Re: Root kits ...luvly !

Oops! silly me, ...you did tell me the other day that the drive and
pathnames are hardcoded into multi-av,
but, it'll still be of use, if i can copy multi-av to a target machine and
run it, after booting into BartsPE !

regards, Richard


"RJK" <notatospam@xxxxxxxxxxx> wrote in message
news:%2353oxS6iGHA.412@xxxxxxxxxxxxxxxxxxxxxxx
...Huge thanx David !

...heaven is http://www.nu2.nu/pebuilder/start/ which pops up a box with
slots where I can point to the drive with my XP Home OEM (sp2
slipstreamed) cd in it, and the "custom" slot underneath let me "include
files and folders from this directory" i.e. c:\av-cls and off it went
and created a *.iso
...all in about a minute !!

...off I go now to burn a bootable cd-r ...I wonder if it'll work ...
....I wonder if BartsPE has a rootkit in it !! :-)

regards, Richard


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:upETUVoiGHA.4580@xxxxxxxxxxxxxxxxxxxxxxx
From: "RJK" <notatospam@xxxxxxxxxxx>

| ...forgot my question !
|
| Do any of the 4 command line scanners in David H Lipmans Multi-AV
detect
| known root-kits ?
|
| ...I noticed during my earlier web-wading that Symantec is working on /
| detecting root-kits !!
|
| regards, Richard
|

Yes. Sophos is excellent for their detection. However, it would be
*best* doen outside the
running OS. That is by downloading teh Sophos files then booting from a
DOS Boot Disk or a
DOS Boot Disk with NTFS4DOS and then scanning the platform.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm






.

Relevant Pages

  • Re: Root kits ...luvly !
    ... remembered that David H Lipman told me that Multi-av is an XP console app. ... DOS Boot Disk with NTFS4DOS and then scanning the platform. ...
    (microsoft.public.security.virus)
  • Re: Root kits ...luvly !
    ... | detecting root-kits!! ... That is by downloading teh Sophos files then booting from a DOS Boot Disk or a ... DOS Boot Disk with NTFS4DOS and then scanning the platform. ...
    (microsoft.public.security.virus)