[TriLUG] Rescue CD
David Both via TriLUG
trilug at trilug.org
Wed Apr 15 14:57:25 EDT 2015
Thanks for all of the really good suggestions.
On 04/15/2015 02:21 PM, David Burton via TriLUG wrote:
> Be sure your computer is set to never automatically run such such things.
> Under Windows 7 the setting is here:
>
> *Control Panel *->* All Control Panel Items *->* AutoPlay*
>
>
> Make sure that "Software and games" is set to something reasonable (i.e.,
> *NOT* set to "install or run program from your media").
>
> Microsoft has a (remarkably bloated) "FixIt" to make this settings
> adjustment on Windows versions from XP through Win7: MicrosoftFixit50471.msi
> <http://go.microsoft.com/?linkid=9741395>
>
> Supposedly, starting with Windows 7, Autorun no longer works except on
> CD/DVD drives. *(Microsoft, what took you so long
> <https://www.youtube.com/watch?v=4RpoAnnmgw4#t=51s>?) *Microsoft has also
> released a (horribly bloated) "hotfix" for Vista, to prevent autorun except
> on CD/DVD drives (like Win7): KB971029
> <http://www.microsoft.com/en-us/download/details.aspx?id=12314>
>
> However, even on Win7/8/8.1 (or Vista with the hotfox), I still would not
> plug a possibly-infected device into a computer which had AutoPlay /
> Software and games set to "Install or run program from your media." It's
> probably safe, but I'm not certain of that. Some thumbdrives are trickily
> partitioned to look like a small read-only CD drive plus a bigger
> read-write drive, but I don't know how that works, and I don't really have
> confidence that autorun is really disabled for such thumbdrives.
>
> Dave
> www.geeksalive.com
>
>
>
> On Wed, Apr 15, 2015 at 1:29 PM, MrB <brentrbrian at gmail.com> wrote:
>
>> Be careful ... some malware puts "autorun" in c:\ ... you could infect
>> the host system doing the "clean up"
>>
>>
>> On Wed, Apr 15, 2015 at 1:00 PM, David Burton via TriLUG <
>> trilug at trilug.org> wrote:
>>
>>> For badly infected machines, I usually just pull out the hard disk drive,
>>> hook it up as an external drive on a clean machine, and scan it from the
>>> clean machine, so that the infections can't "fight back."
>>>
>>> Unless you're in a desperate hurry, scan it with several tools, because
>> *...[snip] *
>>
>> --
>>
>>
>> *********************************************************
>> David P. Both, RHCE
>> Millennium Technology Consulting LLC
>> Raleigh, NC, USA
>> 919-389-8678
>>
>> dboth at millennium-technology.com
>>
>> www.millennium-technology.com
>> www.databook.bz - Home of the DataBook for Linux
>> DataBook is a Registered Trademark of David Both
>> *********************************************************
>> This communication may be unlawfully collected and stored by the National
>> Security Agency (NSA) in secret. The parties to this email do not consent to the
>> retrieving or storing of this communication and any related metadata, as well as
>> printing, copying, re-transmitting, disseminating, or otherwise using it. If you
>> believe you have received this communication in error, please delete it
>> immediately.
>>
More information about the TriLUG
mailing list