AntiVirus and NTFS

[Johnny Lingo]

One used to be able to boot from a Norton AntiVirus disk and run a scan from
the disk. Now with NTFS on many more home systems this is no longer
possible. What is a good AV software that you can scan the system from a
disk?

 

[Testy]

It is unnecessary.

Testy

One used to be able to boot from a Norton AntiVirus disk and run a scan from
the disk. Now with NTFS on many more home systems this is no longer
possible. What is a good AV software that you can scan the system from a
disk?

 

[Johnny Lingo]

Why
Sometimes a system cannot be on the net. What can be done from a disk?

 

[Malke]

Why
Sometimes a system cannot be on the net. What can be done from a
disk?

My understanding is that you can still scan from the NAV 2004 av cd -
you may need to set your pc to boot from the cd-rom first. Symantec
should have instructions on how to do this so the program uses the
latest definitions.

However, what I usually do in my tech work is have copies of the latest
Stinger and TrendMicro's SysClean on cd (along with all the other
specific virus removal tools from Symantec). I copy the programs and/or
folders (in the case of SysClean) to the client's machine and run them
from there in Safe Mode. That will normally clean the system enough to
get a full-featured av on there with definitions I've already
downloaded and do a scan again in Safe Mode.

Malke

 

[D.Currie]

My understanding is that you can still scan from the NAV 2004 av cd -
you may need to set your pc to boot from the cd-rom first. Symantec
should have instructions on how to do this so the program uses the
latest definitions.

However, what I usually do in my tech work is have copies of the latest
Stinger and TrendMicro's SysClean on cd (along with all the other
specific virus removal tools from Symantec). I copy the programs and/or
folders (in the case of SysClean) to the client's machine and run them
from there in Safe Mode. That will normally clean the system enough to
get a full-featured av on there with definitions I've already
downloaded and do a scan again in Safe Mode.

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"

Here's another trick. I've got an IDE-USB adapter cable that I can connect
to the client's computer's drive, without removing the drive from their box
(why do they make some of them such a PITA to remove?) and then I connect it
to my test machine via the USB. I ran run the virus scans that are already
on my machine and updated, I can run spyware scans, and I can go online and
do even more scans of that drive.

And because my machine is already booted and secure, there's no way their
viruses are going to activate on my computer, which could be possible if I
just slaved their drive into my machine.

SOME viruses/spyware may remain on the system because the registry isn't
active, nor are the customer's profiles, but it's a good way to get rid of
the bulk of the junk and get their computer to the point where it will boot
and run well enough to install/update software on their computer.

 

[Malke]

Here's another trick. I've got an IDE-USB adapter cable that I can
connect to the client's computer's drive, without removing the drive
from their box (why do they make some of them such a PITA to remove?)
and then I connect it to my test machine via the USB. I ran run the
virus scans that are already on my machine and updated, I can run
spyware scans, and I can go online and do even more scans of that
drive.

And because my machine is already booted and secure, there's no way
their viruses are going to activate on my computer, which could be
possible if I just slaved their drive into my machine.

SOME viruses/spyware may remain on the system because the registry
isn't active, nor are the customer's profiles, but it's a good way to
get rid of the bulk of the junk and get their computer to the point
where it will boot and run well enough to install/update software on
their computer.

That does sound good, but I would think if the client has one of the
network-aware worms, you are taking a chance that your machines will
get it. I never let a client's machine onto my network until after it
has been purged.

Malke