Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 03 Sep 2014, 03:48
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Looking for rootkits on Windows with Puppy ?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [18 Posts]   Goto page: 1, 2 Next
Author Message
Barkin


Joined: 12 Aug 2011
Posts: 703

PostPosted: Fri 05 Jul 2013, 18:38    Post subject:  Looking for rootkits on Windows with Puppy ?
Subject description: double-check for Windows rootkits via Puppy
 

Is there a rootkit detector program I can run on Puppy (on USB) which will check for rookits on my Windows OS (which is on hard drive) ?

I believe some Windows rookits can blind antimalware running on the same Windows OS as to their presence,
so I’d like an independent second opinion about my Windows OS being rookit-free via Puppy, (or maybe via another live CD thingy).
Back to top
View user's profile Send private message 
cthisbear

Joined: 29 Jan 2006
Posts: 3404
Location: Sydney Australia

PostPosted: Fri 05 Jul 2013, 21:21    Post subject:  

Probably better off with Hiren's and the Falcon boot cds.

Don't get me wrong...I use Puppy to clean it as well.

The trouble is week by week the nasties change.

""""""""

Hitman Pro....in Windows... is a goodie.

http://www.majorgeeks.com/files/details/hitman_pro.html

>> gives you a one off chance to fix any infections.
It scans over the internet, but is pretty fast.
Uninstall it from Control Panel immediately afterwards.

Free License

HitmanPro offers home users a free one-time license,
valid for thirty days, to remove the malicious software that was found
on the computer.

This one-time free license can be deployed from the License tab
under Settings:

http://www.surfright.nl/en/support/

http://www.surfright.nl/en/home/press/hitmanpro-scores-100

http://www.surfright.nl/en

""""""""""

http://www.surfright.nl/en/shop/

And....Yes you have to buy that feature >>>$25.00 ???

" Users simply create their own bootable HitmanPro.Kickstart
USB flash drive / memory stick from within the HitmanPro application.

Mark Loman continues: "HitmanPro.Kickstart will start the ransomed computer in their own familiar Microsoft Windows environment,
bypassing the ransomware, and will then guide the user through
the removal process.

No complicated manual tasks are required.
It is so easy, even your Granny is now able to free your computer
from ransomware, fake antiviruses and other persistent malware."

Chris.
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 703

PostPosted: Fri 05 Jul 2013, 22:47    Post subject:  

cthisbear wrote:
Probably better off with Hiren's and the Falcon boot cds.

Thanks Chris,

I'd heard of Hiren's compilation boot CD ... http://www.hiren.info/pages/bootcd but given the large number of author's and cracking tools on it I'm concerned it might include something nasty.

Hiren's boot CD appears to include a cracked copy of XP ... "Mini Windows Xp" which presumably the antimalware , (like GMER), runs on.
I'm not happy about running anything which has been cracked, it could contain hidden nastiness, but I'll give it a go just after I backup my Windows system.

Last edited by Barkin on Fri 05 Jul 2013, 23:12; edited 1 time in total
Back to top
View user's profile Send private message 
dancytron

Joined: 18 Jul 2012
Posts: 270

PostPosted: Fri 05 Jul 2013, 23:09    Post subject:  

Kaspersky rescue disk is one I used once and it worked for me.
http://support.kaspersky.com/us/viruses/rescuedisk
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 703

PostPosted: Fri 05 Jul 2013, 23:22    Post subject:  

dancytron wrote:
Kaspersky rescue disk is one I used once and it worked for me.
http://support.kaspersky.com/us/viruses/rescuedisk

Yesss : "Kaspersky rescue disk" does look for rootkits ...

kaspersky.com wrote:
Main application features:
Scanning Windows startup objects for malware and further disinfection.
Clearing the Windows registry of links to removed malicious programs.
Automatic disinfection of computers regardless of infection type and severity, including the following options:
scanning the computer for malware using signature databases;
heuristic analyzer;
scanning the computer for rootkits and neutralizing them.
Anti-virus database update option.
Recording the application on a CD/DVD or on a USB data medium.
Kaspersky Rescue Disk 10 is a free application.

http://support.kaspersky.com/us/faq/?qid=208282145
Back to top
View user's profile Send private message 
01micko


Joined: 11 Oct 2008
Posts: 7797
Location: qld

PostPosted: Sat 06 Jul 2013, 00:44    Post subject:  

http://www.comodo.com/business-security/network-protection/rescue-disk.php

Comodo rescue disk fixed what hitman-pro, malware-bytes and other stuff couldn't for me on Win7 (Still clean after about 7 weeks). It's based on Slitaz.

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send private message Visit poster's website 
Barkin


Joined: 12 Aug 2011
Posts: 703

PostPosted: Sat 06 Jul 2013, 01:46    Post subject:  

01micko wrote:
http://www.comodo.com/business-security/network-protection/rescue-disk.php

Thanks for that Comodo link. I was slightly concerned when the word "rescue" first appeared it was misspelled, but everything looks OK , (the four "Threat(s) Found" are false-alarms due to a peculiar Dell partition ).
comodo scan, 100 percent in 3 hours.jpg
 Description   comodo rescue screengrab
 Filesize   27.41 KB
 Viewed   561 Time(s)

comodo scan, 100 percent in 3 hours.jpg

Back to top
View user's profile Send private message 
cthisbear

Joined: 29 Jan 2006
Posts: 3404
Location: Sydney Australia

PostPosted: Sun 07 Jul 2013, 19:52    Post subject:  

01micko:

Is there a USB booting code for that??

