Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 22 Oct 2014, 00:58
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Looking for rootkits on Windows with Puppy ?
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 2 Posts_count   Goto page: 1, 2 Next
Author Message
Barkin


Joined: 12 Aug 2011
Posts: 727

PostPosted: Fri 05 Jul 2013, 18:38    Post_subject:  Looking for rootkits on Windows with Puppy ?
Sub_title: double-check for Windows rootkits via Puppy
 

Is there a rootkit detector program I can run on Puppy (on USB) which will check for rookits on my Windows OS (which is on hard drive) ?

I believe some Windows rookits can blind antimalware running on the same Windows OS as to their presence,
so I’d like an independent second opinion about my Windows OS being rookit-free via Puppy, (or maybe via another live CD thingy).
Back to top
View user's profile Send_private_message 
cthisbear

Joined: 29 Jan 2006
Posts: 3431
Location: Sydney Australia

PostPosted: Fri 05 Jul 2013, 21:21    Post_subject:  

Probably better off with Hiren's and the Falcon boot cds.

Don't get me wrong...I use Puppy to clean it as well.

The trouble is week by week the nasties change.

""""""""

Hitman Pro....in Windows... is a goodie.

http://www.majorgeeks.com/files/details/hitman_pro.html

>> gives you a one off chance to fix any infections.
It scans over the internet, but is pretty fast.
Uninstall it from Control Panel immediately afterwards.

Free License

HitmanPro offers home users a free one-time license,
valid for thirty days, to remove the malicious software that was found
on the computer.

This one-time free license can be deployed from the License tab
under Settings:

http://www.surfright.nl/en/support/

http://www.surfright.nl/en/home/press/hitmanpro-scores-100

http://www.surfright.nl/en

""""""""""

http://www.surfright.nl/en/shop/

And....Yes you have to buy that feature >>>$25.00 ???

" Users simply create their own bootable HitmanPro.Kickstart
USB flash drive / memory stick from within the HitmanPro application.

Mark Loman continues: "HitmanPro.Kickstart will start the ransomed computer in their own familiar Microsoft Windows environment,
bypassing the ransomware, and will then guide the user through
the removal process.

No complicated manual tasks are required.
It is so easy, even your Granny is now able to free your computer
from ransomware, fake antiviruses and other persistent malware."

Chris.
Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 727

PostPosted: Fri 05 Jul 2013, 22:47    Post_subject:  

cthisbear wrote:
Probably better off with Hiren's and the Falcon boot cds.

Thanks Chris,

I'd heard of Hiren's compilation boot CD ... http://www.hiren.info/pages/bootcd but given the large number of author's and cracking tools on it I'm concerned it might include something nasty.

Hiren's boot CD appears to include a cracked copy of XP ... "Mini Windows Xp" which presumably the antimalware , (like GMER), runs on.
I'm not happy about running anything which has been cracked, it could contain hidden nastiness, but I'll give it a go just after I backup my Windows system.

Edited_time_total
Back to top
View user's profile Send_private_message 
dancytron

Joined: 18 Jul 2012
Posts: 283

PostPosted: Fri 05 Jul 2013, 23:09    Post_subject:  

Kaspersky rescue disk is one I used once and it worked for me.
http://support.kaspersky.com/us/viruses/rescuedisk
Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 727

PostPosted: Fri 05 Jul 2013, 23:22    Post_subject:  

dancytron wrote:
Kaspersky rescue disk is one I used once and it worked for me.
http://support.kaspersky.com/us/viruses/rescuedisk

Yesss : "Kaspersky rescue disk" does look for rootkits ...

kaspersky.com wrote:
Main application features:
Scanning Windows startup objects for malware and further disinfection.
Clearing the Windows registry of links to removed malicious programs.
Automatic disinfection of computers regardless of infection type and severity, including the following options:
scanning the computer for malware using signature databases;
heuristic analyzer;
scanning the computer for rootkits and neutralizing them.
Anti-virus database update option.
Recording the application on a CD/DVD or on a USB data medium.
Kaspersky Rescue Disk 10 is a free application.

http://support.kaspersky.com/us/faq/?qid=208282145
Back to top
View user's profile Send_private_message 
01micko


Joined: 11 Oct 2008
Posts: 7832
Location: qld

PostPosted: Sat 06 Jul 2013, 00:44    Post_subject:  

http://www.comodo.com/business-security/network-protection/rescue-disk.php

Comodo rescue disk fixed what hitman-pro, malware-bytes and other stuff couldn't for me on Win7 (Still clean after about 7 weeks). It's based on Slitaz.

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send_private_message Visit_website 
Barkin


Joined: 12 Aug 2011
Posts: 727

PostPosted: Sat 06 Jul 2013, 01:46    Post_subject:  

01micko wrote:
http://www.comodo.com/business-security/network-protection/rescue-disk.php

Thanks for that Comodo link. I was slightly concerned when the word "rescue" first appeared it was misspelled, but everything looks OK , (the four "Threat(s) Found" are false-alarms due to a peculiar Dell partition ).
comodo scan, 100 percent in 3 hours.jpg
 Description   comodo rescue screengrab
 Filesize   27.41 KB
 Viewed   581 Time(s)

comodo scan, 100 percent in 3 hours.jpg

Back to top
View user's profile Send_private_message 
cthisbear

Joined: 29 Jan 2006
Posts: 3431
Location: Sydney Australia

PostPosted: Sun 07 Jul 2013, 19:52    Post_subject:  

01micko:

Is there a USB booting code for that??

