Seek And Destroy Malware With An Antiviral Live CD

Yx writes "CHRONOMIUM Virus Live is a GPL automatic decontamination LiveCD. It can without installing anything on your computer, seek and destroy viruses found on it. It is very useful when viruses have taken over a computer, and made it unable to work correctly. In its new 0.9 version, the GPL flavour is fully functional. So if you're doomed by those petty viruses, just try it, it may help you much! Download it here."

Write to NTFS volumes?

[rhild]

Anyone know if this thing can write to NTFS volumes? I couldn't tell from the English part of their website and my French ain't so good.

If it can't write to NTFS volumes it wouldn't do me any good.

Re:Write to NTFS volumes?

[Sepper]

Yes it can.

But there seems to be 3 version of the ISO... (6 if you count the fact that each come in En and Fr)

As far as I can tell, these are the edition (I can read french but the info is a bit spread across the site):

GPL Edition (Which uses ClamAV)
Fr: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-GPL-fr.iso
En: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-GPL-en.iso

Community Edition (using F-prot)
Fr: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-COMMUNITY-fr.iso
En: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-COMMUNITY-en.iso

Community Edition With NTFS drivers (using F-prot)
Fr: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-COMMUNITY_FULL-fr.iso
En: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-COMMUNITY_FULL-en.iso

The lastest defintions for F-Prot have to be downloaded from: http://www.f-prot.com/download/
(but they can be stored in a USB key)

Voilà!
Hope it clarify things a bit...

Re:Write to NTFS volumes?

[fm6]

"Non-GPL"? That's an interesting way to put it. The problem with writing a driver for NTFS is that Microsoft keeps making undocumented changes in the system. (Sabotaging third-party driver vendors, or just their usual compulsive bit-twiddling? Only The Shadow Knows.) Captive-NTFS's workaround is to provide hooks for Microsoft's NTFS.sys. Which they can't distribute, for obvious reasons. But there's nothing to prevent you from copying the file from an XP installation.

Though it is possible that "Non-GPL" refers to something else.

Re:Such an obvious idea...

[tdemark]

Evidently, the CD can read updates to the Virus DB and the application off of a USB drive.

- Tony

Re:Such an obvious idea...

[tdemark]

Yeah, I'm responding twice to the same post... sorry.

In terms of "an obvious idea", what I've always wanted to see is a LiveCD/Knoppix offering that could read a FAT/NTFS partition on boot and run equivalents to the following software:

- Norton AV / ClamAV
- AdAware
- Spybot S&D

By the title of the story, I thought we might have actually gotten something close ("Seek and Destroy" vs "Search and Destroy").

- Tony

Re:Work with a windows system?

[jayfehr]

Ad Aware should remove most of the spyware, but there's a lot of stuff that digs itself so far into the system that it's nearly impossible to clean. I also recommend "Hijack This", although it will not remove anything it will give you a list of all running process, then with the help of google, you can disable anything that shouldn't be running. Also be sure to use "msconfig" to disable any processes that try to start at boot time that may be malware (again google is your friend).

Of course when this is all done run a complete virus scan, I use the free version of AVG and haven't had any problems. And also be sure to get all the windows updates.

Last thing to be aware of is that some of this malware will corrupt system files and whatnot and a full reinstall may have to be done anyway, but I always recommend that as a last resort when fixing someone elses machine because there is always something that they forgot to backup and it's you they're going to call to try and find it.

Ad Aware: http://www.lavasoftusa.com/software/adaware/
Hijack This: http://www.spywareinfo.com/~merijn/