Creating an anti-malware flash drive

N

Nox361

New Member
Thread author
Verified
Oct 16, 2013
15
I am looking into creating bootable flash drive that will include all the usual suspects for the detection and removal of viruses and malware. What is the best way to accomplish this and what steps can I take to protect the drive itself when it is used on an infected machine.

Thanks!
Chris
 
  • Like
Reactions: nissimezra
strumdrum

strumdrum

Level 1
Verified
Jan 22, 2014
47
I use the PortableApps app launcher. I created my own categories so I can find what I need fast. Here is a screenshot of the launcher showing the different categories:

Capture.PNG


Would you mind sharing what portable tools you use for PC repair/Malware removal?

Here are some of my favorite, all of which are portable:

Malware removal:
RKill
TDSSKiller
Hitman Pro (Scanner)
Adwcleaner
Emisisoft Emergency Kit
KL Detector
Comodo Cleaning Essentials
Combofix
Tiranium Antivirus Scanner - Cloud 2014

Maintenance and Repair:
Windows Repair
CClenaer
Defraggler
PatchMyPC
Revo Uninstaller
Unlocker

Utilities:
7-Zip
Free File Sync
Space Sniffer
Team Viewer
 
  • Like
Reactions: nissimezra and izzy
N

Nox361

New Member
Thread author
Verified
Oct 16, 2013
15
I have looked at the Portableapps.com and am interested in it.
I have also looked at Drweb LiveUSB but my flash drive fell into the production period where it appears to System 7 as a HDD not a Removable drive, therefore I can't get DrWeb to see it.
As far as tools go it will include (but not limited to):

Malware removal:
TDSSKiller
Adwcleaner
Emisisoft Emergency Kit
Comodo Cleaning Essentials
Malwarebytes

Maintenance and Repair:
CCleaner
Defraggler

Utilities:
7-Zip
Speccy
Recuva

AS I said I will also be adding more as need arises.
 
BoraMurdar

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
There are a lot of antivirus boot disks for removal of stubborn malware invaded your system, even when Windows cannot boot.
In my practice, I was always successful in removing all of them and also able to repair when some users wanted to change the hardware for the obviously software problem...with this method :

You will need a minimum 2GB flash drive and YUMI to start.
With YUMI you can add :
and some "portable" tools in a separate folder like :
  • Malwarebytes Antimalware + latest offline definitions in case of no internet
  • Hitman Pro
  • Adwcleaner
  • RKill
  • Kaspersky TDSS Killer
  • Emsisoft Emergency Rescue Kit
  • Wise Disk Cleaner Portable
  • Unlocker
  • Piriform Recuva Portable
so you practically covered everything,

Virus Infection

In Hirens Boot CD you can always run all these portable tools because they are written to work in Windows. Malwarebytes, HitMan Pro or Emsisoft Emergency Kit will not work in Linux environment like Parted Magic, Kaspersky Rescue Disk, Comodo Rescue Disk... [in case those Rescue Disks doesn't solve your problem].
You can be found in a problem where you have Kaspersky Rescue Disk but you have no internet in that moment or you have only Wireless where you can connect so I prefer, in those cases, to use Hirens Boot as it has some minimal , but wide set of Wi-Fi drivers to connect you to the internet to update your antimalware definitions.
Hiren's Boot has some sophisticated tools for repairing a boot sector in case of malware modified it after successful removal with Kaspersky TDSS Killer or some other one, so, if you are experienced user try those. But if you are not, there are some good fixing tools in Wondershare LiveBoot or Tenoshare Windows Boot Genius
crash-before-loading-bar.jpg

Recuva will save your deleted files but if not, there are other tools in Parted Magic [included as separate boot option in Hirens Boot CD] and also Wondershare Live Boot has Wondershare Data Recovery implemented which in my testing performed very well.
and AOMEI or Paragon can restore your backups if you have created it before.

Of course, you can take a lot bigger USB Flash drive and add some other linux distros and tools.

