Re: Ping Malke
From: Zvi Netiv (support_at_replace_with_domain.com)
Date: 06/08/05
- Next message: nemo: "Re: win32mersting.B - How to remove?"
- Previous message: David H. Lipman: "Re: Ping Malke"
- In reply to: David H. Lipman: "Re: Ping Malke"
- Next in thread: What's in a Name?: "Re: Ping Malke"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 08 Jun 2005 19:22:45 +0300
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote:
> From: "Zvi Netiv" <support@replace_with_domain.com>
> >> I have a NEW utility. It combines; Trend Sysclean, the McAfee Command Line Scanner and
> >> the Sophos Command Line Scanner all in one menu driven utility.
> >>
> >> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
> >>
> >> After tou execute and extract the files, look at the PDF help file.
> >> "C:\AV-CLS\Multi AV Command Line Scanner.PDF"
> >>
> >> Let me know what you think and how it can be improved.
> |
> | Nice!
> |
> | A couple of comments, to consider for further versions:
> |
> | I personally hold that cleaning under Windows should be conducted from self
> | boot, from the installed OS. Yet since you mention the option of clean booting
> | for Win 9x/Me, by aid of boot disk made from www.bootdisk.com, then be aware
> | that there exists a free (for private use) bootdisk to NTFS from DOS, with full
> | read-write access, from http://www.datapol-technologies.com/dpe/recovery/ntfs/
> |
> | In your instructions (PDF file), I would recommend that anything you suggest
> | running from safe mode, be run from safe mode WITH COMMAND PROMPT instead.
> | The reason is that many malware load by injecting through Explorer, that loads
> | in safe mode just as well. You have my permission to include the ToggleMode
> | utility in your package, if required. You may need it to start Win 9x/Me in
> | safe mode with command prompt (a mode they lack inherently). From
> | www.invircible.com/item/80
> You mentioned -- "...malware load by injecting through Explorer..." The script will look at
> the "shell=explorer.exe" directive of the Registry in NT and in SYSTEM.INI in Win9x/ME. If
> there is malware being chained off of explorer such as...
> shell=exlorer.exe malware.exe
> When you run the script in Normal Mode to update the Command Line Scanner (CLS), it will
> properly set the shell= directives back to "shell=explorer.exe" and should not load the
> malware again when rebooted into Safe Mode.
Chaining commands is one way to inject malware through Explorer. There are
other ways too which cannot be monitored as simply, like the insertion in the
startup queue. Such applications will only initialize after Explorer, which is
one of the reasons for which you are better of in safe mode with command prompt.
I don't remember right now which malware didn't clean properly in safe mode, but
I can tell that I saw a few during the last three years.
The only drawback of cleaning in safe mode with command prompt is that it
requires some mastering of the command line.
Regards, Zvi
-- NetZ Computing Ltd. ISRAEL www.invircible.com www.ivi.co.il (Hebrew) InVircible Virus Defense Solutions, ResQ and Data Recovery Utilities
- Next message: nemo: "Re: win32mersting.B - How to remove?"
- Previous message: David H. Lipman: "Re: Ping Malke"
- In reply to: David H. Lipman: "Re: Ping Malke"
- Next in thread: What's in a Name?: "Re: Ping Malke"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
