If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Scanning NTFS partitions for virus outside XP
Anyone have an easy solution to this? I have a job as a computer technician
and none of the other techs seem to have a good answer either. Ideally when a customer brings in their PC and the symptoms sound virus-like, we update the definitions of the anti-virus they're using and scan the drives. Of course, usually there's no software present or the update subscription is expired...even worse are the situations where a virus is preventing installation of AV software. Obviously in these cases, the system needs to be scanned from outside the Windows installation on that drive. Several years ago before XP had been released making NTFS partitions commonplace for consumer PCs, we would boot to DOS using a bootable CD and scan the drive(s) with f-prot. As we all know, NTFS partitions cannot be accessed from DOS so now we're faced with a problem. Usually, we end up yanking out the hard drive and hooking it up to our tech computer and let Norton loose on it. This method works, but is time consuming...especially with laptops. Basically, we don't want to take a system apart if the problems are software related. One of the techs did bring in a shareware program that emulated DOS, but had no problems with NTFS. Unfortunately, the demo limited users to read-only access. Despite being part of a hugely successful multi-billion dollar corporation, the store would never hand over money for new software. So that's our dilemma. I probably could have asked that question with a great deal more brevity, but we're here to have fun too, right? Anyone? Suggestions very much appreciated. I mean, there has to be an easier way to do this. Just so it's clear, we're looking for a CD bootable version of some OS (we're not picky) that can run a virus scan on NTFS partitions. Thanks everyone for reading this drivel. Happy Holidays! mac |
#2
|
|||
|
|||
There are several linux OS that will run just off the cd and RAM. I know one
is called knopix and is a GUI. I'm sure that it would be easy to do this with one of them. "macphisto" wrote in message ... Anyone have an easy solution to this? I have a job as a computer technician and none of the other techs seem to have a good answer either. Ideally when a customer brings in their PC and the symptoms sound virus-like, we update the definitions of the anti-virus they're using and scan the drives. Of course, usually there's no software present or the update subscription is expired...even worse are the situations where a virus is preventing installation of AV software. Obviously in these cases, the system needs to be scanned from outside the Windows installation on that drive. Several years ago before XP had been released making NTFS partitions commonplace for consumer PCs, we would boot to DOS using a bootable CD and scan the drive(s) with f-prot. As we all know, NTFS partitions cannot be accessed from DOS so now we're faced with a problem. Usually, we end up yanking out the hard drive and hooking it up to our tech computer and let Norton loose on it. This method works, but is time consuming...especially with laptops. Basically, we don't want to take a system apart if the problems are software related. One of the techs did bring in a shareware program that emulated DOS, but had no problems with NTFS. Unfortunately, the demo limited users to read-only access. Despite being part of a hugely successful multi-billion dollar corporation, the store would never hand over money for new software. So that's our dilemma. I probably could have asked that question with a great deal more brevity, but we're here to have fun too, right? Anyone? Suggestions very much appreciated. I mean, there has to be an easier way to do this. Just so it's clear, we're looking for a CD bootable version of so me OS (we're not picky) that can run a virus scan on NTFS partitions. Thanks everyone for reading this drivel. Happy Holidays! mac |
#3
|
|||
|
|||
Someone actually brought in a copy of Knoppix and I haven't had the time to
check it out much, but I think there are two problems with it that prevent us from using it for NTFS virus scan. 1) I'm pretty sure they distribute Knoppix as a CD image that cannot be changed, i.e. cannot add anti-virus software. 2) I'm pretty sure Linux can't read NTFS partitions. I'm sure there's some software to do it, but that brings us back to the first problem. mac "josh" wrote in message news:1072090727.807295@prawn... There are several linux OS that will run just off the cd and RAM. I know one is called knopix and is a GUI. I'm sure that it would be easy to do this with one of them. |
#4
|
|||
|
|||
Well one thing you can do is get a computer that has the latest greatest
virus definitions, network the two, map the "infected" computers hard drive. THen you can actually use the virus scanner on the "good" computer to scan the hard drive across the network. Not really outside Xp but it gets the job done. |
#5
|
|||
|
|||
On Mon, 22 Dec 2003 12:30:11 -0600, "macphisto"
wrote: Someone actually brought in a copy of Knoppix and I haven't had the time to check it out much, but I think there are two problems with it that prevent us from using it for NTFS virus scan. 1) I'm pretty sure they distribute Knoppix as a CD image that cannot be changed, i.e. cannot add anti-virus software. 2) I'm pretty sure Linux can't read NTFS partitions. I'm sure there's some software to do it, but that brings us back to the first problem. mac Look at http://www.ultimatebootcd.com/ Has Fprot on the CD, and an NTFS file reader. Will at least tell you if the drive is infected, and which files need fixed. There are instructions on how to keep the program updated and download new data files on the site. BTW, Linux has been able to read NTFS for a few years now. Writing is still a problem, because MS keeps "improving" the format by adding features, but reading is rock solid. JT |
