Looking for rootkits on Windows with Puppy ?
Looking for rootkits on Windows with Puppy ?
Is there a rootkit detector program I can run on Puppy (on USB) which will check for rookits on my Windows OS (which is on hard drive) ?
I believe some Windows rookits can blind antimalware running on the same Windows OS as to their presence,
so I’d like an independent second opinion about my Windows OS being rookit-free via Puppy, (or maybe via another live CD thingy).
I believe some Windows rookits can blind antimalware running on the same Windows OS as to their presence,
so I’d like an independent second opinion about my Windows OS being rookit-free via Puppy, (or maybe via another live CD thingy).
Probably better off with Hiren's and the Falcon boot cds.
Don't get me wrong...I use Puppy to clean it as well.
The trouble is week by week the nasties change.
""""""""
Hitman Pro....in Windows... is a goodie.
http://www.majorgeeks.com/files/details/hitman_pro.html
>> gives you a one off chance to fix any infections.
It scans over the internet, but is pretty fast.
Uninstall it from Control Panel immediately afterwards.
Free License
HitmanPro offers home users a free one-time license,
valid for thirty days, to remove the malicious software that was found
on the computer.
This one-time free license can be deployed from the License tab
under Settings:
http://www.surfright.nl/en/support/
http://www.surfright.nl/en/home/press/h ... scores-100
http://www.surfright.nl/en
""""""""""
http://www.surfright.nl/en/shop/
And....Yes you have to buy that feature >>>$25.00 ???
" Users simply create their own bootable HitmanPro.Kickstart
USB flash drive / memory stick from within the HitmanPro application.
Mark Loman continues: "HitmanPro.Kickstart will start the ransomed computer in their own familiar Microsoft Windows environment,
bypassing the ransomware, and will then guide the user through
the removal process.
No complicated manual tasks are required.
It is so easy, even your Granny is now able to free your computer
from ransomware, fake antiviruses and other persistent malware."
Chris.
Don't get me wrong...I use Puppy to clean it as well.
The trouble is week by week the nasties change.
""""""""
Hitman Pro....in Windows... is a goodie.
http://www.majorgeeks.com/files/details/hitman_pro.html
>> gives you a one off chance to fix any infections.
It scans over the internet, but is pretty fast.
Uninstall it from Control Panel immediately afterwards.
Free License
HitmanPro offers home users a free one-time license,
valid for thirty days, to remove the malicious software that was found
on the computer.
This one-time free license can be deployed from the License tab
under Settings:
http://www.surfright.nl/en/support/
http://www.surfright.nl/en/home/press/h ... scores-100
http://www.surfright.nl/en
""""""""""
http://www.surfright.nl/en/shop/
And....Yes you have to buy that feature >>>$25.00 ???
" Users simply create their own bootable HitmanPro.Kickstart
USB flash drive / memory stick from within the HitmanPro application.
Mark Loman continues: "HitmanPro.Kickstart will start the ransomed computer in their own familiar Microsoft Windows environment,
bypassing the ransomware, and will then guide the user through
the removal process.
No complicated manual tasks are required.
It is so easy, even your Granny is now able to free your computer
from ransomware, fake antiviruses and other persistent malware."
Chris.
Thanks Chris,cthisbear wrote:Probably better off with Hiren's and the Falcon boot cds.
I'd heard of Hiren's compilation boot CD ... http://www.hiren.info/pages/bootcd but given the large number of author's and cracking tools on it I'm concerned it might include something nasty.
Hiren's boot CD appears to include a cracked copy of XP ... "Mini Windows Xp" which presumably the antimalware , (like GMER), runs on.
I'm not happy about running anything which has been cracked, it could contain hidden nastiness, but I'll give it a go just after I backup my Windows system.
Last edited by Barkin on Sat 06 Jul 2013, 03:12, edited 1 time in total.
Kaspersky rescue disk is one I used once and it worked for me.
http://support.kaspersky.com/us/viruses/rescuedisk
http://support.kaspersky.com/us/viruses/rescuedisk
Yesss : "Kaspersky rescue disk" does look for rootkits ...dancytron wrote:Kaspersky rescue disk is one I used once and it worked for me.
http://support.kaspersky.com/us/viruses/rescuedisk
http://support.kaspersky.com/us/faq/?qid=208282145kaspersky.com wrote:Main application features:
Scanning Windows startup objects for malware and further disinfection.
Clearing the Windows registry of links to removed malicious programs.
Automatic disinfection of computers regardless of infection type and severity, including the following options:
scanning the computer for malware using signature databases;
heuristic analyzer;
scanning the computer for rootkits and neutralizing them.
