Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virus Issue

02 Sep 2010   #21
dranfu

 

@ Original Poster

Since we're talking about AV Boot CD's, and other things, you might want to check out something like this:

UNetbootin allows you to create bootable Live USB drives for Ubuntu, Fedora, and other Linux distributions without burning a CD. It runs on both Windows and Linux. You can either let UNetbootin download one of the many distributions supported out-of-the-box for you, or supply your own Linux .iso file if you've already downloaded one or your preferred distribution isn't on the list.



Most, if not all, of the Anti Virus Boot CD's are supported by UNetbootin.

You can even have a USB drive with multiple boot CD's:

Pen Drive Linux: How to create a Multiboot USB Flash Drive that you can use to Boot Multiple ISO Files from USB. Please note that you might need a 8GB-16GB or larger USB flash device to be able to support every bootable ISO entry. I will update and add more Bootable ISO files to the list as I find the time to test them. You can also contact me to submit working Bootable ISO entries for inclusion.



Throw Hiren's Boot CD on there and the UBCD4WIN and you are ready to kill of pretty much any infection.


My System SpecsSystem Spec
.
02 Sep 2010   #22
dranfu

 

@ Everyone Else,

In terms of the ever raging, ever classic manual virus removal vs Image Restore debate, there is something that I think is often ignored: And that is that there is immense value and knowledge to be gained by manually removing malware infections. There are two great benefits, at least as I see it.
  1. When you begin to study malware (whether with Process Explorer, Gmer, Hijack This, or w/e your favorite tools are) you begin a journey to a much deeper understanding of windows, and Windows Internals specifically.

    Malware, like any program, is nothing but a bunch of code being executed.



    Malware author's are not magicians, they just know Windows really well. They know that they can do things like create handles to the Windows NT Session Manager (smss.exe) so you won't be able to erase their file; they know they can list their file as a system file, so most users will never find it , even if they "show hidden files." They even know how to send encrypted data inside of the header (not the data portion) of an HTTP packet, so that even wise technicians will be oblivious.

    But this is not magic, this is Windows. This is networking. And this is computer science. And often, when you study malware, you are drawn to these topics, and your own understanding of Windows, Networking, and Computer science is deepened substantially.

  2. The other great benefit, and the one most ignored by those who support the "always re-image" position, is that studying, seeking out, and learning to manually remove viruses teaches you a lot about how to recognize an infection, including 0-day infections. How can you get better and more adept at recognizing subtle signs of infection if you never take the time to see what that virus is doing?

    The fact of the matter is, there are thousands upon thousands of Malware that your Anti Virus has no clue about. Some of them are crafted just for a specific scenario.You can't rely on your AV as a means of determining if you are 100% virus free or not.

    I have seen technicians, very smart ones, who did not recognize that svcchost.exe was a virus running in task manager. But had they spent some time removing viruses (and as a result, learning more about Windows Internals) they would have known that there is only one C in svchost.exe

    And while it is always safer to re-image, and while it is the right thing to do from a business perspective...as a technician, I think the right thing to do is study the infection, practice removing it, learn from it--and let it make you better as a result.


Ok, you can flame me now
My System SpecsSystem Spec
02 Sep 2010   #23
Skulblaka

Windows 8 Professional 64-bit
 
 

Excellent words, no doubt.
My System SpecsSystem Spec
.

02 Sep 2010   #24
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

"Keep your friends close, but your enemies closer"
My System SpecsSystem Spec
02 Sep 2010   #25
dranfu

 

Quote   Quote: Originally Posted by Borg 386 View Post
"Keep your friends close, but your enemies closer"
Exactly
My System SpecsSystem Spec
02 Sep 2010   #26
CarlTR6

Windows 7 Ultimate 32 bit
 
 

Quote   Quote: Originally Posted by dranfu View Post
@ Everyone Else,

In terms of the ever raging, ever classic manual virus removal vs Image Restore debate, there is something that I think is often ignored: And that is that there is immense value and knowledge to be gained by manually removing malware infections. There are two great benefits, at least as I see it...

  1. And while it is always safer to re-image, and while it is the right thing to do from a business perspective...as a technician, I think the right thing to do is study the infection, practice removing it, learn from it--and let it make you better as a result.


