Mini Spy

Loading...

Latest Threads

Loading...
 

Creating an anti-malware flash drive

Discussion in 'Malware Talk' started by Nox361, Jan 28, 2014.

  1. Nox361

    Nox361 New Member

    Reputation:
    0
    Joined:
    Oct 16, 2013
    Messages:
    15
    Likes Received:
    2
    I am looking into creating bootable flash drive that will include all the usual suspects for the detection and removal of viruses and malware. What is the best way to accomplish this and what steps can I take to protect the drive itself when it is used on an infected machine.

    Thanks!
    Chris
     
    nissimezra likes this.
  2. strumdrum

    strumdrum Regular Member

    Reputation:
    0
    Joined:
    Jan 22, 2014
    Messages:
    37
    Likes Received:
    25
    I use the PortableApps app launcher. I created my own categories so I can find what I need fast. Here is a screenshot of the launcher showing the different categories:

    Capture.PNG

    Would you mind sharing what portable tools you use for PC repair/Malware removal?

    Here are some of my favorite, all of which are portable:

    Malware removal:
    RKill
    TDSSKiller
    Hitman Pro (Scanner)
    Adwcleaner
    Emisisoft Emergency Kit
    KL Detector
    Comodo Cleaning Essentials
    Combofix
    Tiranium Antivirus Scanner - Cloud 2014

    Maintenance and Repair:
    Windows Repair
    CClenaer
    Defraggler
    PatchMyPC
    Revo Uninstaller
    Unlocker

    Utilities:
    7-Zip
    Free File Sync
    Space Sniffer
    Team Viewer
     
    nissimezra and izzy like this.
  3. Nox361

    Nox361 New Member

    Reputation:
    0
    Joined:
    Oct 16, 2013
    Messages:
    15
    Likes Received:
    2
    I have looked at the Portableapps.com and am interested in it.
    I have also looked at Drweb LiveUSB but my flash drive fell into the production period where it appears to System 7 as a HDD not a Removable drive, therefore I can't get DrWeb to see it.
    As far as tools go it will include (but not limited to):

    Malware removal:

    TDSSKiller
    Adwcleaner
    Emisisoft Emergency Kit
    Comodo Cleaning Essentials
    Malwarebytes

    Maintenance and Repair:

    CCleaner
    Defraggler

    Utilities:
    7-Zip
    Speccy
    Recuva

    AS I said I will also be adding more as need arises.
     
  4. BoraMurdar

    BoraMurdar Giveaway and Hot Deals Expert MalwareTips Staff

    Reputation:
    1,001
    Joined:
    Aug 30, 2012
    Messages:
    3,098
    Likes Received:
    4,529
    There are a lot of antivirus boot disks for removal of stubborn malware invaded your system, even when Windows cannot boot.
    In my practice, I was always successful in removing all of them and also able to repair when some users wanted to change the hardware for the obviously software problem...with this method :

    You will need a minimum 2GB flash drive and YUMI to start.
    With YUMI you can add :
    and some "portable" tools in a separate folder like :
    • Malwarebytes Antimalware + latest offline definitions in case of no internet
    • Hitman Pro
    • Adwcleaner
    • RKill
    • Kaspersky TDSS Killer
    • Emsisoft Emergency Rescue Kit
    • Wise Disk Cleaner Portable
    • Unlocker
    • Piriform Recuva Portable
    so you practically covered everything,

    Virus Infection

    In Hirens Boot CD you can always run all these portable tools because they are written to work in Windows. Malwarebytes, HitMan Pro or Emsisoft Emergency Kit will not work in Linux environment like Parted Magic, Kaspersky Rescue Disk, Comodo Rescue Disk... [in case those Rescue Disks doesn't solve your problem].
    You can be found in a problem where you have Kaspersky Rescue Disk but you have no internet in that moment or you have only Wireless where you can connect so I prefer, in those cases, to use Hirens Boot as it has some minimal , but wide set of Wi-Fi drivers to connect you to the internet to update your antimalware definitions.
    Hiren's Boot has some sophisticated tools for repairing a boot sector in case of malware modified it after successful removal with Kaspersky TDSS Killer or some other one, so, if you are experienced user try those. But if you are not, there are some good fixing tools in Wondershare LiveBoot or Tenoshare Windows Boot Genius
    [​IMG]
    Recuva will save your deleted files but if not, there are other tools in Parted Magic [included as separate boot option in Hirens Boot CD] and also Wondershare Live Boot has Wondershare Data Recovery implemented which in my testing performed very well.
    and AOMEI or Paragon can restore your backups if you have created it before.

    Of course, you can take a lot bigger USB Flash drive and add some other linux distros and tools.

    Thanks :D
     
  5. Nox361

    Nox361 New Member

    Reputation:
    0
    Joined:
    Oct 16, 2013
    Messages:
    15
    Likes Received:
    2
    Just what I was looking for!!
    I'm grabbing the linux mint 16 MATE right now...and judging by the download speeds, will be for another few hours. :)
    I may tap on your shoulder again later for some advice, but for now Thanks!!!
     
  6. strumdrum

    strumdrum Regular Member

    Reputation:
    0
    Joined:
    Jan 22, 2014
    Messages:
    37
    Likes Received:
    25
    Ahh...I failed to see you were asking about a bootable flash drive. BoraMurdar's advise is great. YUMI is my favorite multi-boot software as well.

    To BoraMurdar: Because there is no option for Tenorshare Windows Boot Genius in YUMI, what option do you choose under "select a distribution"? And do I read correct that portable windows applications will work in the Windows Boot Genius environment?"
     
