[41511] in Resnet-Forum
Re: Malware Live CD removal anyone?
daemon@ATHENA.MIT.EDU (Gaynor, Suzanne)
Thu Jan 12 16:42:21 2017
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=001a113c6ee44632550545ec945b
Message-ID: <CAD971fpR-BZVFZ_4TwNcSYT61-q5Z2qb2A-X9Frty-8CbrHUJw@mail.gmail.com>
Date: Thu, 12 Jan 2017 16:41:05 -0500
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: "Gaynor, Suzanne" <gaynors@HARTWICK.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <30da051436df494ca9e655825d551c4d@ISU-EXCH-1.isuad.indstate.edu>
--001a113c6ee44632550545ec945b
Content-Type: text/plain; charset=UTF-8
I also like to install free Avast and run their boot-time scan. Of course
you have to remove whatever AV you've got on there first. I think the Avast
boot time scan, Malwarebytes and ADWCleaner are my favorites. Sometimes
CCleaner or HijackThis for tidying things up.
Of course it also depends on the infection type and there are other tools
that may correct specific symptoms or aftereffects.
Good Luck!
Suzanne
Suzanne Gaynor
Director, Technology Resource Center
Hartwick College
gaynors@hartwick.edu
607-431-4670
On Thu, Jan 12, 2017 at 4:30 PM, Amanda Cockrell <
Amanda.Cockrell@indstate.edu> wrote:
> I have not had to remove viruses in a while (knock on wood), but
> malwarebytes was my go to as well.
>
>
>
> Amanda Cockrell
>
> ISU-OIT-Networking
>
> Tirey Hall Room T065
>
> (812)237-8854
>
>
>
>
>
> *From:* Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] *On Behalf Of *Keenan
> Parmelee
> *Sent:* Thursday, January 12, 2017 4:06 PM
> *To:* RESNET-L@LISTSERV.ND.EDU
> *Subject:* Re: Malware Live CD removal anyone?
>
>
>
> If you're looking for a fairly easy to use/setup tool, Windows Defender
> Offline can let you burn to a CD/DVD or install on a USB to boot from and
> scan an offline file system. There's plenty of info on Google about how to
> get it working.
>
>
>
> When it comes to online scanning, MalwareBytes is my favorite. But I
> don't believe they offer a bootable media format.
>
>
> Keenan Parmelee
>
> Systems Administrator
>
> Student Affairs IT
>
>
>
> On Thu, Jan 12, 2017 at 8:36 AM, Mike King <me@mpking.com> wrote:
>
> So we've just had something happen that hasn't happen in a long time.
>
>
>
> We had a lab image have a virus on it, and a very large lab was deployed
> with the image.
>
>
>
> Of course, the lab has alot of custom software that was not scripted, but
> hand installed, so the usual answer of Nuke it and rebuild is going to be
> extrememly painful.
>
>
>
> We haven't tried to clean boxes in along time, what's is everyone's
> favorite tool set?
>
>
> (I don't have the exact virus right now)
>
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
>
>
>
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--001a113c6ee44632550545ec945b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">I also like to install free Avast and run their boot-time =
scan. Of course you have to remove whatever AV you've got on there firs=
t. I think the Avast boot time scan, Malwarebytes and ADWCleaner are my fav=
orites. Sometimes CCleaner or HijackThis for tidying things up.<div><br></d=
iv><div>Of course it also depends on the infection type and there are other=
tools that may correct specific symptoms or aftereffects.</div><div><br></=
div><div>Good Luck!<br><div><br></div><div>Suzanne</div></div></div><div cl=
ass=3D"gmail_extra"><br clear=3D"all"><div><div class=3D"gmail_signature" d=
ata-smartmail=3D"gmail_signature">Suzanne Gaynor<div>Director, Technology R=
esource Center</div><div>Hartwick College</div><div><a href=3D"mailto:gayno=
rs@hartwick.edu" target=3D"_blank">gaynors@hartwick.edu</a></div><div>607-4=
31-4670</div></div></div>
<br><div class=3D"gmail_quote">On Thu, Jan 12, 2017 at 4:30 PM, Amanda Cock=
rell <span dir=3D"ltr"><<a href=3D"mailto:Amanda.Cockrell@indstate.edu" =
target=3D"_blank">Amanda.Cockrell@indstate.edu</a>></span> wrote:<br><bl=
ockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #=
ccc solid;padding-left:1ex">
<div lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"m_-7108259918280942725WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri",sans-serif;color:#1f497d">I have not had to remove viruses in a=