Thanks :D
 
  • Like
Reactions: nissimezra, Rahadian Putra and TwinHeadedEagle
N

Nox361

New Member
Thread author
Verified
Oct 16, 2013
15
Just what I was looking for!!
I'm grabbing the linux mint 16 MATE right now...and judging by the download speeds, will be for another few hours. :)
I may tap on your shoulder again later for some advice, but for now Thanks!!!
 
strumdrum

strumdrum

Level 1
Verified
Jan 22, 2014
47
Ahh...I failed to see you were asking about a bootable flash drive. BoraMurdar's advise is great. YUMI is my favorite multi-boot software as well.

BoraMurdar said:
You will need a minimum 2GB flash drive and YUMI to start.
With YUMI you can add :
Click to expand...
To BoraMurdar: Because there is no option for Tenorshare Windows Boot Genius in YUMI, what option do you choose under "select a distribution"? And do I read correct that portable windows applications will work in the Windows Boot Genius environment?"
 
BoraMurdar

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
strumdrum said:
Ahh...I failed to see you were asking about a bootable flash drive. BoraMurdar's advise is great. YUMI is my favorite multi-boot software as well.


To BoraMurdar: Because there is no option for Tenorshare Windows Boot Genius in YUMI, what option do you choose under "select a distribution"? And do I read correct that portable windows applications will work in the Windows Boot Genius environment?"
Click to expand...
If iso is not listed in YUMI you can "Try Unlisted ISO" option, no matter what bootloader.
And yes.
As Tenorshare Windows Boot Genius is based on Windows Preinstallation Environment (taken from Windows 7, I think) you can run all these tools from there...
 
Gnosis

Gnosis

Level 5
Apr 26, 2011
2,779
If I was infected, the first tools I would reach for are as follows: HitMan Pro Kickstart, Kaspersky Bootable Rescue Disk, ComboFix, adwCleaner, and CCleaner. I would follow up with PCHunter, Process Explorer, and HijackThis. All in that order.

If I wanted to have some fun I would seek out Britec09 and do manual removal without software. That said, I would still finish with at least HitMan Pro.
 
N

Nox361

New Member
Thread author
Verified
Oct 16, 2013
15
BoraMurdar said:
You will need a minimum 2GB flash drive and YUMI to start.
With YUMI you can add :
and some "portable" tools in a separate folder
Click to expand...

I think I need a little more help in wrapping my brain around this...

I have an 8Gb Sansdisk Cruizer.
I have using Yumi, installed Linux Mint 16.
I have using yumi, installed Hiren's BootUSB.
I have also added a separate folder for additional tools.

I have successfully launched Linux.
I have successfully launched Hiren's.

Should I be able to launch Hiren's tools from within Linux?
If so, how do I import it?

I guess, if it isn't to much trouble, what i really would like to know
is, starting from sitting down in front of a suspect computer, what would
be the order of things?

Hope this makes sense and isn't to time consuming. :)
 
BoraMurdar

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Nox361 said:
Should I be able to launch Hiren's tools from within Linux?
If so, how do I import it?

I guess, if it isn't to much trouble, what i really would like to know
is, starting from sitting down in front of a suspect computer, what would
be the order of things?

Hope this makes sense and isn't to time consuming. :)
Click to expand...

  1. There's no way of running programs in Linux Environment that are in Hiren's Boot since they are written to work in Windows Environment (except you find the same tools - linux editions, or emulate them to work in linux but there's no point)
  2. Well, since you start up Mini Windows XP from Hirens Boot (there's no need to check that some malicious file modified proxy server) you will need to know is there an internet connection. If there is no internet connection then you'll need to download latest Malwarebytes, Comodo or Kaspersky offline definitions and put those to your USB drive. Always keep updated versions of removal tools and portable tools to your flash drive.
So...(we are talking on cases where the computer is badly infected - cannot boot properly, locked master boot record, ransomware (no CryptoLocker),Safe Mode not working, lot of adwares, junk, and stuff)

