Ok, we get it... ;-) -----Original Message----- From: Peter van Houten [mailto:peter...@gmail.com] Sent: Monday, May 17, 2010 5:23 PM To: NT System Admin Issues Subject: Re: Bootable Vipre Rescue
In preparation for my possible meeting with Pan Virut (Virut Pan anyone?) tomorrow, I prepared a bootable USB flash drive with the following recipe. I used Winternals ERD Commander (as I also run the built-in functionality extensively) but I'm sure most other WinPE implementations will work. 1) Download and install WinToFlash: http://wintoflash.com/home/en 2) Download the latest Vipre Rescue [1] http://live.sunbeltsoftware.com 3) Unpack the Vipre Rescue executable to a temp directory using WinRar, etc. 4) Unpack the ISO / CD / DVD containing your WinPE system to another temp directory (I use ImgBurn and WinRar) 5) Copy the directory in (3) somewhere into the directory in (4). I place all my extra executables into "Programs" as I intensely dislike the Windows use of a space in names. 6) Copy sbredrv.sys (the Vipre anti-rootkit engine) from (3) to the Windows drivers directory in (4). Nominally, this is %windir%\system32\drivers in that filesystem. 7) Copy sbbd.exe (the Vipre boot delete utility [sounds horrendous!]) from (3) to the Windows executables directory in (4). Nominally, this is %windir%\system32 in that filesystem. 8) Run WinToFlash and choose "Transfer Windows XP/2003 setup to USB drive" under "Advanced mode" and choose (4) as the source and the root of the USB flash drive as the destination. 9) 10 mins later you should have a bootable USB flash drive schtick. 10) Boot from the above flash drive and open a shell from whence you can run VIPRERescueScanner.exe (or renamed to simply vipre.exe to save typing) with your choice of switches. I run the .exe directly as ERD Commander doesn't like .bat files and I haven't bothered to find out why. 10) Batch / script the whole caboodle above so you don't have to wade through it again (especially since you'll want to update Vipre Rescue regularly). [1] Many thanks to Sunbelt for a great tool [2] [2] Not meant to be funny... -- Peter van Houten On the 17 May, 2010 15:01, John Aldrich wrote the following: > I know there was talk here awhile back about a “bootable” Vipre Rescue. > Has that ever come to fruition? I’ve got a laptop our CEO brought into > me to clean and it’s not wanting to respond to a CTL+ALT+DEL at the > desktop, and the hard drive is thrashing! L He seems to think it’s badly > infested, and wants me to clean it. > > John-AldrichTile-Tools ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
