What a good idea

Page 1 of 2 12 LastLast

  1. Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
       #1

    What a good idea


    I found this while ploughing through the mail and thought I might just make a couple of them up, in case.

    How to Use An Antivirus Boot Disc or USB Drive to Ensure Your Computer is Clean
      My Computer


  2. Posts : 2,470
    Windows 7 Home Premium
       #2

    Is it really a good idea??

    It sounds good, but...

    A Rescue CD is normally based on the Linux operating system kernel. A Linux OS can mount an
    NTFS partition, however loading the Windows Registry is another story. In this day and age, accessing the Registry is necessary when doing a scan for malware.

    The Antivirus included on the Rescue CD scans the file system, but not the Registry.
    Many types of malware use the Registry in order to launch. Both the malicious file and the malicious Registry entry need to go. However, the Rescue CD only detects and deletes the file. This action has serious consequences depending on the Registry location of a malicious entry.

    An example is the ZeroAccess rootkit which hijacks the Windows value in the HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems key. If a scanner deletes the file associated with this key, without adjusting the Windows Registry value data, the computer will no longer boot.

    Another issue to be aware of when scanning with a Rescue CD is that it can delete any file, including those that are critical Windows system files. Normally there is a Windows mechanism that attempts to prevent the deletion of such files. This will not happen using a Rescue CD. If a system file is infected, it needs to be identified and replaced. Deletion may lead to an unbootable system.


    On the other side of the coin, a Rescue CD has its uses. If its scanner detects an infected file, investigate what it detected, and if you know that it needs replaced, this can be done manually using the Rescue CD, navigating to a clean copy of the infected file, and using the CD to replace the infected file.

    A Rescue CD is also a good way to rescue personal files. There may also be other uses for it.

    IMO, the Recovery Environment is a much better choice to identify and remove malware, than a Rescue CD.


    (A knowledgeable colleague at another forum provided this information.)
      My Computer


  3. Posts : 16,131
    7 X64
       #3

    Plenty of linux boot discs can load windows registry. No idea if those particular ones Icit2 refers to do it.
      My Computers


  4. Posts : 21,004
    Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
    Thread Starter
       #4


    Ok mate I just saw the three listedand thought it would boot in a Windows type environment I use Kaspersky so itimmediately caught my eye.

    On reflection I should have thought about it a bit more thoroughly and realised it was not going to be a Windows based set up
      My Computer


  5. Posts : 2,470
    Windows 7 Home Premium
       #5

    As mentioned before, Rescue CDs have their use.

    However, to my understanding, the Rescue CDs do not load the Registry, and, that is a problem.

    If anyone knows any info that contradicts this, please post your comments.

    Rescue CDs were very popular a few years back. I remember using them. But, as malware becomes more and more aggressive/complicated, some of it targets Registry keys other than those with a Run value where the user of the computer gets an annoying error message on each boot.
      My Computer


  6. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #6

    Interesting topic - had a quick google. Not sure whether things have moved on now, but it appears that only those rescue CD's based on the WindowsPE environment will actually scan and clean (automatically) malware in the registry. Unfortunatelly they aren't free because of the licencing of the WindowsPE.

    The reader whose query got me started on this investigation wanted to mount another system's hard drive as a slave in his system and use a tool that would clean up all file and Registry malware traces. All the products except PC Tools will clean up files on the foreign drive, but only avast!'s BART CD can remove malware traces in the "foreign" registry.
    Analyst's View: Antivirus Rescue CDs | Neil J. Rubenking | PCMag.com

    Another interesting read on Linux-based rescue disks:
    http://blog.emsisoft.com/2012/10/20/...p-or-a-hinder/
    Last edited by Golden; 10 Dec 2013 at 04:29.
      My Computer


  7. Posts : 2,470
    Windows 7 Home Premium
       #7

    Thanks, Golden!!

    Good info.

    Recently, read something related to Kaspersky's Rescue CD with WindowsUnlocker, and it also claims to disinfect the Registry. It is also free.
      My Computer


  8. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #8

    How does Windows Defender Offline work?
    Can and should it be used?
      My Computer


  9. Posts : 2,470
    Windows 7 Home Premium
       #9

    LB,

    There is malware that cannot be fully removed when the system is running.
    It has been a common practice to boot into a different operating system, like Linux, and remove the malware files.

    From what I have read, WDO is a bootable security software that scans and removes malicious software before Windows loads.

    It has its place, however, have seen more machines with the Alureon rootkit borked by WDO than what I care to count.
      My Computer


  10. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #10

    Thank you cottonball. I was wondering why nobody recommends the program any more.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:19.
Find Us