Bootable Antivirus CD (and why are spyware and viruses classified differently)

[beyeriii]

Hello Group,

I recently started a technical support position and I sometimes need to
scan customer's computers for viruses and spyware.

I normally rely upon the online utilities from Spy Sweeper, and McAfee
or Symantec. But during a recent incident, I believe the online tool
was being spoofed by a virus or spyware program. I am not certain of
which computer germ it was because the machine had over a dozen, I
believe Adware.EliteBar may have been involved.

So I am now trying to determine a better strategy for battling these
computer germs on customers machines. I think the best strategy is to
boot from a CD to scan/clean the hard drive. This prevents the scanner
from being spoofed (unless the boot sequence in the BIOS is a
spoof...), and also avoids having to install software on customers
computers.

Unfortunately, after calling McAfee and Symantec, I was told that these
products are not capable of creating a Bootable CD. This is rather
disappointing but understandable, creating a bootable CD to scan a
computer requires something like Linux or perhaps Windows XP Embedded.
But these are large software companies, and bootable CDs are now
becoming more prevalent, e.g. Acronis True Image Server. (Evidently
KeyRoute Remover does create a bootable CD to do its work.)

On a side note, I am disappointed that the computer industry has
decided to differentiate between Computer Viruses and Spyware. They
both are programs that the typical user does not want running on their
computer and they both require similar techniques for removal. I hope
the industry will soon combine these terms into something like
"Computer Germ".

Please let me know if Symantec of McAfee can create a bootable CD,
and thank you for reading this posting.
Keller Beyer

 

[Jeffrey A. Setaro]

On 22 Apr 2005 08:00:35 -0700, (e-mail address removed) wrote:

[Snip]

Please let me know if Symantec of McAfee can create a bootable CD,
and thank you for reading this posting.

Visit <http://www.nu2.nu/pebuilder/> and download a Copy of PE
Builder.

You can use PE Builder to create you own bootable CD-ROM that includes
McAfee VirusScan & Stinger, Lavasoft Ad-aware and other utilities.


HTH.


Cheers-

Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[What's in a Name?]

On 22 Apr 2005 08:00:35 -0700, (e-mail address removed) wrote:

[Snip]

Please let me know if Symantec of McAfee can create a bootable CD,
and thank you for reading this posting.

Visit <http://www.nu2.nu/pebuilder/> and download a Copy of PE
Builder.

You can use PE Builder to create you own bootable CD-ROM that includes
McAfee VirusScan & Stinger, Lavasoft Ad-aware and other utilities.


HTH.


Cheers-

Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

Jeff-
Do you know a way to create the disk without the OS installation media?
I have a used XP pro computer but no XP disk.
-max

 

[Stan Brown]

On a side note, I am disappointed that the computer industry has
decided to differentiate between Computer Viruses and Spyware.

Not to mention trojans and worms. The mchanism of propagation is
different; it seems reasonable that there should be names to
differentiate them. After all, lions and tigers are both big cats,
but no one says they should share a common name -- instead they
have particular names and an "umbrella" name covering them both.

They
both are programs that the typical user does not want running on their
computer and they both require similar techniques for removal. I hope
the industry will soon combine these terms into something like
"Computer Germ".

The standard umbrella term seems to be "malware".

 

[Roger Wilco]

On a side note, I am disappointed that the computer industry has
decided to differentiate between Computer Viruses and Spyware.

It was and is necessary since they are very different things.

They both are programs that the typical user does not want running on

their computer

Right, but there the simularity ends.

and they both require similar techniques for removal.

Some viruses can be treated like other malware when it comes down to
removal. Some viruses can be treated like other malware when it comes to
detection. But as for all those "other" viruses they are a very special
case for both detection and removal - particularly with regard to
parasitic file infectors.

I hope
the industry will soon combine these terms into something like
"Computer Germ".

Computer germ (germ file) already refers to some first generation
'virus' files as do 'seed' and 'dropper'. Personally, I detest the fact
that many people think computer virus = whatever makes my computer
"sick".

Please let me know if Symantec of McAfee can create a bootable CD,
and thank you for reading this posting.

Try a "Preinstallation Environment" CD (PE)

 

[Roger Wilco]

in alt.comp.anti-virus:

Not to mention trojans and worms. The mchanism of propagation is
different; it seems reasonable that there should be names to
differentiate them. After all, lions and tigers are both big cats,
but no one says they should share a common name -- instead they
have particular names and an "umbrella" name covering them both.


The standard umbrella term seems to be "malware".

Yes, but not all spyware is malware - and don't even get me started on
adware.

 

[Jeffrey A. Setaro]

Jeff-
Do you know a way to create the disk without the OS installation media?
I have a used XP pro computer but no XP disk.
-max

If you have access to a Windows XP CD you can copy the contents of the
CD to folder on your hard drive, slipstream in the updates and then
point PE Builder at that folder rather the CD.


Cheers-

Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[Stan Brown]

If you have access to a Windows XP CD you can copy the contents of the
CD to folder on your hard drive, slipstream in the updates and then
point PE Builder at that folder rather the CD.

Am I confused? The question was what to do if you _don't_ have an
installation disk, and it looks like you said what to do if you
_do_ have an installation disk.

I'm curious about this issue myself, snce I have an Acer notebook
that came with a "Recovery CD" but no installation disk.

 

[James Egan]

Am I confused? The question was what to do if you _don't_ have an
installation disk, and it looks like you said what to do if you
_do_ have an installation disk.

I'm curious about this issue myself, snce I have an Acer notebook
that came with a "Recovery CD" but no installation disk.

One of the options available using the program that Jeff mentioned is
to check the source. You will probably have a subdirectory i386 off
the root c:\ directory. If so type in c:\ as the source and click on
source->check

This will tell you if the source is valid for making the bootable cd.


Jim.

 

[Stan Brown]

One of the options available using the program that Jeff mentioned is
to check the source. You will probably have a subdirectory i386 off
the root c:\ directory. If so type in c:\ as the source and click on
source->check

This will tell you if the source is valid for making the bootable cd.

Ah -- thanks! I _do_ have an \i386 directory and used it e.g. to
install Recovery Console.

 

[beyeriii]

Hi Jeff,

Thanks very much for the information regarding PE Builder, it is a very
suitable product.

Keller

 

[Dave Budd]

Hello Group,

I recently started a technical support position and I sometimes need to
scan customer's computers for viruses and spyware.

I normally rely upon the online utilities ...

Rule 1 with a machine that may be infected is to
GET IT OFF THE NETWORK.