Anti-virus database update option.
Recording the application on a CD/DVD or on a USB data medium.
Kaspersky Rescue Disk 10 is a free application.
http://www.comodo.com/business-security ... e-disk.php
Comodo rescue disk fixed what hitman-pro, malware-bytes and other stuff couldn't for me on Win7 (Still clean after about 7 weeks). It's based on Slitaz.
Comodo rescue disk fixed what hitman-pro, malware-bytes and other stuff couldn't for me on Win7 (Still clean after about 7 weeks). It's based on Slitaz.
Puppy Linux Blog - contact me for access
Thanks for that Comodo link. I was slightly concerned when the word "rescue" first appeared it was misspelled, but everything looks OK , (the four "Threat(s) Found" are false-alarms due to a peculiar Dell partition ).01micko wrote:http://www.comodo.com/business-security ... e-disk.php
- Attachments
-
- comodo scan, 100 percent in 3 hours.jpg
- comodo rescue screengrab
- (27.41 KiB) Downloaded 764 times
01micko:
Is there a USB booting code for that??
Or do we need Uncle nooby?
Here is a piece I pulled from it.
And a piece of Slacko...because I multiboot.
Comodo text
DEFAULT vesamenu.c32
PROMPT 0
NOESCAPE 1
ALLOWOPTIONS 0
TIMEOUT 100
MENU TITLE COMODO Resuce Disk(2.0.261647.1)
MENU BACKGROUND /boot/comodo_boot_background.jpg
MENU COLOR BORDER 37;40 #00000000 #00000000 none
MENU COLOR TITLE 37;40 #ffff5555 #00000000 std
MENU ROWS 4
MENU NOTABMSG
LABEL Enter the Graphic Mode
kernel /boot/bzImage
append initrd=/boot/rootfs.gz rw root=/dev/null vga=normal
LABEL Enter the Text Mode
kernel /boot/bzImage
append initrd=/boot/rootfs.gz rw root=/dev/null vga=normal screen=text
;;;;;
title Slacko Puppy (sdc1/slacko)
find --set-root --ignore-floppies /slacko/initrd.gz
kernel /slacko/vmlinuz pmedia=usbflash psubdir=slacko pfix=fsck
initrd /slacko/initrd.gz
"""""""""""
Love this.
Microsoft offloads heap of critical fixes in 'ugly' Patch Tuesday
" "This is one of the uglier releases we’ve seen from Microsoft this year," notes Paul Henry, security and forensic analyst at security tools firm Lumension.
"To say that all Microsoft products are affected and everything is
affected critically is not an understatement.
It’s difficult to prioritize one or two because all the bulletins are
significant this Patch Tuesday."
http://www.theregister.co.uk/2013/07/05 ... _prealert/
Chris.
Is there a USB booting code for that??
Or do we need Uncle nooby?
Here is a piece I pulled from it.
And a piece of Slacko...because I multiboot.
Comodo text
DEFAULT vesamenu.c32
PROMPT 0
NOESCAPE 1
ALLOWOPTIONS 0
TIMEOUT 100
MENU TITLE COMODO Resuce Disk(2.0.261647.1)
MENU BACKGROUND /boot/comodo_boot_background.jpg
MENU COLOR BORDER 37;40 #00000000 #00000000 none
MENU COLOR TITLE 37;40 #ffff5555 #00000000 std
MENU ROWS 4
MENU NOTABMSG
LABEL Enter the Graphic Mode
kernel /boot/bzImage
append initrd=/boot/rootfs.gz rw root=/dev/null vga=normal
LABEL Enter the Text Mode
kernel /boot/bzImage
append initrd=/boot/rootfs.gz rw root=/dev/null vga=normal screen=text
;;;;;
title Slacko Puppy (sdc1/slacko)
find --set-root --ignore-floppies /slacko/initrd.gz
kernel /slacko/vmlinuz pmedia=usbflash psubdir=slacko pfix=fsck
initrd /slacko/initrd.gz
"""""""""""
Love this.
Microsoft offloads heap of critical fixes in 'ugly' Patch Tuesday
" "This is one of the uglier releases we’ve seen from Microsoft this year," notes Paul Henry, security and forensic analyst at security tools firm Lumension.
"To say that all Microsoft products are affected and everything is
affected critically is not an understatement.
