Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

can you do a malware scan of windows machine with linux CD ?

  • 20-07-2007 05:26PM
    #1
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 96,117 Mod ✭✭✭✭


    just wondering out loud.

    you can use ubuntu or other linux cd's to run clamav to do a virus scan of a windows machine, can you do something similar for malware ?


Comments

  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    i've never used linux for this purpose(thought about BartPE), but i tried ultimate bootdisk a couple of times, and found it ok for some malware.
    the free scanners.. f-prot did pick up some viruses alright, but not everything.

    one thing i think would be cool, and very useful to have.. is a signature verification program, like the verification feature of sysinternals autoruns/process explorer.

    possibly build on top of offline registry editor, which is open source.
    include something like PEiD which recognises loads of PE compressors/encrypters used to protect malware from disassembly.

    Have a fresh clean set of catalog files from microsoft on cdrom, which would be used to verify all startup points..drivers,services,plugins..etc

    start with anti-virus scan, or some software that takes a checksum and compares to database of known malware, just to weed out the suckers.

    after most files pass virus test, verify the publisher of each file, see if its trusted, if that doesn't pass, flag as suspicious...if its compressed/encrypted, flag highly suspicious :) and inspect closer, or just disable it for reboot and another virus scan using full scanner..possibly search online for any relevant information about the unrecognised file.

    ..not that time consuming, unless the system is completely overrun with malware that cannot be detected by av-scanner.

    certainly rootkit revealer does read the registry hives/and low disk reads already, but sometimes rootkits block these programs from executing at all, and RKR won't run in safe mode..

    does anyone know any software which runs off linux to carry out advanced malware detection?

    would be nice software.
    i'd say it would be no problem to use clamav off linux, just guessing


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 96,117 Mod ✭✭✭✭Capt'n Midnight


    but sometimes rootkits block these programs from executing at all, and RKR won't run in safe mode.
    ...
    i'd say it would be no problem to use clamav off linux, just guessing
    yeah the idea is to bypass anything running

    and yes clamav can be run from a linux boot disk

    would be nice to have a CD that boots up , downloads the latest signature files from the interweb and cleans the whole thing, one problem is the number of patches means it would be very difficult to generate a white list of windows system files so that you could end up with a relatively clean system that could be booted with all non-microsoft stuff off.


  • Registered Users, Registered Users 2 Posts: 6,946 ✭✭✭SouperComputer


    maybe instead of it downloading a rake of updates everytime you boot the CD, it could mount a USB drive and store update and definition-specific data there.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 96,117 Mod ✭✭✭✭Capt'n Midnight


    maybe instead of it downloading a rake of updates everytime you boot the CD, it could mount a USB drive and store update and definition-specific data there.
    That's a plan :)

    actually a 1GB USB key would hold a bootable image and some space

    another idea is to use a CD/DVD RW and merge them in to the unused space, puppylinux can do something like that IIRC


  • Closed Accounts Posts: 71 ✭✭mcloughl


    you should have a look at backtrack http://www.remote-exploit.org/backtrack.html This distro is the best all in 1 security toolkit. It comes with stuff like chkrootkit etc. It will also allow you to mount read only the local disk partitions.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 6,946 ✭✭✭SouperComputer


    mcloughl wrote:
    you should have a look at backtrack http://www.remote-exploit.org/backtrack.html This distro is the best all in 1 security toolkit. It comes with stuff like chkrootkit etc. It will also allow you to mount read only the local disk partitions.


    I'm familiar with Backtrack and its predecessors, however I'm curious as to how it can scan for malware on a Windows machine :confused:


Advertisement