AntiVirus boot CD

Discussion in 'Computer Information' started by RedBack, Nov 16, 2003.

  1. RedBack

    RedBack Guest

    I've been called out a lot lately to clean up infected systems :)

    I'm experimenting with making different AntiVirus boot CD to find
    which will work the best with Windows FAT32 & NTFS systems. And is
    easy to keep the signatures updated.
    Basically I make a DOS Boot CD with the AntiVirus command line
    scanners....with a menu for FAT32 & NTFS
    The NTFS option loads NTFSPRO then runs the scanner.
    F-Prot works OK in both systems.
    Norton's NAVDX.EXE works great on FAT32 but halfway through NTFS it
    dies with errors.
    I'm downloading AntiVir now to try their command line scanner
    AVE32.EXE.
    Any other command line scanners you can suggest, or help & advice will
    be appreciated.

    RedBack
     
    RedBack, Nov 16, 2003
    #1
    1. Advertising

  2. RedBack

    Plato Guest

    RedBack wrote:
    >
    > The NTFS option loads NTFSPRO then runs the scanner.
    > F-Prot works OK in both systems.


    Good to know. What does ntfspro run these days?
     
    Plato, Nov 18, 2003
    #2
    1. Advertising

  3. RedBack

    Thor Guest

    my question would be as to whether Redback has used F-prot to actually fix,
    or remove a virus in this fashion. Scanning for a virus using an NTFS-aware
    boot disk is one thing, but removal is another, because that requires
    writing to the NTFS partition using the DOS NTFS driver. Something I'm a
    little leery about doing to a customer's system.



    ...
    "Plato" <|@|.|> wrote in message
    news:3fb997b9$0$187$...
    > RedBack wrote:
    > >
    > > The NTFS option loads NTFSPRO then runs the scanner.
    > > F-Prot works OK in both systems.

    >
    > Good to know. What does ntfspro run these days?
     
    Thor, Nov 18, 2003
    #3
  4. RedBack

    RedBack Guest

    On Tue, 18 Nov 2003 08:43:25 -0500, "Thor" <> wrote :

    >my question would be as to whether Redback has used F-prot to actually fix,
    >or remove a virus in this fashion. Scanning for a virus using an NTFS-aware
    >boot disk is one thing, but removal is another, because that requires
    >writing to the NTFS partition using the DOS NTFS driver. Something I'm a
    >little leery about doing to a customer's system.
    >


    As my original post said, I'm only experimenting at this stage to try
    and create a boot AntiVirus CD that will work.
    Tested with the EICAR test virus
    I normally remove the worm manually
    The aim is if someone has a problem I can boot from a CD in front of
    them to test it before attempting to load windows to make sure they
    haven't just stuffed up something and waste time by taking their word
    that they haven't done anything :)
    To be honest I don't have a lot of faith in running it from DOS on
    NTFS at this stage as a poster told me in another group that there's a
    problem if the user has a path statement longer than 64 characters in
    NTFS.
    I'm open to any ideas.


    RedBack
     
    RedBack, Nov 18, 2003
    #4
  5. RedBack

    RedBack Guest

    On Wed, 19 Nov 2003 09:03:24 +1030, RedBack <> wrote
    :

    >On Tue, 18 Nov 2003 08:43:25 -0500, "Thor" <> wrote :
    >
    >>my question would be as to whether Redback has used F-prot to actually fix,
    >>or remove a virus in this fashion. Scanning for a virus using an NTFS-aware
    >>boot disk is one thing, but removal is another, because that requires
    >>writing to the NTFS partition using the DOS NTFS driver. Something I'm a
    >>little leery about doing to a customer's system.
    >>

    >
    >As my original post said, I'm only experimenting at this stage to try
    >and create a boot AntiVirus CD that will work.
    >Tested with the EICAR test virus
    >I normally remove the worm manually
    >The aim is if someone has a problem I can boot from a CD in front of
    >them to test it before attempting to load windows to make sure they
    >haven't just stuffed up something and waste time by taking their word
    >that they haven't done anything :)
    >To be honest I don't have a lot of faith in running it from DOS on
    >NTFS at this stage as a poster told me in another group that there's a
    >problem if the user has a path statement longer than 64 characters in
    >NTFS.
    >I'm open to any ideas.
    >
    >
    >RedBack


