That is an excellent idea (backup, leaving out the exe/dll/com/... files). One logical extension to this would be to use the SystemRescueCD. It's a bootable linux system that has NTFS support, but it's command-line based so you need to know what you're doing for it to do any good. Anyway, boot it with the "docache" option and it'll load completely into ram. From there, use utilities on the disk to burn needed files onto CD/DVD before reformatting the machine.
- Alex Austin (651) 238-9273 "...and then I visited Wikipedia ...and the next 8 hours are a blur." On Fri, May 22, 2009 at 1:19 PM, STeve Andre' <[email protected]> wrote: > On Friday 22 May 2009 11:51:32 Paul A. Pennington wrote: > > Sorry, I should have explained why I want to do this. It seems every > > time a friend asks for help with his computer, it's so choked with > viruses > > that it takes hours to do the simplest task. There's never a backup, so > > reformatting is not an option. I need a bootable CD to clean up the hard > > drive enough to make a backup of the data files in a reasonable time. > > Frequently, the old computer is going to the recycler after the files are > > retreived, so reloading does not come up at all. > > > > Andre', thanks for the tip. I'll take a look at the F-Secure CD. > Does > > anyone else have experience with an Antivirus Rescue CD? > > > > Paul Pennington > > Augusta, Georgia > > If I may, let me make a comment about this. > > I too get diseased systems with a plea of "help...!" all too often these > days. And yes, backups are illegal in most states judging from the > lack of them. > > So what I do is take the disk out and stuff it into one of my OpenBSD > boxes and make a copy of the disk with tar. I then have a copy of > the filesystem, so I can expunge the system with a rebuild. I simply > do not rust AV programs to be able to fix a compromised system. > They can usually defend against stuff, but once something has > crawled into a system, thats it. The only way to kill it is to rebuild. > > But before I put the users data back in place, I removed all .exe, > .com, .dll, .scr, .msi, ,inf and .pif files, trying to lessen the > likelyhood > of bringing back some little treat from the infected filesystem. > > --STeve Andre' > _______________________________________________ > Thinkpad mailing list > [email protected] > http://stderr.org/cgi-bin/mailman/listinfo/thinkpad > _______________________________________________ Thinkpad mailing list [email protected] http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