Or do we need Uncle nooby?

Here is a piece I pulled from it.

And a piece of Slacko...because I multiboot.

Comodo text

DEFAULT vesamenu.c32
PROMPT 0
NOESCAPE 1
ALLOWOPTIONS 0
TIMEOUT 100
MENU TITLE COMODO Resuce Disk(2.0.261647.1)
MENU BACKGROUND /boot/comodo_boot_background.jpg
MENU COLOR BORDER 37;40 #00000000 #00000000 none
MENU COLOR TITLE 37;40 #ffff5555 #00000000 std
MENU ROWS 4
MENU NOTABMSG

LABEL Enter the Graphic Mode
kernel /boot/bzImage
append initrd=/boot/rootfs.gz rw root=/dev/null vga=normal

LABEL Enter the Text Mode
kernel /boot/bzImage
append initrd=/boot/rootfs.gz rw root=/dev/null vga=normal screen=text


;;;;;


title Slacko Puppy (sdc1/slacko)
find --set-root --ignore-floppies /slacko/initrd.gz
kernel /slacko/vmlinuz pmedia=usbflash psubdir=slacko pfix=fsck
initrd /slacko/initrd.gz



"""""""""""

Love this.

Microsoft offloads heap of critical fixes in 'ugly' Patch Tuesday

" "This is one of the uglier releases we’ve seen from Microsoft this year," notes Paul Henry, security and forensic analyst at security tools firm Lumension.

"To say that all Microsoft products are affected and everything is
affected critically is not an understatement.

It’s difficult to prioritize one or two because all the bulletins are
significant this Patch Tuesday."

http://www.theregister.co.uk/2013/07/05/ms_july_2013_patch_tuesday_prealert/

Chris.
Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 727

PostPosted: Mon 08 Jul 2013, 02:10    Post_subject:
Sub_title: My in foil hat is on too tight
 

dancytron wrote:
Kaspersky rescue disk is one I used once and it worked for me.
http://support.kaspersky.com/us/viruses/rescuedisk

kaspersky rescue disk seemed to work OK , but now Windows won't boot :¬(
[ I had to use "Last Known Good Configuration" then "System Restore"]
kaspersky rescue disc.jpg
 Description   
 Filesize   37.84 KB
 Viewed   558 Time(s)

kaspersky rescue disc.jpg


Edited_times_total
Back to top
View user's profile Send_private_message 
01micko


Joined: 11 Oct 2008
Posts: 7832
Location: qld

PostPosted: Mon 08 Jul 2013, 02:18    Post_subject:  

cthisbear wrote:
01micko:

Is there a USB booting code for that??

Or do we need Uncle nooby?

Here is a piece I pulled from it.

And a piece of Slacko...because I multiboot.

[snip].


Dunno Chris, but you could probably download the free comodo linux version and install it in any puppy, it's ~25MB (iirc).

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send_private_message Visit_website 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Mon 08 Jul 2013, 04:04    Post_subject:
Sub_title: My in foil hat is on too tight
 

Barkin wrote:

kaspersky rescue disk seemed to work OK , but now Windows won't boot


I didn't realize Kaspersky was that intelligent
Back to top
View user's profile Send_private_message 
cthisbear

Joined: 29 Jan 2006
Posts: 3431
Location: Sydney Australia

PostPosted: Mon 08 Jul 2013, 08:29    Post_subject:  

" I didn't realize Kaspersky was that intelligent "

Themz Ruskies.

Chris.
Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 727

PostPosted: Mon 08 Jul 2013, 16:37    Post_subject:  

cthisbear wrote:
" I didn't realize Kaspersky was that intelligent "

Themz Ruskies.

Chris.


The Ruskies offer a USB option , (the boot problem may have been my fault), see ... "Kaspersky USB Rescue Disk Maker" expand (+) item #2.

They do say not to have any other OS on the USB stick as it may cause booting problems, [btw "Kaspersky Rescue Disk" is Gentoo linux in disguise].

An alternative method for "Kaspersky Rescue Disk" on USB ... http://www.megaleecher.net/Bootable_Kaspersky_Rescue_Disk

Edited_times_total
Back to top
View user's profile Send_private_message 
Wognath

Joined: 19 Apr 2009
Posts: 183

PostPosted: Mon 08 Jul 2013, 16:58    Post_subject: Careful with that Comodo rescue disk  

I tried the Comodo rescue disk and told it to automatically fix viruses. Then I noticed it was scanning my Linux partition... It fixed my grub resulting in "missing operating system" next time I booted. Shocked

Repaired using grub to setup the partition as recommended by rcrsn51 here, but that was after quite a bit of learning experience trying a lot of things that didn't help Embarassed
Back to top
View user's profile Send_private_message 
Barkin


Joined: 12 Aug 2011
Posts: 727

PostPosted: Sat 20 Jul 2013, 09:47    Post_subject:
Sub_title: Avast on Puppy
 

Just tried the Avast pet running on Puppy ... http://bkhome.org/blog/?viewDetailed=02494
It spotted the EICAR test-virus, see below , (but I don't know if this free version of Avast looks for root-kits ).
BTW the Avast virus "signature" database is now 87Mb, (quoted as "44MB" in Barry's 2011 blog).
Avast on Puppy spots EICAR test-virus.png
 Description   
 Filesize   39.04 KB
 Viewed   413 Time(s)

Avast on Puppy spots EICAR test-virus.png

Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 2 Posts_count   Goto page: 1, 2 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0875s ][ Queries: 12 (0.0047s) ][ GZIP on ]