail address on my pages.
This message is virus free as far as I can tell.

"" wrote in alt.comp.anti-virus:
>On a side note, I am disappointed that the computer industry has
>decided to differentiate between Computer Viruses and Spyware.

Not to mention trojans and worms. The mchanism of propagation is
different; it seems reasonable that there should be names to
differentiate them. After all, lions and tigers are both big cats,
but no one says they should share a common name -- instead they
have particular names and an "umbrella" name covering them both.

> They
>both are programs that the typical user does not want running on their
>computer and they both require similar techniques for removal. I hope
>the industry will soon combine these terms into something like
>"Computer Germ".

The standard umbrella term seems to be "malware".

--

Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...

> On a side note, I am disappointed that the computer industry has
> decided to differentiate between Computer Viruses and Spyware.

It was and is necessary since they are very different things.

> They both are programs that the typical user does not want running on
their computer

Right, but there the simularity ends.

> and they both require similar techniques for removal.

Some viruses can be treated like other malware when it comes down to
removal. Some viruses can be treated like other malware when it comes to
detection. But as for all those "other" viruses they are a very special
case for both detection and removal - particularly with regard to
parasitic file infectors.

> I hope
> the industry will soon combine these terms into something like
> "Computer Germ".

Computer germ (germ file) already refers to some first generation
'virus' files as do 'seed' and 'dropper'. Personally, I detest the fact
that many people think computer virus = whatever makes my computer
"sick".

> Please let me know if Symantec of McAfee can create a bootable CD,
> and thank you for reading this posting.

Try a "Preinstallation Environment" CD (PE)

"Stan Brown" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "" wrote in alt.comp.anti-virus:
> >On a side note, I am disappointed that the computer industry has
> >decided to differentiate between Computer Viruses and Spyware.
>
> Not to mention trojans and worms. The mchanism of propagation is
> different; it seems reasonable that there should be names to
> differentiate them. After all, lions and tigers are both big cats,
> but no one says they should share a common name -- instead they
> have particular names and an "umbrella" name covering them both.
>
> > They
> >both are programs that the typical user does not want running on
their
> >computer and they both require similar techniques for removal. I
hope
> >the industry will soon combine these terms into something like
> >"Computer Germ".
>
> The standard umbrella term seems to be "malware".

Yes, but not all spyware is malware - and don't even get me started on
adware.

On Fri, 22 Apr 2005 21:05:44 GMT, What's in a Name?
<(E-Mail Removed)> wrote:

>Jeff-
>Do you know a way to create the disk without the OS installation media?
>I have a used XP pro computer but no XP disk.
>-max

If you have access to a Windows XP CD you can copy the contents of the
CD to folder on your hard drive, slipstream in the updates and then
point PE Builder at that folder rather the CD.


Cheers-

Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

"Jeffrey A. Setaro" wrote in alt.comp.anti-virus:
>On Fri, 22 Apr 2005 21:05:44 GMT, What's in a Name?
><(E-Mail Removed)> wrote:
>
>>Do you know a way to create the disk without the OS installation media?
>>I have a used XP pro computer but no XP disk.
>
>If you have access to a Windows XP CD you can copy the contents of the
>CD to folder on your hard drive, slipstream in the updates and then
>point PE Builder at that folder rather the CD.

Am I confused? The question was what to do if you _don't_ have an
installation disk, and it looks like you said what to do if you
_do_ have an installation disk.

I'm curious about this issue myself, snce I have an Acer notebook
that came with a "Recovery CD" but no installation disk.


--

Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/

On Sat, 23 Apr 2005 12:11:35 -0400, Stan Brown
<(E-Mail Removed)> wrote:

>Am I confused? The question was what to do if you _don't_ have an
>installation disk, and it looks like you said what to do if you
>_do_ have an installation disk.
>
>I'm curious about this issue myself, snce I have an Acer notebook
>that came with a "Recovery CD" but no installation disk.
>

One of the options available using the program that Jeff mentioned is
to check the source. You will probably have a subdirectory i386 off
the root c:\ directory. If so type in c:\ as the source and click on
source->check

This will tell you if the source is valid for making the bootable cd.


Jim.

"James Egan" wrote in alt.comp.anti-virus:
>On Sat, 23 Apr 2005 12:11:35 -0400, Stan Brown
><(E-Mail Removed)> wrote:
>
>>Am I confused? The question was what to do if you _don't_ have an
>>installation disk, and it looks like you said what to do if you
>>_do_ have an installation disk.
>>
>>I'm curious about this issue myself, snce I have an Acer notebook
>>that came with a "Recovery CD" but no installation disk.
>>
>
>One of the options available using the program that Jeff mentioned is
>to check the source. You will probably have a subdirectory i386 off
>the root c:\ directory. If so type in c:\ as the source and click on
>source->check
>
>This will tell you if the source is valid for making the bootable cd.

Ah -- thanks! I _do_ have an \i386 directory and used it e.g. to
install Recovery Console.

--

Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/