RE: Bootable Vipre Rescue
I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, Nathan The information in this email may be confidential or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Bootable Vipre Rescue
Not what you are wanting to read, but currently the way to remedy this (especially on a laptop) is: 1. Physically remove the suspected drive 2. Attach it externally to a recently scanned system 3. Use your rescue tools (VIPRERESCUE, MalwareBytes, etc) on the external Good luck! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA ®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. John Aldrich jaldr...@blueridgecarpet.com wrote on 05/17/2010 08:01:47 AM: I know there was talk here awhile back about a ?bootable? Vipre Rescue. Has that ever come to fruition? I?ve got a laptop our CEO brought into me to clean and it?s not wanting to respond to a CTL+ALT+DEL at the desktop, and the hard drive is thrashing! L He seems to think it?s badly infested, and wants me to clean it. [image removed] [image removed] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, Nathan The information in this email may be confidential or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
I use the Ultimate Boot Disk with I believe (it's been a bit since I had to use it) with an add-in for VIPRE Rescue. Might want to look into that. From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Monday, May 17, 2010 9:02 AM To: NT System Admin Issues Subject: Bootable Vipre Rescue I know there was talk here awhile back about a bootable Vipre Rescue. Has that ever come to fruition? I've got a laptop our CEO brought into me to clean and it's not wanting to respond to a CTL+ALT+DEL at the desktop, and the hard drive is thrashing! L He seems to think it's badly infested, and wants me to clean it. John-AldrichTile-Tools ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Bootable Vipre Rescue
I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, Nathan The information in this email may be confidential or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
Thanks. I managed to get into safe mode (Vista Home Premium) and remove some junk. Now I have to go through and do the rest. I'd love to nuke it and repave, but I don't have the O/S install disks (Acer) so I can't do that. L John-AldrichTile-Tools From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Monday, May 17, 2010 9:10 AM To: NT System Admin Issues Subject: Re: Bootable Vipre Rescue Not what you are wanting to read, but currently the way to remedy this (especially on a laptop) is: 1. Physically remove the suspected drive 2. Attach it externally to a recently scanned system 3. Use your rescue tools (VIPRERESCUE, MalwareBytes, etc) on the external Good luck! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCAR 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 http://www.aspca.org/ www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to AnimalsR (ASPCAR) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. John Aldrich jaldr...@blueridgecarpet.com wrote on 05/17/2010 08:01:47 AM: I know there was talk here awhile back about a bootable Vipre Rescue. Has that ever come to fruition? I've got a laptop our CEO brought into me to clean and it's not wanting to respond to a CTL+ALT+DEL at the desktop, and the hard drive is thrashing! L He seems to think it's badly infested, and wants me to clean it. [image removed] [image removed] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Bootable Vipre Rescue
I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, Nathan The information in this email may be confidential or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
Try Combofix. From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Monday, May 17, 2010 6:16 AM To: NT System Admin Issues Subject: RE: Bootable Vipre Rescue Thanks. I managed to get into safe mode (Vista Home Premium) and remove some junk. Now I have to go through and do the rest. I'd love to nuke it and repave, but I don't have the O/S install disks (Acer) so I can't do that. L John-AldrichTile-Tools From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Monday, May 17, 2010 9:10 AM To: NT System Admin Issues Subject: Re: Bootable Vipre Rescue Not what you are wanting to read, but currently the way to remedy this (especially on a laptop) is: 1. Physically remove the suspected drive 2. Attach it externally to a recently scanned system 3. Use your rescue tools (VIPRERESCUE, MalwareBytes, etc) on the external Good luck! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCAR 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 http://www.aspca.org/ www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to AnimalsR (ASPCAR) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. John Aldrich jaldr...@blueridgecarpet.com wrote on 05/17/2010 08:01:47 AM: I know there was talk here awhile back about a bootable Vipre Rescue. Has that ever come to fruition? I've got a laptop our CEO brought into me to clean and it's not wanting to respond to a CTL+ALT+DEL at the desktop, and the hard drive is thrashing! L He seems to think it's badly infested, and wants me to clean it. [image removed] [image removed] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Bootable Vipre Rescue
I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, Nathan The information in this email may be confidential or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
I think Nathan's out of the office for awhile. What do you think? -Original Message- From: Wright, Nathan L. [mailto:nwri...@frontieroil-eld.com] Sent: Monday, May 17, 2010 8:19 AM To: NT System Admin Issues Subject: RE: Bootable Vipre Rescue I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, Nathan The information in this email may be confidential or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, Nathan The information in this email may be confidential or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
NO, he just wants us to know that he will be gone about 10 weeks from now. -- richard Maglinger, Paul pmaglin...@scvl.com wrote on 05/17/2010 08:22:58 AM: I think Nathan's out of the office for awhile. What do you think? -Original Message- From: Wright, Nathan L. [mailto:nwri...@frontieroil-eld.com] Sent: Monday, May 17, 2010 8:19 AM To: NT System Admin Issues Subject: RE: Bootable Vipre Rescue I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, Nathan The information in this email may be confidential or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, Nathan The information in this email may be confidential or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