    From a reply post at aus.computers

    On Sun, 16 Nov 2003 10:54:33 GMT, "Justin Thyme"

    I've done similar with FProt - have a boot CD then put the latest
    definitions on my thumb drive. Pretty easy to load dos drivers for a
    thumb
    drive, then unzip the latest definitions from there to a ramdisk.
    Then I
    load NTFSDOS to give me access to NTFS partitions. BUT...
    big problems with WXP/W2000 based systems. Basically what causes it
    is
    this - old Dos only supported a maximum of 64 characters in the
    complete
    path name. This limitation carries over into W98 Dos, PCDos 7, WME Dos
    etc.
    WXP/2000 however allow much longer pathnames, and in practice systems
    with
    these OS's will have many paths that are longer - this will be the
    case
    whether you use NTFS or FAT32. My system for example has:
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\PROGRA~1\ACCESS~1\ACCESS~1
    which is 71 characters long (only counting the short names). So what
    happens
    is when you boot in DOS mode, the system can only scan until it
    encounters a
    path of longer than 64 characters. Norton's will bomb out with an
    error
    message, but FProt will just stop scanning there and say it has
    finished,
    with no error messages whatsoever. I was starting to think FProt was
    not
    capable of detecting some viruses, because it would say systems that I
    knew
    had certain viruses were clean. Took me ages to trace what was really
    happening. I believe the correct behaviour should be that it gives a
    warning
    that it can't scan any deeper into the directory tree, but continue
    scanning
    what it can access.

    So far I haven't worked out a satisfactory solution to the problem.
    The
    other alternative would be a windows based scanner that can run off a
    CD/thumbdrive without requiring installation, and can have updated
    definitions simply by copying the relevant files to a disk


    RedBack
     
    RedBack, Nov 18, 2003
    #5
  6. RedBack

    Plato Guest

    Thor wrote:
    >


    In other words, if you use a ntfs third party dos driver, f-prot _has_
    to use it to write to the fat. On the other hand, if you boot to safe
    mode in XP, f-prot just calls XP to write to the fat. Correct?

    > my question would be as to whether Redback has used F-prot to actually fix,
    > or remove a virus in this fashion. Scanning for a virus using an NTFS-aware
    > boot disk is one thing, but removal is another, because that requires
    > writing to the NTFS partition using the DOS NTFS driver. Something I'm a
    > little leery about doing to a customer's system.
    >
    > ..
    > "Plato" <|@|.|> wrote in message
    > news:3fb997b9$0$187$...
    > > RedBack wrote:
    > > >
    > > > The NTFS option loads NTFSPRO then runs the scanner.
    > > > F-Prot works OK in both systems.

    > >
    > > Good to know. What does ntfspro run these days?
     
    Plato, Nov 19, 2003
    #6
  7. RedBack

    Thor Guest

    "Plato" <|@|.|> wrote in message
    news:3fbbfb4d$0$76121$...
    > Thor wrote:
    > >

    >
    > In other words, if you use a ntfs third party dos driver, f-prot _has_
    > to use it to write to the fat. On the other hand, if you boot to safe
    > mode in XP, f-prot just calls XP to write to the fat. Correct?


    correct.
     
    Thor, Nov 20, 2003
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tim

    Sophos AntiVirus Vs Norton AntiVirus

    Tim, Aug 16, 2003, in forum: Computer Support
    Replies:
    7
    Views:
    10,548
    Robert de Brus
    Aug 17, 2003
  2. Nicole Kidman
    Replies:
    1
    Views:
    3,216
    °Mike°
    Aug 16, 2003
  3. alexander rickert

    symantec: norton antivirus versus norton antivirus corporate

    alexander rickert, Nov 3, 2004, in forum: Computer Information
    Replies:
    3
    Views:
    1,332
    James Baber
    Nov 3, 2004
  4. Replies:
    2
    Views:
    1,264
  5. dfinc
    Replies:
    7
    Views:
    1,597
    dfinc
    Aug 6, 2009
Loading...

Share This Page