Is there any External AV program?

[casey.o]

After dealing with the Sality virus, I found that AV software installed
on the HDD is not always the answer. Sality just destroyed the AV
software along with everything else. What seems to be the solution,
would be something that would be on a CD, since the CD data cant be
destroyed. Ideally, it would seem that the CD should be bootable so it
can clean up the system HDD, without being booted from the infected
drive. However I question whether it can remove registry data on a
drive which is not booted?

Not only this, but this virus infection originated from a computer which
I just purchased, and which did not have any AV software installed. To
install any AV software would have infected any external device plugged
in to it, such as a flash drive or external HDD. Thus, the only method
to check this computer (without infecting anything external), would be
a CD to scan the computer, since a CD cant get infected.

Does such a thing exist? In other words, can a person either buy a
bootable CD to scan any and all computers, or download and burn such a
CD?

Ideally, it should work on ANY version of Windows, or at least Win2000
and up (I wont bet on anything for Win98). Of course if the CD is self
booting, maybe the installed OS wont matter?????

Maybe no such thing exists, but I thought I'd ask....
Any suggestions?

 

[Paul]

After dealing with the Sality virus, I found that AV software installed
on the HDD is not always the answer. Sality just destroyed the AV
software along with everything else. What seems to be the solution,
would be something that would be on a CD, since the CD data cant be
destroyed. Ideally, it would seem that the CD should be bootable so it
can clean up the system HDD, without being booted from the infected
drive. However I question whether it can remove registry data on a
drive which is not booted?

Not only this, but this virus infection originated from a computer which
I just purchased, and which did not have any AV software installed. To
install any AV software would have infected any external device plugged
in to it, such as a flash drive or external HDD. Thus, the only method
to check this computer (without infecting anything external), would be
a CD to scan the computer, since a CD cant get infected.

Does such a thing exist? In other words, can a person either buy a
bootable CD to scan any and all computers, or download and burn such a
CD?

Ideally, it should work on ANY version of Windows, or at least Win2000
and up (I wont bet on anything for Win98). Of course if the CD is self
booting, maybe the installed OS wont matter?????

Maybe no such thing exists, but I thought I'd ask....
Any suggestions?

Kaspersky makes an offline scanner. This is the one
I run most often when something "weird" happens.

http://support.kaspersky.com/8092 (~375MB, grows with defs)

I can see one here from Microsoft. Untested.
Don't know a thing about it.

http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

Bitdefender used to make one. Again, untested, don't
know a thing about it.

http://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html

http://download.bitdefender.com/rescue_cd/v2/bitdefender-rescue-cd.iso (514MB)

For two of the three, they'd be based on some Linux
distro, with stuff deleted. For example, they
wouldn't have a copy of LibreOffice Whereas
every Linux LiveCD has one of those, to help
bloat the thing.

Also, don't expect offline scanner media to have PPP
dialup networking included. They have no sense of
humor.

Paul

 

[~BD~]

After dealing with the Sality virus, I found that AV software installed
on the HDD is not always the answer. Sality just destroyed the AV
software along with everything else. What seems to be the solution,
would be something that would be on a CD, since the CD data cant be
destroyed. Ideally, it would seem that the CD should be bootable so it
can clean up the system HDD, without being booted from the infected
drive. However I question whether it can remove registry data on a
drive which is not booted?

Not only this, but this virus infection originated from a computer which
I just purchased, and which did not have any AV software installed. To
install any AV software would have infected any external device plugged
in to it, such as a flash drive or external HDD. Thus, the only method
to check this computer (without infecting anything external), would be
a CD to scan the computer, since a CD cant get infected.

Does such a thing exist? In other words, can a person either buy a
bootable CD to scan any and all computers, or download and burn such a
CD?

Yes! What Paul said ......

Ideally, it should work on ANY version of Windows, or at least Win2000
and up (I wont bet on anything for Win98). Of course if the CD is self
booting, maybe the installed OS wont matter?????