Ok, you can flame me now
Excellent post.
My System SpecsSystem Spec
02 Sep 2010   #27
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

No need to flame you dranfu ... I don't deal with rootkits at any level!

The computer has been "severley compromised", and it's time to do a complete wipe and re-installation of Windows. It will never be stable again without doing this!
My System SpecsSystem Spec
02 Sep 2010   #28
Tews

64-bit Windows 8.1 Pro
 
 

While I agree that approaching it from a forensics point can be an educationally satisfying adventure, most users just want to resolve the issue....get rid of the infection! I fall in that category.

I am a member on another forum where I have seen a fairly simple issue go on for days, while going into the menusha of taking the OS apart with logs etc, in the mean time the OP is still infected with a virus.

While I have never been infected with a virus, I know that should it happen, I can resolve the whole issue by restoring one of my images in 20 minutes or less. To me, the choice is a no-brainer.
My System SpecsSystem Spec
02 Sep 2010   #29
dranfu

 

Quote   Quote: Originally Posted by Tews View Post
While I agree that approaching it from a forensics point can be an educationally satisfying adventure, most users just want to resolve the issue....get rid of the infection! I fall in that category.

I am a member on another forum where I have seen a fairly simple issue go on for days, while going into the menusha of taking the OS apart with logs etc, in the mean time the OP is still infected with a virus.

While I have never been infected with a virus, I know that should it happen, I can resolve the whole issue by restoring one of my images in 20 minutes or less. To me, the choice is a no-brainer.
Yes, you have a valid point, but it is not just about being educationally satisfying, it is also, at least in my mind, about learning Windows and malware better. While I of course agree that it is faster and safer to re-image, what else does re-imaging provide besides speed and a sense of security?

That may seem like a silly question, but think about it like this: The option to re-image is always available. I can always achieve speed and a sense of security as soon as I decide to re-image. But the option to increase my skills and knowledge cannot be had by re-imaging.

For instance, it is true that if I discover I am infected, I can quickly and easily wipe my machine. But how do I know if that virus has stolen any sensitive data from me? And what data did it steal? And how did it get in in the first place? And why was I targeted? And who wrote it? These are questions that, perhaps, a user may or may not care about: but then again, they may not be aware of what damage was done before they caught it. Either way. a person cannot answer these questions without studying what happened, as in studying malware. But by studying malware, you can figure out all of those questions.
My System SpecsSystem Spec
02 Sep 2010   #30
dranfu

 

And look at what an interesting discusion the original poster started. And he is not ever here to enjoy it.
My System SpecsSystem Spec
Reply

 Virus Issue




Thread Tools




Similar help and support threads
Thread Forum
Anti Virus Pro Security issue
Hello, I've been passed an acer laptop on with the Anti Virus Pro Security ransom ware on. i have removed these before using safe mode but this one seems to be a little more inventive. when i log in in safe mode it boots me back out and restarts the laptop up in standard mode. same with...
System Security
Can't delete a DVIX file. Possible virus issue.
Hi, I turn to you people again, because I had some good suggestions from you in the past, so I hope you will be able to help me again :) Yesterday my friend brought me a movie on a flash drive, I watched it no problem, I turned off my laptop when I went to sleep. The next day when I turned it...
General Discussion
My friend is having a Virus issue - Win32/Sality
Hey, My friend has had this virus that he feels is taking control of his computer. Here's his message. Anyone know a way to solve this Virus? Regards, -TPS
System Security
Virus/Dos condition or performance issue?
Hi, This will be a short question. I recently reinstalled windows 7 for some errors. So after installing everything, windows went on smoothly(that is, performance wise) Now that i am installing every bit of software i need. Im getting DoS like conditions on the computer, when i start up...
System Security
Virus issue
hey friends, my friend has got 21 files affected by virus. Was getting an error. These excel & word files which are affected. We want to know how can we recover/back-up these files as they are really important without losing them forever??? Its a Dell laptop No AV, No Firewall, No external...
System Security
Back up issue after a virus.
I recently had some trouble with a virus. My Norton scanner cleaned the virus out, but it had changed my registry and some other files I do not know how to restore.(I think some of the virus is still present because my computer is slower then before) So I wanted to do a clean re-install of my...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:47.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App