Re: How to scan a compromised system?

From: x y (
Date: 06/21/02

From: "x y" <>
Date: Fri, 21 Jun 2002 08:38:29 -0400

Well, you could try booting to a dos boot disk with the paid version of
NTFSDOS. Or you could boot to the infected version of windows and search
for and find a removal tool for that virus from or on the
internet. The removal tools usually remove the virus from memory, so that
you can then use your regular antivirus scanner to clean the infected files.
Booting clean is theoretically better, but in a pinch I would say use
anything that works.

"WDms" <> wrote in message
> exactly. A modern boot disk, while still 3.5" wide, now has a 40 pin
> In other words, you have to move harddisks to boot clean.
> "x y" <> wrote in message
> news:#PXkzr#FCHA.1812@cpimsnntpa03...
> > PS for many of the viruses that are memory resident and stealth, if you
> > the name of the virus, there is often a removal tool at
> > in or at the web site of your favorite large antivirus
> > manufacturer. Follow the instructions given with the tool.
> >
> > You can still COLD boot a win 2000 computer with a known virus free boot
> > floppy. This will work if the hard drive is formatted in FAT or FAT32.
> > the other post recommended, you can use NTFSDOS with a dos boot floppy
> > access the drive. The read-only version is free, but you'd need the
> > read-write version which is not free.
> >
> > Another option could be to take the infected hard drive and put it into
> > another computer running Windows 2000 and that has an antivirus program
> > detects this virus and/or that has the latest virus updates for that
> > Then, scan the hard drive [being careful to boot off of the un-infected
> > version of windows and avoiding executing any of the files on the
> > hard drive].
> >
> > In any case, if this is a rare virus or a virus that is not commonly
seen in
> > the wild, you may want to download an evaluation copy of a different
> > antivirus scanner such as f-secure and scan the hard drive to confirm
> > this is not a false alarm.
> >
> > "WDms" <> wrote in message
> > news:#L4uXc6FCHA.2520@tkmsftngp13...
> > > The trouble with the current viruses is they attack the virus
> > Is
> > > there a way to boot up a Win2K system without launching the viruses in
> > order to
> > > run a virus scanner? In the old days we did it with a boot floppy.
> >
> >
> >