It’s difficult to prioritize one or two because all the bulletins are
significant this Patch Tuesday."
http://www.theregister.co.uk/2013/07/05 ... _prealert/
Chris.
kaspersky rescue disk seemed to work OK , but now Windows won't boot :¬(dancytron wrote:Kaspersky rescue disk is one I used once and it worked for me.
http://support.kaspersky.com/us/viruses/rescuedisk
[ I had to use "Last Known Good Configuration" then "System Restore"]
- Attachments
-
- kaspersky rescue disc.jpg
- (37.84 KiB) Downloaded 748 times
Last edited by Barkin on Mon 08 Jul 2013, 07:14, edited 3 times in total.
Dunno Chris, but you could probably download the free comodo linux version and install it in any puppy, it's ~25MB (iirc).cthisbear wrote:01micko:
Is there a USB booting code for that??
Or do we need Uncle nooby?
Here is a piece I pulled from it.
And a piece of Slacko...because I multiboot.
[snip].
Puppy Linux Blog - contact me for access
The Ruskies offer a USB option , (the boot problem may have been my fault), see ... "Kaspersky USB Rescue Disk Maker" expand (+) item #2.cthisbear wrote:" I didn't realize Kaspersky was that intelligent "
Themz Ruskies.
Chris.
They do say not to have any other OS on the USB stick as it may cause booting problems, [btw "Kaspersky Rescue Disk" is Gentoo linux in disguise].
An alternative method for "Kaspersky Rescue Disk" on USB ... http://www.megaleecher.net/Bootable_Kaspersky_Rescue_Disk
Last edited by Barkin on Mon 08 Jul 2013, 21:07, edited 3 times in total.
Careful with that Comodo rescue disk
I tried the Comodo rescue disk and told it to automatically fix viruses. Then I noticed it was scanning my Linux partition... It fixed my grub resulting in "missing operating system" next time I booted.
Repaired using grub to setup the partition as recommended by rcrsn51 here, but that was after quite a bit of learning experience trying a lot of things that didn't help
Repaired using grub to setup the partition as recommended by rcrsn51 here, but that was after quite a bit of learning experience trying a lot of things that didn't help
Just tried the Avast pet running on Puppy ... http://bkhome.org/blog/?viewDetailed=02494
It spotted the EICAR test-virus, see below , (but I don't know if this free version of Avast looks for root-kits ).
BTW the Avast virus "signature" database is now 87Mb, (quoted as "44MB" in Barry's 2011 blog).
It spotted the EICAR test-virus, see below , (but I don't know if this free version of Avast looks for root-kits ).
BTW the Avast virus "signature" database is now 87Mb, (quoted as "44MB" in Barry's 2011 blog).
- Attachments
-
- Avast on Puppy spots EICAR test-virus.png
- (39.04 KiB) Downloaded 620 times
Looking for rootkits on Windows with Puppy ?
Barkin,
I understand your point about wanting to use a Linux based program to check for rootkit(s) on Windows. Unfortunately, some apps such as Rootkit Hunter
are not being kept up to date...
While doing a search, I found this Windows app. It appears to be under active development, fairly up to date, and is supposed to use a random name for its exe file so that rootkits cannot easily detect it...
Hope this helps,
Monsie
I understand your point about wanting to use a Linux based program to check for rootkit(s) on Windows. Unfortunately, some apps such as Rootkit Hunter
are not being kept up to date...
While doing a search, I found this Windows app. It appears to be under active development, fairly up to date, and is supposed to use a random name for its exe file so that rootkits cannot easily detect it...
Hope this helps,
Monsie
My [u]username[/u] is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.
Re: Looking for rootkits on Windows with Puppy ?
Thanks Monsie,
I've used that app, GMER, on windows, but my objective was to find a root-kit finder which was not running on the system being scanned, just in case it was being blinded by sophisticated malware also running on the windows OS.
Would GMER work if it ran on Linux via WINE ?, or would it just search WINE for rookits , rather than the real windows OS ?
I've used that app, GMER, on windows, but my objective was to find a root-kit finder which was not running on the system being scanned, just in case it was being blinded by sophisticated malware also running on the windows OS.
Would GMER work if it ran on Linux via WINE ?, or would it just search WINE for rookits , rather than the real windows OS ?
Looking for rootkits on Windows with Puppy ?
Barkin, I think it would be useful to test whether gmer would work under Wine or not, then report the findings...
While I have not used gmer, it seems to me that the gui should have a provision to select the hard drive and/or partition to scan... --otherwise its functionality is rather limited. Even if the average user does not work with partitions, many computers manufactured today come with two hard drives.
Monsie
While I have not used gmer, it seems to me that the gui should have a provision to select the hard drive and/or partition to scan... --otherwise its functionality is rather limited. Even if the average user does not work with partitions, many computers manufactured today come with two hard drives.
Monsie
My [u]username[/u] is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.