Puppy Linux Discussion Forum

[sc0ttman]

I have used Puppy Linux (either Puplite or 431) to remove a number of very stubborn virus programs from Laptops and PCs running various Microsoft OSs - at work, for our customers.

There are many virus programs for Windows, as we all know. Many of them are a real pain in the a** to get rid of. One such example is the "CleanThis".. Here are some more examples:

http://www.remove-virus.net/cleanthis-virus/
http://www.remove-virus.net/xp-win-7-home-security-2011/
http://www.remove-virus.net/msremovaltool/
http://www.remove-virus.net/microsoft-security-center-2011/
http://www.remove-virus.net/win-7-security-2011/
http://www.remove-virus.net/windows-virus-update-2011/

The above virus programs pretend to be anti-virus software, and they all disable the normal Windows desktop, menu and task manager, and kill any programs and processes the user tries to run.

Using the Windows tools ComboFix and SuperAntiSpyware is great, and usually does the trick. However many of the above virus programs do not allow anything to be run while the virus is running, so these tools cannot, for example, get rid of the 'CleanThis' virus, once infected.

However, I have found that booting up Puppy from Live CD or USB, then manually removing the offending virus is the fastest and easiest way to clean out the infected Windows system of all offending files.

Then all that is left to do, is to boot into the fixed MS OS, and run ComboFix or SuperAntiSpyware (or both), to clean out the registry etc. (I could have simply installed ClamAV in Puppy and done it that way, too..)

In just one day, I used Puppy to clean out 4 PCs/laptops of VERY stubborn virus programs. Thank god, because my manager (and a colleague) could not get around any virus program mentioned above, and so they were considering formatting the hard drives of our customers and charging extra!

Good old Puppy to the rescue.
(and no, neither my boss nor my colleague said they will use Puppy from now on!)

[sc0ttman]

Just a note to this, if someone knows how to edit the Windows registry from within Puppy Linux (or Linux in general), then please tell me, it would be great!

[Moose On The Loose]

[jamesbond]

[nooby]

Another important thing to remember and this is from a total noob so take it with a big hand of salt

Some virus are very clever they replace the DLLs of the original OS so you not only have to get rid of the virus as such you need to find the original DLLs and put them back in place.

I only retell what was told to me I have not tested it myself.

[rcrsn51]

[sc0ttman]

Lovely, cheers guys, just what I was looking for... Wanna test soon.. Also thanks to DPUP522, cos he PM'ed some good stuff too.

..now I might be able to convince my boss to have a Puppy disc lying around the shop, to sort out the virii, when I am not there!

[Sylvander]

Try using "Registry Editor PE" included in the latest version 4.5 of "FalconFour's UBCD".

I got it using a link given here in the Puppy Forums, but didn't keep a record of the URL for the post.

[DPUP5520]

@ sc0ttman

Here are the two I mentioned earlier that I compiled a while ago, sorry it took me so long just got back to the house.

@ jamesbond

It works with All Windows from 2000 up to Windows 7

[cthisbear]

Can't beat Hirens or the Falcon to fix Windows.

The Falcon can go back in >> System Restore

and also remove Windows updates >> Hotfixes.

This is because he runs the latest ERD.

His last recovery disc runs most of Hirens 13.0

Hiren's has a great password manager as well.
ERD has an unlocker.

ERD also has an inbuilt Microsoft Scanner.
Hirens has some as well.

Don't get me wrong...Puppy gets some files that Windows locks and
even the above can't unlock.

/////////

You forgot Malwarebytes Antimalware >> free version

http://www.malwarebytes.org/mbam-download.php

http://www.malwarebytes.org/mbam.php

and Hitman Pro..one time Internet scan and fix 4 free
Do not install...run as a 1 time fix.
It has a special feature...Hitman Pro in Force Breach Mode

" The development team introduced a “Force Breach” mode for
Hitman Pro.
Hold down the left CTRL-key when you start Hitman Pro
and all non-essential processes are terminated, including the
malware process."

http://hitmanpro.wordpress.com/2010/03/16/hitman-pro-in-force-breach-mode/

http://www.surfright.nl/en

Iobit Security 360 Free
You can install it and it will also allow you to install a portable version.
So a very handy feature.
The portable version will update.
Uninstall the main program then...so no clashes with other AVs.

http://www.iobit.com/security360.html

All in my post here.

http://murga-linux.com/puppy/viewtopic.php?t=58305

//////

With the newer Rogue viruses....I look for the date that the computer
was infected and find the closest match in the hard drive.

Sometimes they hide in programs,
Documents and settings...user..my documents.

Most often they have a very long file name with many numbers in it.

Maybe in all applications...they are all different.
If you can boot Hirens or the Falcon and look for the Malware icon,
you can easily find the icon properties...location etc...
and delete that.

ERD lets you stop startups in all users.

Hirens has >>> autoruns >> but you must use a remote Hive to load.

Very few people realise that if you move all your files to a newly
created folder...you can call

1 Old Windows

you can in most instances install any version of windows you want,
scan all your files...and move Windows back to its old location
once you either delete the new install...

or move it to a new folder called
1 New Windows.

Of course you would not format the Drive.
Don't Format the drive.
Leave Existing File System alone.

One of the few times I had to re-install Windows was when all
the docs went >> read only.
Nothing...and I tried everything...nothing corrected it.

So after copying all the data...I used DBAN >> and nuked it.
Re-installed...copied back data...fixed.

I have had my local computer shop clone drives,
fix the virus and clean it out with Puppy,
clone the drive back...it wouldn't boot.

He got caught a number of times.
I had him ghost the files to a spare drive.

I formatted the non booting drive with an XP cd,
and let it setup >> 1% of Windows.

Turned off the machine.
Booted Puppy, inserted the spare drive in a USB caddy,

deleted all the newly installed files,
copied over all the Ghosted files and voila!

Windows booted.
He couldn't believe it.
I have done that 4 years.
You could do the same thing in Vista and Win 7.

If I wanted to change Vista or Win 7 to XP,
once again you can move all the files to a new folder / directory as outlined above.

For warranty purposes, you can move the files back so that your old Vista - Win 7 files are there.
They can't do you over on a claim.

Any time I fix a machine, i copy a spare to a new folder like that,
as a backup

Install XP...usually creating a new ISO with nlite...

http://www.nliteos.com/download.html

add Service pack 3...needed in most cases in this instance,
and an integrated AHCI Disk Controller loaded as well.

A typical response was >> CharredPC...Acer
I used some of his blog to revert back to XP.

http://forum.notebookreview.com/acer/190581-extensa-5620-downgrade-xp.html

ftp://ftp.support.acer-euro.com/notebook/

In this case > Acer > I had no Vista, because the customer wiped
the drive... and even the hidden partition so i had a locked bios.

Chris.

[purple_ghost]

Trinity Rescue Disk.

http://trinityhome.org/Home/index.php?content=TRINITY_RESCUE_KIT____CPR_FOR_YOUR_COMPUTER&front_id=12&lang=en&locale=en

Not necessarily better, just something else.

[drongo]

PCRegedit or PC Reg Edit (both spellings are on website) boots into a Gnome based registry editor.