| View previous topic :: View next topic |
| Author |
Message |
Spooky
Newbie
Joined: 13 Dec 2008
Last Visit: 14 Dec 2008
Posts: 2
|
 Posted: Sat Dec 13, 2008 8:09 am Post subject: Spyware / Virus removal workbench |
 |
|
Hi.
I'm building a virus / spyware removal workbench where I can simply plug in an infected drive and go at it with the latest and greatest spyware apps.
Here is a picture:
I've used a USB to Hard Drive (IDE / SATA) adaptor to connect the infected drive to the machine. I can then use various apps to clean it. I've chosen the following:
Norton Ghost 14 to make an image of the drive
SuperAntiSpyware & MalwareBytes for Spyware removal
Sophos & AVG Free for Virus removal
I think that if I can get a machine to show as clear on all those 4 apps then it's good to go. The Ghost image is there in case the machine cannot be rescued and re-installation is required. Also, if I screw up the data is not lost.
What do you think? Any suggestions on hardware or software I can use to make this better. I guess many of you will have built a similar set-up, any advice?
Cheers,
Spooky |
|
| Back to top |
|
 |
roger_m
Warrior Addict
Joined: 24 Feb 2006
Last Visit: 26 Mar 2013
Posts: 605
Location: Blackwater, Australia
|
| Posted: Sat Dec 13, 2008 3:03 pm Post subject: |
|
|
One problem you will have with your setup is that while antispyware apps will be able to detect and remove infected files on the external harddrive they won't be able to scan the registry.
However you could delete any infected files and then put the harddrive back in the computer it came from and then install and run antispyware software on that computer |
|
| Back to top |
|
|
MysteryFCM
Malware Expert
Joined: 28 Aug 2004
Last Visit: 01 Mar 2013
Posts: 841
Location: Tyne & Wear, UK
|
| Posted: Sat Dec 13, 2008 6:29 pm Post subject: |
|
|
A much better method is to leave the original drive in it's original machine, and clean it directly (assuming it will boot into Windows and/or safe mode). This will not only get rid of files/registry entries, but everything else too. You can always connect to the machine via UNC to scan remotely if you really want to.
If need be, use either a Linux Live CD (then use ClamAV etc to scan/clean it) such as Austrumi, DamnSmallLinux etc etc, or one of the Live CD's offered by the AV vendors (F-Secure, Avira, BitDefender, Kaspersky and DrWeb all offer a Live "Rescue" CD that allows cleaning)
_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net |
|
| Back to top |
|
|
Spooky
Newbie
Joined: 13 Dec 2008
Last Visit: 14 Dec 2008
Posts: 2
|
| Posted: Sun Dec 14, 2008 2:12 am Post subject: |
|
|
Thanks for the feedback guys.
I've been doing as roger_m suggested; clearing what I can then putting the drive back in the machine.
I like the ability to back up the hard drive in case it all goes wrong. Sadly Norton Ghost doesn't allow me to backup a drive from the rescue CD, does anyone know of a utility that does?
I've tried a couple of the live CDs and they seem to work well so far. |
|
| Back to top |
|
|
MysteryFCM
Malware Expert
Joined: 28 Aug 2004
Last Visit: 01 Mar 2013
Posts: 841
Location: Tyne & Wear, UK
|
|
| Back to top |
|
|
|
