[41509] in Resnet-Forum
Re: Malware Live CD removal anyone?
daemon@ATHENA.MIT.EDU (Keenan Parmelee)
Thu Jan 12 16:15:11 2017
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=001a11356f049e0cce0545ec141e
Message-ID: <CAK-nNKiELHzouWmRF0U3Mma63bXh8J9C=XRe8iJ=nkZQdGCuYA@mail.gmail.com>
Date: Thu, 12 Jan 2017 13:05:43 -0800
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Keenan Parmelee <keenanparm@BERKELEY.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <CANtPpk586wLZmSmLiu0zB+NnHFr7qJuQi4xTroSMyFAoaiRdMg@mail.gmail.com>
--001a11356f049e0cce0545ec141e
Content-Type: text/plain; charset=UTF-8
If you're looking for a fairly easy to use/setup tool, Windows Defender
Offline can let you burn to a CD/DVD or install on a USB to boot from and
scan an offline file system. There's plenty of info on Google about how to
get it working.
When it comes to online scanning, MalwareBytes is my favorite. But I don't
believe they offer a bootable media format.
Keenan Parmelee
Systems Administrator
Student Affairs IT
On Thu, Jan 12, 2017 at 8:36 AM, Mike King <me@mpking.com> wrote:
> So we've just had something happen that hasn't happen in a long time.
>
> We had a lab image have a virus on it, and a very large lab was deployed
> with the image.
>
> Of course, the lab has alot of custom software that was not scripted, but
> hand installed, so the usual answer of Nuke it and rebuild is going to be
> extrememly painful.
>
> We haven't tried to clean boxes in along time, what's is everyone's
> favorite tool set?
>
> (I don't have the exact virus right now)
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--001a11356f049e0cce0545ec141e
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">If you're looking for a fairly easy to use/setup tool,=
Windows Defender Offline can let you burn to a CD/DVD or install on a USB =
to boot from and scan an offline file system.=C2=A0 There's plenty of i=
nfo on Google about how to get it working.<div><br></div><div>When it comes=
to online scanning, MalwareBytes is my favorite.=C2=A0 But I don't bel=
ieve they offer a bootable media format.</div></div><div class=3D"gmail_ext=
ra"><br clear=3D"all"><div><div class=3D"gmail_signature" data-smartmail=3D=
"gmail_signature"><div dir=3D"ltr"><div><div dir=3D"ltr"><div dir=3D"ltr"><=
div>Keenan Parmelee</div><div>Systems Administrator</div><div>Student Affai=
rs IT</div></div></div></div></div></div></div>
<br><div class=3D"gmail_quote">On Thu, Jan 12, 2017 at 8:36 AM, Mike King <=
span dir=3D"ltr"><<a href=3D"mailto:me@mpking.com" target=3D"_blank">me@=
mpking.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=
=3D"ltr">So we've just had something happen that hasn't happen in a=
long time.<div><br></div><div>We had a lab image have a virus on it, and a=
very large lab was deployed with the image. =C2=A0</div><div><br></div><di=
v>Of course, the lab has alot of custom software that was not scripted, but=
hand installed, so the usual answer of Nuke it and rebuild is going to be =
extrememly painful.</div><div><br></div><div>We haven't tried to clean =
boxes in along time, what's is everyone's favorite tool set?</div><=
div><br>(I don't have the exact virus right now)</div></div>
______________________________<wbr>_____________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_=
blank">http://LISTSERV.ND.EDU/<wbr>archives/resnet-l.html</a>
______________________________<wbr>_____________________
</p></blockquote></div><br></div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--001a11356f049e0cce0545ec141e--