  7. BoraMurdar

    BoraMurdar Giveaway and Hot Deals Expert MalwareTips Staff

    Reputation:
    1,001
    Joined:
    Aug 30, 2012
    Messages:
    3,098
    Likes Received:
    4,529
    If iso is not listed in YUMI you can "Try Unlisted ISO" option, no matter what bootloader.
    And yes.
    As Tenorshare Windows Boot Genius is based on Windows Preinstallation Environment (taken from Windows 7, I think) you can run all these tools from there...
     
  8. Umbra Polaris

    Umbra Polaris Security Configuration Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    May 16, 2011
    Messages:
    10,709
    Likes Received:
    4,184
    im using a "custom-you-should-not-used-that" version of Hiren boot CD
     
    BoraMurdar likes this.
  9. BoraMurdar

    BoraMurdar Giveaway and Hot Deals Expert MalwareTips Staff

    Reputation:
    1,001
    Joined:
    Aug 30, 2012
    Messages:
    3,098
    Likes Received:
    4,529
    DLC or UDLC ? :D
     
  10. Umbra Polaris

    Umbra Polaris Security Configuration Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    May 16, 2011
    Messages:
    10,709
    Likes Received:
    4,184
  11. BoraMurdar

    BoraMurdar Giveaway and Hot Deals Expert MalwareTips Staff

    Reputation:
    1,001
    Joined:
    Aug 30, 2012
    Messages:
    3,098
    Likes Received:
    4,529
    last time I checked site was dead I think...
     
  12. Umbra Polaris

    Umbra Polaris Security Configuration Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    May 16, 2011
    Messages:
    10,709
    Likes Received:
    4,184
    U like "unauthorized" ;)
     
  13. BoraMurdar

    BoraMurdar Giveaway and Hot Deals Expert MalwareTips Staff

    Reputation:
    1,001
    Joined:
    Aug 30, 2012
    Messages:
    3,098
    Likes Received:
    4,529
    I like to know... ;)
     
  14. illumination

    illumination Community Superstar Trusted Member

    Reputation:
    101
    Joined:
    Jun 20, 2011
    Messages:
    2,789
    Likes Received:
    2,169
    Seems as if the other members have ya covered... @Umbra, you listed one of my favorite tools ;)
     
  15. Gnosis

    Gnosis Well-Known Member

    Reputation:
    0
    Joined:
    Apr 26, 2011
    Messages:
    2,476
    Likes Received:
    210
    If I was infected, the first tools I would reach for are as follows: HitMan Pro Kickstart, Kaspersky Bootable Rescue Disk, ComboFix, adwCleaner, and CCleaner. I would follow up with PCHunter, Process Explorer, and HijackThis. All in that order.

    If I wanted to have some fun I would seek out Britec09 and do manual removal without software. That said, I would still finish with at least HitMan Pro.
     
  16. Nox361

    Nox361 New Member

    Reputation:
    0
    Joined:
    Oct 16, 2013
    Messages:
    15
    Likes Received:
    2
    I think I need a little more help in wrapping my brain around this...

    I have an 8Gb Sansdisk Cruizer.
    I have using Yumi, installed Linux Mint 16.
    I have using yumi, installed Hiren's BootUSB.
    I have also added a separate folder for additional tools.

    I have successfully launched Linux.
    I have successfully launched Hiren's.

    Should I be able to launch Hiren's tools from within Linux?
    If so, how do I import it?

    I guess, if it isn't to much trouble, what i really would like to know
    is, starting from sitting down in front of a suspect computer, what would
    be the order of things?

    Hope this makes sense and isn't to time consuming. :)
     
  17. BoraMurdar

    BoraMurdar Giveaway and Hot Deals Expert MalwareTips Staff

    Reputation:
    1,001
    Joined:
    Aug 30, 2012
    Messages:
    3,098
    Likes Received:
    4,529
    1. There's no way of running programs in Linux Environment that are in Hiren's Boot since they are written to work in Windows Environment (except you find the same tools - linux editions, or emulate them to work in linux but there's no point)
    2. Well, since you start up Mini Windows XP from Hirens Boot (there's no need to check that some malicious file modified proxy server) you will need to know is there an internet connection. If there is no internet connection then you'll need to download latest Malwarebytes, Comodo or Kaspersky offline definitions and put those to your USB drive. Always keep updated versions of removal tools and portable tools to your flash drive.
    So...(we are talking on cases where the computer is badly infected - cannot boot properly, locked master boot record, ransomware (no CryptoLocker),Safe Mode not working, lot of adwares, junk, and stuff)

    • Check for rootkits (Kaspersky TDSS Killer/Avast MBR)
    • I always clean the hard drive for junk files first with Wise Disk Cleaner Portable since if there are a lot of junk files the scans will be much slower
    • I always like to first scan with an Antivirus product (Like Kaspersky, Dr.Web, Bitdefender), in Hirens Boot CD there is a command-line Avira Scanner which can be useful since Avira always had good definitions.
    • Some Antiviruses has repair tools and mechanisms when they detect a malware, but they will work only from host system and not with bootable cd/usb, in this case Antiviruses will probably delete files or rename them...
    • Next Malwarebytes and Hitman Pro (2x if needed)
    • Next check if boot is working, if not, check Boot Repair Tools in Hirens Boot CD or Startup/Boot/Logon repair tools in Wondershare Live Boot
    • That's it :)
    I can, and will always recommend if you are inexperienced user to just try to fix the problems with booting to Windows, check your internet connection and call our Malware Removal Assistance for help as those guys are much more experienced with removing the malware then myself ;)

    Thanks :)
     
    Rahadian Putra and venustus like this.
  18. nissimezra

    nissimezra Well-Known Member

    Reputation:
    1
    Joined:
    Apr 3, 2014
    Messages:
    1,029
    Likes Received:
    3,118
    wow thx for the info.
     

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Loading...
MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.