(OT) Open Source Virus Scanner
Bill Horne
bill-CIZd1d4GmLheoWH0uzbU5w at public.gmane.org
Mon Jan 26 14:04:29 EST 2009
Tom Metro wrote:
> Bill Horne wrote:
>
>> paul.cour1-H+0wwilmMs3R7s880joybQ at public.gmane.org wrote:
>>
>>> Ran Spy Bot and Clamwin Virus Scanners without finding anything (???)
>>> Any suggestions on Open Source Virus Scanner or technique ???
>>>
>> Download Process Explorer from the Microsoft Sysinternals site, and use
>> it to find all non-MS processes running in the machine. Kill them, then
>> run the virus scan.
>>
>
> Better yet, boot a Linux CD, and run ClamAV from that. Similarly there
> are bootable Windows CDs (http://www.ubcd4win.com/) that - with some
> effort - will let you run virus scanners independent of the installed OS.
>
I didn't know Linux could write to the NTFS file system: is that
possible now, or is ClamAV only able to ID viruses on NTFS disks, but
not fix them?
> The System Internals guys also have a tool called RootkitRevealer[1],
> which you run on the infected OS. It compares the file system as seen
> from the OS, vs. what it looks like from low-level I/O that bypasses the
> OS, to reveal files that are being hidden from the OS. I don't know if
> this tool is still getting much use - I see it hasn't been updated since
> 2006.
>
> 1. http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
>
That's good to know. I'll add that to my av bag-o-tricks.
Bill
--
E. William Horne
William Warren Consulting
Computer & Network Installations, Security, and Service
http://william-warren.com
781-784-7287
More information about the Discuss
mailing list