Seek And Destroy Malware With An Antiviral Live CD

← Back to Stories (view on slashdot.org)

Seek And Destroy Malware With An Antiviral Live CD

Posted by timothy on Wednesday December 22, 2004 @02:56AM from the toolkit dept.

Yx writes "CHRONOMIUM Virus Live is a GPL automatic decontamination LiveCD. It can without installing anything on your computer, seek and destroy viruses found on it. It is very useful when viruses have taken over a computer, and made it unable to work correctly. In its new 0.9 version, the GPL flavour is fully functional. So if you're doomed by those petty viruses, just try it, it may help you much! Download it here."

4 of 31 comments (clear)

Min score:

Reason:

Sort:

Re:Write to NTFS volumes? by Anonymous Coward · 2004-12-22 03:23 · Score: 1, Informative

The NTFS partitions are borne through the use of captive-ntfs and the antivirus engaged is CLAM.

If it uses captive-ntfs it *should* be able to write to NTFS but there's no more detail than that.
Re:Write to NTFS volumes? by Sepper · 2004-12-22 03:40 · Score: 4, Informative

Yes it can.

But there seems to be 3 version of the ISO... (6 if you count the fact that each come in En and Fr)

As far as I can tell, these are the edition (I can read french but the info is a bit spread across the site):

GPL Edition (Which uses ClamAV)
Fr: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-GPL-fr.iso
En: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-GPL-en.iso

Community Edition (using F-prot)
Fr: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-COMMUNITY-fr.iso
En: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-COMMUNITY-en.iso

Community Edition With NTFS drivers (using F-prot)
Fr: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-COMMUNITY_FULL-fr.iso
En: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-COMMUNITY_FULL-en.iso

The lastest defintions for F-Prot have to be downloaded from: http://www.f-prot.com/download/
(but they can be stored in a USB key)

Voilà!
Hope it clarify things a bit...

--
I live in Soviet Canuckistan you insensitive clod!
Re:Write to NTFS volumes? by fm6 · 2004-12-22 04:20 · Score: 2, Informative

"Non-GPL"? That's an interesting way to put it. The problem with writing a driver for NTFS is that Microsoft keeps making undocumented changes in the system. (Sabotaging third-party driver vendors, or just their usual compulsive bit-twiddling? Only The Shadow Knows.) Captive-NTFS's workaround is to provide hooks for Microsoft's NTFS.sys. Which they can't distribute, for obvious reasons. But there's nothing to prevent you from copying the file from an XP installation.
Though it is possible that "Non-GPL" refers to something else.
Re:Work with a windows system? by jayfehr · 2004-12-22 05:37 · Score: 2, Informative

Ad Aware should remove most of the spyware, but there's a lot of stuff that digs itself so far into the system that it's nearly impossible to clean. I also recommend "Hijack This", although it will not remove anything it will give you a list of all running process, then with the help of google, you can disable anything that shouldn't be running. Also be sure to use "msconfig" to disable any processes that try to start at boot time that may be malware (again google is your friend).

Of course when this is all done run a complete virus scan, I use the free version of AVG and haven't had any problems. And also be sure to get all the windows updates.

Last thing to be aware of is that some of this malware will corrupt system files and whatnot and a full reinstall may have to be done anyway, but I always recommend that as a last resort when fixing someone elses machine because there is always something that they forgot to backup and it's you they're going to call to try and find it.

Ad Aware: http://www.lavasoftusa.com/software/adaware/
Hijack This: http://www.spywareinfo.com/~merijn/