On 26 Mar 2008, at 15:19, Mikie wrote:
Does anyone know of a product (hopefully free) that can clean a
Windows
PC while booted on Gentoo?
I guess I need a good malware tool that runs on Linux and cleans NTFS
volumes.
Hi there,
Some of the replies to your message are now a little off-topic, so
here's some advice about actually cleaning Windows (rather than
removing it, or running Linux). I intended to reply to this a couple
of days ago, so hope my advice isn't too late.
I deal with h0sed Windows installations for my customers all the
time. I regularly boot a Knoppix CD and copy the whole C: drive to a
portable disk so that I have a complete backup. I find it reassuring
to use Linux for this purpose because I feel confident that cp or
rsync will copy _every file on the drive_ without just silently
ignoring those marked with the hidden flag, or bitching about
permissions.
But if your system is so hosed you can't fix it from within Windows
then it's probably past simple repair. It can be very slow to work on
a machine with a lot of crap on it, and there comes a point at which
I would never consider working on the machine at the customer's
house, simply because it would take so long. If I take the machine
home with me I can allow uninstall programs and antivirus to run
(unsupervised & in the corner of my study) for hours without having
to worry about it.
Providing the system is bootable, remove all the crap you can see
from "Add & Remove Programs" (shortcut: Windows-R, type
"appwiz.cpl"). Some of the browser-hijacking malware does tout itself
as "legitimate" "opt-in" marketing, and removing it correctly can
actually be cleaner than forcibly removing it - seems to me like
it'll insert itself in the TCP/IP stack (winsock?) or the LSP layers
(??) and the unistalller will actually correct things when it's removed.
Remove anything Norton / Symantec or McAfee first - that shit's not
doing any good, and just slows things down. I usually uninstall each
Norton / Symantec component through add & remove programs - the
manufacturer does have on their website a tool to remove all their
software from your machine, but they recommend this only as a last
resort (I guess you could run it after uninstalling everything
manually, to get rid of the bits that the program uninstallers often
miss, but I like to follow their advice in the first instance).
If the PC is still slow then check disk-space, pagefile settings
("allow the system to manage pagefile size for me", click "set") and
fragmentation (shortcut: Windows-R, type "dfrg,msc"). Install AVG
anti-virus & allow a complete run through, reboot & then check for
nasties in hi-jack this. Learning what to remove & what to leave when
using hi-jack this is a bit of an art-form, and is the most
significant skill necessary for cleaning virus- or malware-infected PCs.
The only time I use Linux to clean Windows is for files & programs
running at start up that I can't remove in hijack this. Windows
occasionally locks files that are in use and other nasties can be
quite persistent at reinstalling themselves. I simply note the full
path of the files (or use Hijack This' "save logfile" facility) &
delete them (or their whole parent directory, if appropriate) when
I've booted to Knoppix.
If the machine's not bootable then repair with a Windows installation
CD - sometimes manufacturers' partitioning schemes may make this
impossible, but don't be tempted to use an Advent or Packard-Hell
"system restore" CD or partition. This may get you to the point where
you have to start following the procedure outlined in my previous 4
paragraphs.
Be aware that sometimes Windows isn't cleanly fixable. Although I try
to avoid it until I've exhausted avenues for a clean repair,
sometimes the best thing to do is simply to back-up & reinstall.
Stroller.
--
gentoo-user@lists.gentoo.org mailing list