Maybe no such thing exists, but I thought I'd ask....
Any suggestions?

Dr.Web® LiveCD
Emergency System Recovery Disk

If your Windows or Linux system has been rendered non-bootable by
malware, restore it for FREE with Dr.Web LiveCD!

http://www.freedrweb.com/livecd/

 

[casey.o]

Yes! What Paul said ......


Dr.Web® LiveCD
Emergency System Recovery Disk

If your Windows or Linux system has been rendered non-bootable by
malware, restore it for FREE with Dr.Web LiveCD!

http://www.freedrweb.com/livecd/

This sounds real useful too.....
Thanks

 

[Good Guy]

Face it - it is your fault based upon a lack of due diligence.

Whenever one obtains a used computer, *ALWAYS* wipe the computer and
install the OS of choice from scratch.

Also make sure the disk is wiped in such a way that there are no traces
of porn anywhere on it (hidden or otherwise). As the OP must know that
child porn is a criminal offense and if any traces of that sort of porn
is found you may get into a hell of a problem even if you are acquitted
later on due to authorities doing their work thoroughly and finding the
real source of that problem in the first place.

People on Ebay are dodgy characters (some of them not all of them!!!)
and this is not something I need to tell anybody here.

 

[Ken Blake, MVP]

Whenever one obtains a used computer, *ALWAYS* wipe the computer and install
the OS of choice from scratch.

A very strong ditto!

 

[Ken Blake, MVP]

A very strong ditto!

I pressed Send too fast. Let me add that you should do that regardless
of who owned the computer before you--even if it was your mother, son,
or best friend. It can have problems that they were unaware of.

 

[Daave]

Whenever one obtains a used computer, *ALWAYS* wipe the computer and
install the OS of choice from scratch.

+1

 

[casey.o]

Whenever one obtains a used computer, *ALWAYS* wipe the computer and install
the OS of choice from scratch.

If it was a computer used by someone I fully agree. But this came as a
FRESH install of XP with no other software. Only what MS puts on their
XP install CD.

 

[casey.o]

The fact that you had a file infecting virus makes that untrue. You bought
from an untrusted source and thus it should have been handled accordingly.

Again caveat emptor is always in-play with eBay and you can NOT go by what
the seller says. You should have done that fresh install of XP. YOU !

A complete failure in due diligence.

I agree that I should have ran a virus scanner on it. But doing a fresh
install seems a little excessive, if the AV program shows it to be
clean. I find it a bit hard to understand how a fresh install could be
infected anyhow, adn this was fresh. I cant see how a XP install CD
could be infested, but they had to install the drivers, and I can only
guess that was the source.

I'll scan everything fron now on...

 

[~BD~]

I agree that I should have ran a virus scanner on it. But doing a fresh
install seems a little excessive, if the AV program shows it to be
clean. I find it a bit hard to understand how a fresh install could be
infected anyhow, adn this was fresh. I cant see how a XP install CD
could be infested, but they had to install the drivers, and I can only
guess that was the source.

I'll scan everything fron now on...

FYI .............

https://www.google.co.uk/search?q=c...7.31000j0j7&sourceid=chrome&es_sm=93&ie=UTF-8


From just one of those results I read ....


It is definitely possible for a slightly sophisticated attacker to leave
malware outside the direct reach of the operating system. Reinstalling
the operating system means a disk wipe at most. Even there, you need to
be careful if you restore any data that may have been compromised.

Malware can be stored in one of the many rewritable memories that lurk
in just about every component of a modern computer. These memories store
that component's firmware and are usually rewritable; all it takes is
knowing the right address to it, and manufacturers usually provide tools
to upgrade the firmware, so all the attacker to do is substitute his own
code (there is almost never any cryptography).

For example, there is a known (and fairly simple) exploit for Apple
keyboards, found by K. Chen. Chen's presentation shows how to take
advantage of the available memory (only about 1kB to spare) to open a
shell on a TCP port by injecting keystrokes, or log keystrokes in a
context where a passphrase is expected and replay them.

