Bart's PE e spyware
Posted 23 July 2004 - 04:09 PM
Is there a way to make HijackThis or Cwsshredder "read" another system disk?
in order to integrate them in Bart's PE?
Posted 23 July 2004 - 04:22 PM
I believe that this is being discussed at the 911cd forums in regard to adaware and spybot accessing a loaded registry from a target installation. I believe the approach is being tested with the load hive plugin.
Edited by Trilobite, 23 July 2004 - 04:25 PM.
Posted 23 July 2004 - 06:19 PM
but i understood this
that ad-aware (so any other AV plugin) can't deal with registry run from bart pe...
is it right?
so i assume is useless for removing spyeware from registry... OUT from the system itself...
Posted 23 July 2004 - 07:51 PM
Unless the AV program can load the registry hive files from a target directory, then no, it cannot deal with a registry other than Win PE's registry. There are several users at the 911cd forums that have been working on a way to load and scan a remote registry hive, but I am unsure as to weather it works correctly.
There is a number of AV software that will work under Win PE: McAfee commandline scanner, F-Prot, Stinger and perhaps Symantec's prescan...but again, these will not load a remote registry hive.
Avast! antivirus has their own Win PE version that includes a modified version of Avast!'s antivirus. I do not know if it loads the remote hives or not.
Personally, I would not trust any spyware or AV scanner that needs to use third party programs or hacks to scan a remote registry.
McAfee has a standalone bootable AV scanner that is supposed to be able to load remote registry hives, but it is still in beta and I do not believe that it runs under Win PE.
Posted 24 July 2004 - 10:19 AM
I knew about avst Bart CD.. is it what you talking about?
but i know it is not free (am i wrong?)
i made up a plugin for avast virus cleaner free...
what are your suggestions?
i own an italian site about tweaking and i would like to publish some suggestions to make a bart's Pe for virus cleaning...
the registry fact is bad news... so i think i will stuck with virus remover like stinger (i get autoupdate plugin) and avast virus cleaner (also autoupdate)
Posted 24 July 2004 - 10:49 AM
Stinger is only for 40 or so viruses and Trojans. There is a plugin for McAfee’s command line scanner and Bart has made a GUI for it. However, a lot of people, including myself, have had trouble with Stinger and McAfee cleaning infected files from PE. I think this is because Stinger and McAfee are hard-coded to write a temp file somewhere in the system directory while they are cleaning a file. Since the system directory is read-only in Win PE, you get an error. This can be solved by unselecting the clean option and checking the delete option.
Sherpya has made a plugin for Clamav Antivirus Scanner with a Windows GUI. I have not used it much as I have found it to be a memory hog, I don’t know if it scans a remote registry hive.