#6
|
|||
|
|||
On Mon, 22 Dec 2003 13:21:38 -0700, "Chris Stolworthy"
wrote: Well one thing you can do is get a computer that has the latest greatest virus definitions, network the two, map the "infected" computers hard drive. THen you can actually use the virus scanner on the "good" computer to scan the hard drive across the network. Not really outside Xp but it gets the job done. This assumes the virus is one that your scanner recognizes, and that it doesn't infect by exploiting a new weakness. Actually safer to pull the hard drive, slave it in another system, and scan it that way. I know of some one that tried that, when the blaster worm was still new, and ended up with 2 infected machines as his antivirus didn't stop the worm from infecting his machine as well. JT |
#7
|
|||
|
|||
Ummmm Wouldn't putting the drive into your system infect it anyway? THe
blaster worm does spread that way too... "Chris Stolworthy" wrote in message ... Well one thing you can do is get a computer that has the latest greatest virus definitions, network the two, map the "infected" computers hard drive. THen you can actually use the virus scanner on the "good" computer to scan the hard drive across the network. Not really outside Xp but it gets the job done. |
#8
|
|||
|
|||
On Tue, 23 Dec 2003 02:02:55 GMT, JT datacare@www wrote:
On Mon, 22 Dec 2003 13:21:38 -0700, "Chris Stolworthy" wrote: Well one thing you can do is get a computer that has the latest greatest virus definitions, network the two, map the "infected" computers hard drive. THen you can actually use the virus scanner on the "good" computer to scan the hard drive across the network. Not really outside Xp but it gets the job done. This assumes the virus is one that your scanner recognizes, and that it doesn't infect by exploiting a new weakness. Actually safer to pull the hard drive, slave it in another system, and scan it that way. I know of some one that tried that, when the blaster worm was still new, and ended up with 2 infected machines as his antivirus didn't stop the worm from infecting his machine as well. JT Errr, but that "some one" wasn't competent. Practically anyone can click "scan" on an antivirus program, but that doesn't mean [just] anyone is fit to diagnose and repair an infected system. OP's company needs to screw their heads on straight and pay for the tools and training, and/or personnel, to get the job done right or not even try it at all. Dave |
#9
|
|||
|
|||
On Tue, 23 Dec 2003 09:41:29 GMT, kony wrote:
On Tue, 23 Dec 2003 02:02:55 GMT, JT datacare@www wrote: On Mon, 22 Dec 2003 13:21:38 -0700, "Chris Stolworthy" wrote: Well one thing you can do is get a computer that has the latest greatest virus definitions, network the two, map the "infected" computers hard drive. THen you can actually use the virus scanner on the "good" computer to scan the hard drive across the network. Not really outside Xp but it gets the job done. This assumes the virus is one that your scanner recognizes, and that it doesn't infect by exploiting a new weakness. Actually safer to pull the hard drive, slave it in another system, and scan it that way. I know of some one that tried that, when the blaster worm was still new, and ended up with 2 infected machines as his antivirus didn't stop the worm from infecting his machine as well. JT Errr, but that "some one" wasn't competent. Practically anyone can click "scan" on an antivirus program, but that doesn't mean [just] anyone is fit to diagnose and repair an infected system. OP's company needs to screw their heads on straight and pay for the tools and training, and/or personnel, to get the job done right or not even try it at all. Dave Putting a possibly infected machine on a network with other machines to "test" it is not always a good idea. I have fixed more than one machine that got past the latest Norton with current updates. This friend of mine had one of the corporate edition virus antivirus programs on their machine, but scanned the other one before the update was out for blaster. Even had all the critical updates installed. Luckily it was just the two machines, not the coporate network. And your suggestion was basically "network the 2 machines, and click scan" .. Prefer booting up with a write protected medium on the infected machine, and then scanning as appropriate. JT |
#10
|
|||
|
|||
Get a Linux live CD with a virus scanner that runs on Linux but scans
for Windows viruses (there are some). Boot from the live CD, run the scan. Safest possible way - no Windows virus can infect Linux. And Linux can read (but not write to) NTFS partitions. Use the scan to identify any virus-infected files, then reboot under XP and delete the files. Rescan to make sure you got them all. -- Richard Steven Hack "Whatever does not kill me makes me stronger" - and YOU have not killed me! |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Questions about Norton Ghost and partitions. | MacG | General | 10 | September 15th 03 05:25 PM |
? about NTFS vs FAT.. | FuzionMan | General | 16 | August 25th 03 06:27 AM |
Get message "Remove disks or other media" since converting from NTFS to FAT32 | Paul Hill | General | 1 | July 6th 03 02:03 PM |