[TriLUG] Rescue CD
Tim Jowers via TriLUG
trilug at trilug.org
Wed Apr 15 12:34:30 EDT 2015
maybe one nutty idea but if the main files are office files then maybe copy
them to a thumb drive and boot into a bootable CD of Linux. then you could
open the files there without worrying about infecting the "system" and
perhaps the viruses would not even run on linux.
E.g. customer could open their N important excel files and export as calc
etc.
Just a tangent,
Tim
On Wed, Apr 15, 2015 at 11:21 AM, Roger Broseus via TriLUG <
trilug at trilug.org> wrote:
> David,
>
> I suggest that you copy customer DATA to a clean disk and scan with more
> than one tool. I recently rec'd an email with a zip file attached. ClamAV
> said it was okay under linux, as did Norton 360 with all current updates.
> MS Security Essentials found a Trojan. Consider only keeping mission
> critical data for scanning. Reinstall the system after wiping the disk or
> reformatting.
>
> I recommend this conservative approach because you say the system is
> heavily infected. In that case you may never find all of the possibly
> infected system files. So, play it safe and do a clean re-install.
>
> It sounds tedious because it is but may be necessary. Then educate the
> customer on safe computing. Recommend a separate computer for non-business
> surfing, etc.
> --
> Roger Broseus
> www.bronord.com
> (This email was composed on a tablet PC. Pease excuse predictive-text
> induced tiepos.)
>
>
> >On Wed, Apr 15, 2015 at 8:21 AM, David Both via TriLUG
> ><trilug at trilug.org>
> >wrote:
> >
> >> I am trying to find a good, recent rescue CD that I can use to rescue
> >> Windows systems up through 8.1. There are several apparently
> >well-regarded
> >> ones out there, but most have not been updated for a few years. My
> >primary
> >> criteria are that it must run Linux and that it must be able to scan
> >for
> >> current new malware, viruses, spyware, Trojans, etc.
> >>
> >> I have a customer with a Win8.1 box that is heavily infected. He has
> >> someone whom he uses for this, and I have recommended another person
> >who
> >> was recommended to me by Intrex. I would just like to be able to do
> >this
> >> myself when I run into these types of issues since I am already
> >on-site and
> >> trying to resolve problems that may be related or affected by these
> >> infections.
> >>
> >> I am already testing Hiren's Boot Disk, SystemRescueCD and Trinity
> >Rescue
> >> Kit.
> >>
> >> Any and all suggestions will be appreciated. Thanks!
> >>
> >> --
> >>
> >>
> >> *********************************************************
> >> David P. Both, RHCE
> >> Millennium Technology Consulting LLC
> >> Raleigh, NC, USA
> >> 919-389-8678
> >>
> >> dboth at millennium-technology.com
> >>
> >> www.millennium-technology.com
> >> www.databook.bz - Home of the DataBook for Linux
> >> DataBook is a Registered Trademark of David Both
> >> *********************************************************
> >> This communication may be unlawfully collected and stored by the
> >National
> >> Security Agency (NSA) in secret. The parties to this email do not
> >consent
> >> to the
> >> retrieving or storing of this communication and any related metadata,
> >as
> >> well as
> >> printing, copying, re-transmitting, disseminating, or otherwise using
> >it.
> >> If you
> >> believe you have received this communication in error, please delete
> >it
> >> immediately.
> >>
> >> --
> >> This message was sent to: Charles Fischer
> ><cfischer at modernferrotype.com>
> >> To unsubscribe, send a blank message to trilug-leave at trilug.org from
> >that
> >> address.
> >> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> >> Unsubscribe or edit options on the web :
> >http://www.trilug.org/mailman/
> >> options/trilug/cfischer%40modernferrotype.com
> >> Welcome to TriLUG: http://trilug.org/welcome
> >--
> >This message was sent to: Roger <rogerb at bronord.com>
> >To unsubscribe, send a blank message to trilug-leave at trilug.org from
> >that address.
> >TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> >Unsubscribe or edit options on the web :
> >http://www.trilug.org/mailman/options/trilug/rogerb%40bronord.com
> >Welcome to TriLUG: http://trilug.org/welcome
>
> --
> This message was sent to: timjowers <timjowers at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web :
> http://www.trilug.org/mailman/options/trilug/timjowers%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
>
More information about the TriLUG
mailing list