Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: What a good idea


09 Nov 2013   #1

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8.1 Pro all 64bit
 
 
What a good idea

I found this while ploughing through the mail and thought I might just make a couple of them up, in case.

How to Use An Antivirus Boot Disc or USB Drive to Ensure Your Computer is Clean

My System SpecsSystem Spec
.

10 Nov 2013   #2

Windows 7 Home Premium
 
 

Is it really a good idea??

It sounds good, but...

A Rescue CD is normally based on the Linux operating system kernel. A Linux OS can mount an
NTFS partition, however loading the Windows Registry is another story. In this day and age, accessing the Registry is necessary when doing a scan for malware.

The Antivirus included on the Rescue CD scans the file system, but not the Registry.
Many types of malware use the Registry in order to launch. Both the malicious file and the malicious Registry entry need to go. However, the Rescue CD only detects and deletes the file. This action has serious consequences depending on the Registry location of a malicious entry.

An example is the ZeroAccess rootkit which hijacks the Windows value in the HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems key. If a scanner deletes the file associated with this key, without adjusting the Windows Registry value data, the computer will no longer boot.

Another issue to be aware of when scanning with a Rescue CD is that it can delete any file, including those that are critical Windows system files. Normally there is a Windows mechanism that attempts to prevent the deletion of such files. This will not happen using a Rescue CD. If a system file is infected, it needs to be identified and replaced. Deletion may lead to an unbootable system.


On the other side of the coin, a Rescue CD has its uses. If its scanner detects an infected file, investigate what it detected, and if you know that it needs replaced, this can be done manually using the Rescue CD, navigating to a clean copy of the infected file, and using the CD to replace the infected file.

A Rescue CD is also a good way to rescue personal files. There may also be other uses for it.

IMO, the Recovery Environment is a much better choice to identify and remove malware, than a Rescue CD.


(A knowledgeable colleague at another forum provided this information.)
My System SpecsSystem Spec
10 Nov 2013   #3

Microsoft Community Contributor Award Recipient

Vista x64 / 7 X64
 
 

Plenty of linux boot discs can load windows registry. No idea if those particular ones Icit2 refers to do it.
My System SpecsSystem Spec
.


10 Nov 2013   #4

Desk1 8 Pro / Desk2 7 Home Prem / Laptop 8.1 Pro all 64bit
 
 


Ok mate I just saw the three listedand thought it would boot in a Windows type environment I use Kaspersky so itimmediately caught my eye.

On reflection I should have thought about it a bit more thoroughly and realised it was not going to be a Windows based set up
My System SpecsSystem Spec
10 Nov 2013   #5

Windows 7 Home Premium
 
 

As mentioned before, Rescue CDs have their use.

However, to my understanding, the Rescue CDs do not load the Registry, and, that is a problem.

If anyone knows any info that contradicts this, please post your comments.

Rescue CDs were very popular a few years back. I remember using them. But, as malware becomes more and more aggressive/complicated, some of it targets Registry keys other than those with a Run value where the user of the computer gets an annoying error message on each boot.
My System SpecsSystem Spec
10 Dec 2013   #6

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

Interesting topic - had a quick google. Not sure whether things have moved on now, but it appears that only those rescue CD's based on the WindowsPE environment will actually scan and clean (automatically) malware in the registry. Unfortunatelly they aren't free because of the licencing of the WindowsPE.

Quote:
The reader whose query got me started on this investigation wanted to mount another system's hard drive as a slave in his system and use a tool that would clean up all file and Registry malware traces. All the products except PC Tools will clean up files on the foreign drive, but only avast!'s BART CD can remove malware traces in the "foreign" registry.
Analyst's View: Antivirus Rescue CDs | Neil J. Rubenking | PCMag.com

Another interesting read on Linux-based rescue disks:
http://blog.emsisoft.com/2012/10/20/...p-or-a-hinder/
My System SpecsSystem Spec
11 Dec 2013   #7

Windows 7 Home Premium
 
 

Thanks, Golden!!

Good info.

Recently, read something related to Kaspersky's Rescue CD with WindowsUnlocker, and it also claims to disinfect the Registry. It is also free.
My System SpecsSystem Spec
11 Dec 2013   #8

Windows 7 Pro. 64/SP-1
 
 

How does Windows Defender Offline work?
Can and should it be used?
My System SpecsSystem Spec
11 Dec 2013   #9

Windows 7 Home Premium
 
 

LB,

There is malware that cannot be fully removed when the system is running.
It has been a common practice to boot into a different operating system, like Linux, and remove the malware files.

From what I have read, WDO is a bootable security software that scans and removes malicious software before Windows loads.

It has its place, however, have seen more machines with the Alureon rootkit borked by WDO than what I care to count.
My System SpecsSystem Spec
12 Dec 2013   #10

Windows 7 Pro. 64/SP-1
 
 

Thank you cottonball. I was wondering why nobody recommends the program any more.
My System SpecsSystem Spec
Reply

 What a good idea




Thread Tools



Similar help and support threads for2: What a good idea
Thread Forum
Reconfigure my Rig? Is it a good idea? Installation & Setup
Good idea possible? Customization
good idea Chillout Room

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:24 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33