Or do we need Uncle nooby?

Here is a piece I pulled from it.

And a piece of Slacko...because I multiboot.

Comodo text

DEFAULT vesamenu.c32
PROMPT 0
NOESCAPE 1
ALLOWOPTIONS 0
TIMEOUT 100
MENU TITLE COMODO Resuce Disk(2.0.261647.1)
MENU BACKGROUND /boot/comodo_boot_background.jpg
MENU COLOR BORDER 37;40 #00000000 #00000000 none
MENU COLOR TITLE 37;40 #ffff5555 #00000000 std
MENU ROWS 4
MENU NOTABMSG

LABEL Enter the Graphic Mode
kernel /boot/bzImage
append initrd=/boot/rootfs.gz rw root=/dev/null vga=normal

LABEL Enter the Text Mode
kernel /boot/bzImage
append initrd=/boot/rootfs.gz rw root=/dev/null vga=normal screen=text


;;;;;


title Slacko Puppy (sdc1/slacko)
find --set-root --ignore-floppies /slacko/initrd.gz
kernel /slacko/vmlinuz pmedia=usbflash psubdir=slacko pfix=fsck
initrd /slacko/initrd.gz



"""""""""""

Love this.

Microsoft offloads heap of critical fixes in 'ugly' Patch Tuesday

" "This is one of the uglier releases we’ve seen from Microsoft this year," notes Paul Henry, security and forensic analyst at security tools firm Lumension.

"To say that all Microsoft products are affected and everything is
affected critically is not an understatement.

It’s difficult to prioritize one or two because all the bulletins are
significant this Patch Tuesday."

http://www.theregister.co.uk/2013/07/05/ms_july_2013_patch_tuesday_prealert/

Chris.
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 703

PostPosted: Mon 08 Jul 2013, 02:10    Post subject:
Subject description: My in foil hat is on too tight
 

dancytron wrote:
Kaspersky rescue disk is one I used once and it worked for me.
http://support.kaspersky.com/us/viruses/rescuedisk

kaspersky rescue disk seemed to work OK , but now Windows won't boot :¬(
[ I had to use "Last Known Good Configuration" then "System Restore"]
kaspersky rescue disc.jpg
 Description   
 Filesize   37.84 KB
 Viewed   535 Time(s)

kaspersky rescue disc.jpg


Last edited by Barkin on Mon 08 Jul 2013, 03:14; edited 3 times in total
Back to top
View user's profile Send private message 
01micko


Joined: 11 Oct 2008
Posts: 7797
Location: qld

PostPosted: Mon 08 Jul 2013, 02:18    Post subject:  

cthisbear wrote:
01micko:

Is there a USB booting code for that??

Or do we need Uncle nooby?

Here is a piece I pulled from it.

And a piece of Slacko...because I multiboot.

[snip].


Dunno Chris, but you could probably download the free comodo linux version and install it in any puppy, it's ~25MB (iirc).

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send private message Visit poster's website 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Mon 08 Jul 2013, 04:04    Post subject:
Subject description: My in foil hat is on too tight
 

Barkin wrote:

kaspersky rescue disk seemed to work OK , but now Windows won't boot


I didn't realize Kaspersky was that intelligent
Back to top
View user's profile Send private message 
cthisbear

Joined: 29 Jan 2006
Posts: 3404
Location: Sydney Australia

PostPosted: Mon 08 Jul 2013, 08:29    Post subject:  

" I didn't realize Kaspersky was that intelligent "

Themz Ruskies.

Chris.
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 703

PostPosted: Mon 08 Jul 2013, 16:37    Post subject:  

cthisbear wrote:
" I didn't realize Kaspersky was that intelligent "

Themz Ruskies.

Chris.


The Ruskies offer a USB option , (the boot problem may have been my fault), see ... "Kaspersky USB Rescue Disk Maker" expand (+) item #2.

They do say not to have any other OS on the USB stick as it may cause booting problems, [btw "Kaspersky Rescue Disk" is Gentoo linux in disguise].

An alternative method for "Kaspersky Rescue Disk" on USB ... http://www.megaleecher.net/Bootable_Kaspersky_Rescue_Disk

Last edited by Barkin on Mon 08 Jul 2013, 17:07; edited 3 times in total
Back to top
View user's profile Send private message 
Wognath

Joined: 19 Apr 2009
Posts: 169

PostPosted: Mon 08 Jul 2013, 16:58    Post subject: Careful with that Comodo rescue disk  

I tried the Comodo rescue disk and told it to automatically fix viruses. Then I noticed it was scanning my Linux partition... It fixed my grub resulting in "missing operating system" next time I booted. Shocked

Repaired using grub to setup the partition as recommended by rcrsn51 here, but that was after quite a bit of learning experience trying a lot of things that didn't help Embarassed
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 703

PostPosted: Sat 20 Jul 2013, 09:47    Post subject:
Subject description: Avast on Puppy
 

Just tried the Avast pet running on Puppy ... http://bkhome.org/blog/?viewDetailed=02494
It spotted the EICAR test-virus, see below , (but I don't know if this free version of Avast looks for root-kits ).
BTW the Avast virus "signature" database is now 87Mb, (quoted as "44MB" in Barry's 2011 blog).
Avast on Puppy spots EICAR test-virus.png
 Description   
 Filesize   39.04 KB
 Viewed   391 Time(s)

Avast on Puppy spots EICAR test-virus.png

Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [18 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0887s ][ Queries: 12 (0.0064s) ][ GZIP on ]