while (knock on wood), but malwarebytes was my go to as well.<u></u><u></u=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri",sans-serif;color:#1f497d"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri",sans-serif;color:#1f497d">Amanda Cockrell<u></u><u></u></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri",sans-serif;color:#1f497d">ISU-OIT-Networking<u></u><u></u></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri",sans-serif;color:#1f497d">Tirey Hall Room T065<u></u><u></u></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri",sans-serif;color:#1f497d">(812)237-8854<u></u><u></u></span></p=
>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri",sans-serif;color:#1f497d"><u></u>=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><a name=3D"m_-7108259918280942725__MailEndCompose"><=
span style=3D"font-size:11.0pt;font-family:"Calibri",sans-serif;c=
olor:#1f497d"><u></u>=C2=A0<u></u></span></a></p>
<span></span>
<p class=3D"MsoNormal"><b><span style=3D"font-size:11.0pt;font-family:"=
;Calibri",sans-serif">From:</span></b><span style=3D"font-size:11.0pt;=
font-family:"Calibri",sans-serif"> Resnet Forum [mailto:<a href=
=3D"mailto:RESNET-L@LISTSERV.ND.EDU" target=3D"_blank">RESNET-L@LISTSERV.ND=
.<wbr>EDU</a>]
<b>On Behalf Of </b>Keenan Parmelee<br>
<b>Sent:</b> Thursday, January 12, 2017 4:06 PM<br>
<b>To:</b> <a href=3D"mailto:RESNET-L@LISTSERV.ND.EDU" target=3D"_blank">RE=
SNET-L@LISTSERV.ND.EDU</a><br>
<b>Subject:</b> Re: Malware Live CD removal anyone?<u></u><u></u></span></p=
>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal">If you're looking for a fairly easy to use/setup=
tool, Windows Defender Offline can let you burn to a CD/DVD or install on =
a USB to boot from and scan an offline file system.=C2=A0 There's plent=
y of info on Google about how to get it working.<u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">When it comes to online scanning, MalwareBytes is my=
favorite.=C2=A0 But I don't believe they offer a bootable media format=
.<u></u><u></u></p>
</div>
</div>
<div>
<p class=3D"MsoNormal"><br clear=3D"all">
<u></u><u></u></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class=3D"MsoNormal">Keenan Parmelee<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">Systems Administrator<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">Student Affairs IT<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal">On Thu, Jan 12, 2017 at 8:36 AM, Mike King <<a hr=
ef=3D"mailto:me@mpking.com" target=3D"_blank">me@mpking.com</a>> wrote:<=
u></u><u></u></p>
<blockquote style=3D"border:none;border-left:solid #cccccc 1.0pt;padding:0i=
n 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class=3D"MsoNormal">So we've just had something happen that hasn'=
;t happen in a long time.<u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">We had a lab image have a virus on it, and a very la=
rge lab was deployed with the image. =C2=A0<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">Of course, the lab has alot of custom software that =
was not scripted, but hand installed, so the usual answer of Nuke it and re=
build is going to be extrememly painful.<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">We haven't tried to clean boxes in along time, w=
hat's is everyone's favorite tool set?<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><br>
(I don't have the exact virus right now)<u></u><u></u></p>
</div>
</div>
<p class=3D"MsoNormal">______________________________<wbr>_________________=
____ You are subscribed to the ResNet-L mailing list.
<u></u><u></u></p>
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/<wbr>archives/resnet-l.html</a> ____________________=
__________<wbr>_____________________
<u></u><u></u></p>
</blockquote>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<p class=3D"MsoNormal">______________________________<wbr>_________________=
____ You are subscribed to the ResNet-L mailing list.
<u></u><u></u></p>
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/<wbr>archives/resnet-l.html</a> ____________________=
__________<wbr>_____________________
<u></u><u></u></p>
</div>
</div>
______________________________<wbr>_____________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_=
blank">http://LISTSERV.ND.EDU/<wbr>archives/resnet-l.html</a>
______________________________<wbr>_____________________
</p></blockquote></div><br></div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--001a113c6ee44632550545ec945b--