For another example of a firmware vulnerability in the wild, try
CVE-2010-0104: Broadcom NetXtreme management firmware ASF buffer
overflow. This is a bug in some Ethernet firmware that allows a remote
attacker to take control of the network firmware (and so at the very
least actively attack all network traffic), and potentially of the whole
computer (I don't know if there's an exploit for that, but once you have
access to the PCI bus, I doubt that much is barred). Interestingly, this
vulnerability is easiest to exploit on a computer that's switched off,
since the bug is in a remote management protocol parser, which in
particular handles wake-on-LAN.

This question asks for firmware on video cards. As I write, no one has
given an example of a malware in the wild, but the possibility is
definitely there.

There is no real protection against compromised firmware on a typical
PC. You'd need to keep track of every single piece of flash memory in
the computer. There are efforts to require firmware to be authenticated;
on PCs, the most advanced such effort is the TPM, which currently can
check the integrity of the BIOS and the OS bootloader, if you have the
required hardware and a BIOS that supports it. I'm not aware of a PC
where all components have their firmware checked for integrity (at
least, before they're allowed to access the PCI bus). There are similar
efforts in the smartphone world leveraging security features of ARM
chips, but again it's a far cry from the existence of security feature
to the inclusion of all firmware in the trusted base.

http://security.stackexchange.com/q...an-install-enough-to-remove-potential-malware

 

[Ken Blake, MVP]

I agree that I should have ran a virus scanner on it. But doing a fresh
install seems a little excessive, if the AV program shows it to be
clean.

No AV program is ever perfect!

I find it a bit hard to understand how a fresh install could be
infected anyhow, adn this was fresh.

Unless you did the installation yourself, there's no way you can be
sure of that! That goes double if you talking about something you
bought from eBay.

And even if it was a clean installation, there's no way you can be
sure that an eBay seller didn't also install a virus afterwards,
either accidentally, or on purpose.

 

[Daave]

doing a fresh install seems a little excessive

Although it currently seems "excessive" to you, it is the only sensible
way to be sure you have a clean system.

Now if a trusted friend/relative/neighbor (one who has a reputation for
being a competent computer geek) installed it for you, I think that
would be fine, especially if they are nearby.

In the future, if you purchase a used PC, make sure:

1. you get it from a REPUTABLE seller

and

2. you get ALL the installation media it originally came with.

AND I still think you should perform a Clean Install of the correct
operating system!

 

[Ken Springer]

I agree that I should have ran a virus scanner on it. But doing a fresh
install seems a little excessive, if the AV program shows it to be
clean. I find it a bit hard to understand how a fresh install could be
infected anyhow, adn this was fresh. I cant see how a XP install CD
could be infested, but they had to install the drivers, and I can only
guess that was the source.

I'll scan everything fron now on...

You may find this MS TechNet article illuminating. I'd suggest reading
the last bullet point first.

http://technet.microsoft.com/library/cc512587.aspx


--
Ken
Mac OS X 10.8.5
Firefox 25.0
Thunderbird 24.3.0
"My brain is like lightning, a quick flash
and it's gone!"

 

[J. P. Gilliver (John)]

So in practice, what you are saying is, there is no point in buying an
OS? Except possibly on a brand new computer? (Where do you draw the
line?) What about these companies that refurbish ex-business PCs (from
the ground up, I think - certainly, the one I looked at, you selected
case, processor, memory, graphics card, CD, wifi if any, and version of
W7 [they didn't offer XP])?

I pressed Send too fast. Let me add that you should do that regardless
of who owned the computer before you--even if it was your mother, son,
or best friend. It can have problems that they were unaware of.

Now that last sentence I would agree with.--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

/Pride and Prejuice/ seems to be remade every ten years - the only real
difference being a new Mr Darcy in a new shirt with fewer buttons. - Marie
Hanerman, in Feedback, Radio Times, 13-19 November 2010.