  • Check for rootkits (Kaspersky TDSS Killer/Avast MBR)
  • I always clean the hard drive for junk files first with Wise Disk Cleaner Portable since if there are a lot of junk files the scans will be much slower
  • I always like to first scan with an Antivirus product (Like Kaspersky, Dr.Web, Bitdefender), in Hirens Boot CD there is a command-line Avira Scanner which can be useful since Avira always had good definitions.
  • Some Antiviruses has repair tools and mechanisms when they detect a malware, but they will work only from host system and not with bootable cd/usb, in this case Antiviruses will probably delete files or rename them...
  • Next Malwarebytes and Hitman Pro (2x if needed)
  • Next check if boot is working, if not, check Boot Repair Tools in Hirens Boot CD or Startup/Boot/Logon repair tools in Wondershare Live Boot
  • That's it :)
I can, and will always recommend if you are inexperienced user to just try to fix the problems with booting to Windows, check your internet connection and call our Malware Removal Assistance for help as those guys are much more experienced with removing the malware then myself ;)

Thanks :)
 
  • Like
Reactions: Rahadian Putra and Venustus
nissimezra

nissimezra

Level 25
Verified
Apr 3, 2014
1,460
BoraMurdar said:
There are a lot of antivirus boot disks for removal of stubborn malware invaded your system, even when Windows cannot boot.
In my practice, I was always successful in removing all of them and also able to repair when some users wanted to change the hardware for the obviously software problem...with this method :

You will need a minimum 2GB flash drive and YUMI to start.
With YUMI you can add :
and some "portable" tools in a separate folder like :
  • Malwarebytes Antimalware + latest offline definitions in case of no internet
  • Hitman Pro
  • Adwcleaner
  • RKill
  • Kaspersky TDSS Killer
  • Emsisoft Emergency Rescue Kit
  • Wise Disk Cleaner Portable
  • Unlocker
  • Piriform Recuva Portable
so you practically covered everything,

Virus Infection

In Hirens Boot CD you can always run all these portable tools because they are written to work in Windows. Malwarebytes, HitMan Pro or Emsisoft Emergency Kit will not work in Linux environment like Parted Magic, Kaspersky Rescue Disk, Comodo Rescue Disk... [in case those Rescue Disks doesn't solve your problem].
You can be found in a problem where you have Kaspersky Rescue Disk but you have no internet in that moment or you have only Wireless where you can connect so I prefer, in those cases, to use Hirens Boot as it has some minimal , but wide set of Wi-Fi drivers to connect you to the internet to update your antimalware definitions.
Hiren's Boot has some sophisticated tools for repairing a boot sector in case of malware modified it after successful removal with Kaspersky TDSS Killer or some other one, so, if you are experienced user try those. But if you are not, there are some good fixing tools in Wondershare LiveBoot or Tenoshare Windows Boot Genius
crash-before-loading-bar.jpg

Recuva will save your deleted files but if not, there are other tools in Parted Magic [included as separate boot option in Hirens Boot CD] and also Wondershare Live Boot has Wondershare Data Recovery implemented which in my testing performed very well.
and AOMEI or Paragon can restore your backups if you have created it before.

Of course, you can take a lot bigger USB Flash drive and add some other linux distros and tools.

Thanks :D
Click to expand...
wow thx for the info.
 
You must log in or register to reply here.

Similar threads

CyberTech
    • Like
New Update Hasleo WinToUSB 8.4
Replies
0
Views
659
System utilities
CyberTech
CyberTech
Brownie2019
    • Like
On Sale! Kaspersky Plus Internet Security 2024 | 5 Devices | 1 Year | 11,61€
Replies
2
Views
927
Discounts and Deals
JB007
JB007
Shadowra
    • +Reputation
    • Like
    • Thanks
App Review Adlice RogueKiller Anti-Malware Pro 2024
Replies
9
Views
580
Video Reviews - Security and Privacy
vaccineboy
vaccineboy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top