Re: How to scan a compromised system?

From: x y (jamescagney90210@excite.com)
Date: 06/21/02


From: "x y" <jamescagney90210@excite.com>
Date: Fri, 21 Jun 2002 08:38:29 -0400


Well, you could try booting to a dos boot disk with the paid version of
NTFSDOS. Or you could boot to the infected version of windows and search
for and find a removal tool for that virus from www.symantec.com or on the
internet. The removal tools usually remove the virus from memory, so that
you can then use your regular antivirus scanner to clean the infected files.
Booting clean is theoretically better, but in a pinch I would say use
anything that works.

"WDms" <wdsnews.0226@oregoncity.com> wrote in message
news:#VIb0GHGCHA.2436@tkmsftngp08...
> exactly. A modern boot disk, while still 3.5" wide, now has a 40 pin
connector.
> In other words, you have to move harddisks to boot clean.
>
>
> "x y" <jamescagney90210@excite.com> wrote in message
> news:#PXkzr#FCHA.1812@cpimsnntpa03...
> > PS for many of the viruses that are memory resident and stealth, if you
know
> > the name of the virus, there is often a removal tool at www.symantec.com
or
> > in www.google.com or at the web site of your favorite large antivirus
> > manufacturer. Follow the instructions given with the tool.
> >
> > You can still COLD boot a win 2000 computer with a known virus free boot
> > floppy. This will work if the hard drive is formatted in FAT or FAT32.
As
> > the other post recommended, you can use NTFSDOS with a dos boot floppy
to
> > access the drive. The read-only version is free, but you'd need the
> > read-write version which is not free.
> >
> > Another option could be to take the infected hard drive and put it into
> > another computer running Windows 2000 and that has an antivirus program
that
> > detects this virus and/or that has the latest virus updates for that
week.
> > Then, scan the hard drive [being careful to boot off of the un-infected
> > version of windows and avoiding executing any of the files on the
infected
> > hard drive].
> >
> > In any case, if this is a rare virus or a virus that is not commonly
seen in
> > the wild, you may want to download an evaluation copy of a different
> > antivirus scanner such as f-secure and scan the hard drive to confirm
that
> > this is not a false alarm.
> >
> > "WDms" <wdsnews.0226@oregoncity.com> wrote in message
> > news:#L4uXc6FCHA.2520@tkmsftngp13...
> > > The trouble with the current viruses is they attack the virus
scanners.
> > Is
> > > there a way to boot up a Win2K system without launching the viruses in
> > order to
> > > run a virus scanner? In the old days we did it with a boot floppy.
> >
> >
> >
>
>