• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

Re: After running spyware - XP won't let me boot - keeps logging out

D

daviddschool

Flightless Bird
>     cp /home/something_you_want_to_keep /discs/C:/
>
> and the file will end up stored as
>
>     /discs/C:/something_you_want_to_keep
>
> They made the name of the disk, include the colon character, which
> is a bit confusing until you get used to it.
>
> When you boot back into Windows, at the top level of that
> partition (whatever partition it happens to be), you'll see
> a new file sitting there...
>
>     something_you_want_to_keep
>
> So if there was something you suspected you'd need later, like
> userinit or something, you could keep copies of anything Kav
> wants to throw away.
>
> I haven't located where files are quarantined yet. I'll leave
> that detail for later, as my virtual environment is (very slowly)
> downloading virus updates right now, and could take quite a while.
>
> HTH,
>     Paul

Well, the delay in my response is because it has taken a long time for
Kaspersky to run through 4 drives and I am awaiting the 5th to
complete. Thank goodness for this program. I didn't try speeding it
up, I am content now that it is at least working! Also I got the
build of Bart's PE to work, and I am going to try and install WinSP2
on the drive using it after I get my Win 7 drive scanned.
Now how does Kasp work? If it downloads the updated virus files from
the server, is there a chance they could get infected?
 
P

Paul

Flightless Bird
Re: After running spyware - XP won't let me boot - keeps loggingout

daviddschool wrote:
>> cp /home/something_you_want_to_keep /discs/C:/
>>
>> and the file will end up stored as
>>
>> /discs/C:/something_you_want_to_keep
>>
>> They made the name of the disk, include the colon character, which
>> is a bit confusing until you get used to it.
>>
>> When you boot back into Windows, at the top level of that
>> partition (whatever partition it happens to be), you'll see
>> a new file sitting there...
>>
>> something_you_want_to_keep
>>
>> So if there was something you suspected you'd need later, like
>> userinit or something, you could keep copies of anything Kav
>> wants to throw away.
>>
>> I haven't located where files are quarantined yet. I'll leave
>> that detail for later, as my virtual environment is (very slowly)
>> downloading virus updates right now, and could take quite a while.
>>
>> HTH,
>> Paul
>
> Well, the delay in my response is because it has taken a long time for
> Kaspersky to run through 4 drives and I am awaiting the 5th to
> complete. Thank goodness for this program. I didn't try speeding it
> up, I am content now that it is at least working! Also I got the
> build of Bart's PE to work, and I am going to try and install WinSP2
> on the drive using it after I get my Win 7 drive scanned.
> Now how does Kasp work? If it downloads the updated virus files from
> the server, is there a chance they could get infected?

Are you still talking about the Linux rescue CD from Kaspersky ?

It downloads about 20MB of fresh virus signature updates when you
boot the CD. The download starts about ten seconds after the desktop
appears. The signatures are stored in RAM (like the rest of the
temporary file systems that make up the environment of the Linux
LiveCD).

The naive answer is, in the Linux environment, there is no
reason to be running Windows executables, using the Windows
registry, paying attention to Windows startup items or requests
to start services. So there is less reason for the malware
to be able to do something, unless it is invoked somehow.

My pessimistic side though, views any computer as a "leaky bucket"
when it comes to security. The BIOS chip on the motherboard can
be reprogrammed (and I don't know what prevents it from being
re-written, in a Windows environment - after all, the motherboard
company provides a Windows BIOS flasher). The video card has
a 64KB VESA BIOS chip that can be flash upgraded. I upgraded the
flash chip on my video card, using a Windows flashing tool (and
used a second video card, so I could see the screen while the flasher
did its thing). Any non-volatile storage on a computer could be
used as a vehicle for malware. The only reason we're not all
in a botnet, is there isn't an incentive to go to that much
trouble. I'm not convinced we're particularly safe. Especially
after the last Patch Tuesday, with one of the Microsoft updates
being tripped up by systems that have a rootkit present on them.
It shows there could be lots of systems out there that are compromised,
and the owner doesn't know it. And with rootkits, a lot of AV tools
won't be detecting it.

I can't say I feel particularly safe on my computer. I would not
consider doing banking online, and I still go to the bank physically
to take care of business. (Even that isn't safe, but that is a
story for another day.)

Paul
 
You must log in or register to reply here.
Top