[TriLUG] Rescue CD
Roger Broseus via TriLUG
trilug at trilug.org
Wed Apr 15 11:21:05 EDT 2015
David,
I suggest that you copy customer DATA to a clean disk and scan with more than one tool. I recently rec'd an email with a zip file attached. ClamAV said it was okay under linux, as did Norton 360 with all current updates. MS Security Essentials found a Trojan. Consider only keeping mission critical data for scanning. Reinstall the system after wiping the disk or reformatting.
I recommend this conservative approach because you say the system is heavily infected. In that case you may never find all of the possibly infected system files. So, play it safe and do a clean re-install.
It sounds tedious because it is but may be necessary. Then educate the customer on safe computing. Recommend a separate computer for non-business surfing, etc.
--
Roger Broseus
www.bronord.com
(This email was composed on a tablet PC. Pease excuse predictive-text induced tiepos.)
>On Wed, Apr 15, 2015 at 8:21 AM, David Both via TriLUG
><trilug at trilug.org>
>wrote:
>
>> I am trying to find a good, recent rescue CD that I can use to rescue
>> Windows systems up through 8.1. There are several apparently
>well-regarded
>> ones out there, but most have not been updated for a few years. My
>primary
>> criteria are that it must run Linux and that it must be able to scan
>for
>> current new malware, viruses, spyware, Trojans, etc.
>>
>> I have a customer with a Win8.1 box that is heavily infected. He has
>> someone whom he uses for this, and I have recommended another person
>who
>> was recommended to me by Intrex. I would just like to be able to do
>this
>> myself when I run into these types of issues since I am already
>on-site and
>> trying to resolve problems that may be related or affected by these
>> infections.
>>
>> I am already testing Hiren's Boot Disk, SystemRescueCD and Trinity
>Rescue
>> Kit.
>>
>> Any and all suggestions will be appreciated. Thanks!
>>
>> --
>>
>>
>> *********************************************************
>> David P. Both, RHCE
>> Millennium Technology Consulting LLC
>> Raleigh, NC, USA
>> 919-389-8678
>>
>> dboth at millennium-technology.com
>>
>> www.millennium-technology.com
>> www.databook.bz - Home of the DataBook for Linux
>> DataBook is a Registered Trademark of David Both
>> *********************************************************
>> This communication may be unlawfully collected and stored by the
>National
>> Security Agency (NSA) in secret. The parties to this email do not
>consent
>> to the
>> retrieving or storing of this communication and any related metadata,
>as
>> well as
>> printing, copying, re-transmitting, disseminating, or otherwise using
>it.
>> If you
>> believe you have received this communication in error, please delete
>it
>> immediately.
>>
>> --
>> This message was sent to: Charles Fischer
><cfischer at modernferrotype.com>
>> To unsubscribe, send a blank message to trilug-leave at trilug.org from
>that
>> address.
>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>> Unsubscribe or edit options on the web :
>http://www.trilug.org/mailman/
>> options/trilug/cfischer%40modernferrotype.com
>> Welcome to TriLUG: http://trilug.org/welcome
>--
>This message was sent to: Roger <rogerb at bronord.com>
>To unsubscribe, send a blank message to trilug-leave at trilug.org from
>that address.
>TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>Unsubscribe or edit options on the web :
>http://www.trilug.org/mailman/options/trilug/rogerb%40bronord.com
>Welcome to TriLUG: http://trilug.org/welcome
More information about the TriLUG
mailing list