Yep, and it's only may, he's planning well in advance :) Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From: Maglinger, Paul pmaglin...@scvl.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 17/05/2010 14:23 Subject: RE: Bootable Vipre Rescue I think Nathan's out of the office for awhile. What do you think? -Original Message- From: Wright, Nathan L. [mailto:nwri...@frontieroil-eld.com] Sent: Monday, May 17, 2010 8:19 AM To: NT System Admin Issues Subject: RE: Bootable Vipre Rescue I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, Nathan The information in this email may be confidential or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
Have you tried a hard power reset, *then* F8 into Safe Mode ? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Monday, May 17, 2010 9:02 AM To: NT System Admin Issues Subject: Bootable Vipre Rescue I know there was talk here awhile back about a “bootable” Vipre Rescue. Has that ever come to fruition? I’ve got a laptop our CEO brought into me to clean and it’s not wanting to respond to a CTL+ALT+DEL at the desktop, and the hard drive is thrashing! L He seems to think it’s badly infested, and wants me to clean it. John-AldrichTile-Tools ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Bootable Vipre Rescue
I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, Nathan The information in this email may be confidential or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, Nathan The information in this email may be confidential or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
Results: The following members were successfully deleted: nwri...@frontieroil-eld.com Warm regards, Stu Sjouwerman Co-Founder, Publisher, Sunbelt Media P: +1-727-562-0101 ext 218 F: +1-727-562-5199 s...@sunbelt-software.com .. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
I think I will delete him. LOL Warm regards, Stu Sjouwerman Co-Founder, Publisher, Sunbelt Media P: +1-727-562-0101 ext 218 F: +1-727-562-5199 s...@sunbelt-software.com -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Monday, May 17, 2010 9:23 AM To: NT System Admin Issues Subject: RE: Bootable Vipre Rescue I think Nathan's out of the office for awhile. What do you think? -Original Message- From: Wright, Nathan L. [mailto:nwri...@frontieroil-eld.com] Sent: Monday, May 17, 2010 8:19 AM To: NT System Admin Issues Subject: RE: Bootable Vipre Rescue I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, Nathan The information in this email may be confidential or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ .. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Bootable Vipre Rescue
I am out of the office from July 31 until August 7. I will get back to you when I return. Thanks, *JUST KIDDING, DON'T DELETE ME PLEASE! - andrew * On 17 May 2010 22:39, Stu Sjouwerman s...@sunbelt-software.com wrote: Results: The following members were successfully deleted: nwri...@frontieroil-eld.com Warm regards, Stu Sjouwerman Co-Founder, Publisher, Sunbelt Media P: +1-727-562-0101 ext 218 F: +1-727-562-5199 s...@sunbelt-software.com .. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Kind regards, Andrew Levicki MCITP:EDST7/EMA/EA,MCSE,MCSA,MCP,CCNA,ITIL ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Bootable Vipre Rescue
On 17 May 2010 at 9:39, Stu Sjouwerman wrote: Results: The following members were successfully deleted: nwri...@frontieroil-eld.com Thanks. I was thinking we might have to submit his email to http://pleaserobme.com/ -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
Yeah. I got in in safe mode, finally. The system was on standby when it was handed to me, so apparently had a whole bunch of crap running. J I rebooted into safe mode and uninstalled some of it. J John-AldrichTile-Tools From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Monday, May 17, 2010 9:28 AM To: NT System Admin Issues Subject: RE: Bootable Vipre Rescue Have you tried a hard power reset, *then* F8 into Safe Mode ? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Monday, May 17, 2010 9:02 AM To: NT System Admin Issues Subject: Bootable Vipre Rescue I know there was talk here awhile back about a bootable Vipre Rescue. Has that ever come to fruition? I've got a laptop our CEO brought into me to clean and it's not wanting to respond to a CTL+ALT+DEL at the desktop, and the hard drive is thrashing! L He seems to think it's badly infested, and wants me to clean it. John-AldrichTile-Tools ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: Bootable Vipre Rescue
What about F8 before the windows logo comes up, then Safe mode, then you can use winmsd or sysinternals autoruns to disable all the bad stuff. Hopefully while in safe mode you can run the scan with your tools via a stick or cd, and if not, as long as you remove enough junk from starting at normal boot, it may come up and be responsive enough for you to run a scan while it's started normally to begin cleaning things up. Did this yesterday for a friend - what a mess... Don K From: John Aldrich jaldr...@blueridgecarpet.comTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSent: Mon, May 17, 2010 8:01:47 AMSubject: Bootable Vipre Rescue I know there was talk here awhile back about a “bootable” Vipre Rescue. Has that ever come to fruition? I’ve got a laptop our CEO brought into me to clean and it’s not wanting to respond to a CTL+ALT+DEL at the desktop, and the hard drive is thrashing! L He seems to think it’s badly infested, and wants me to clean it. s
RE: Bootable Vipre Rescue
Yeah. I’m running VipreRescue in normal mode now. Then I’ll reboot and run in safe mode, then follow that by updating the Malware Bytes that was previously installed on the *personal* machine of our CEO’s son. J John-AldrichTile-Tools From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Monday, May 17, 2010 11:53 AM To: NT System Admin Issues Subject: Re: Bootable Vipre Rescue What about F8 before the windows logo comes up, then Safe mode, then you can use winmsd or sysinternals autoruns to disable all the bad stuff. Hopefully while in safe mode you can run the scan with your tools via a stick or cd, and if not, as long as you remove enough junk from starting at normal boot, it may come up and be responsive enough for you to run a scan while it's started normally to begin cleaning things up. Did this yesterday for a friend - what a mess... Don K _ From: John Aldrich jaldr...@blueridgecarpet.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Mon, May 17, 2010 8:01:47 AM Subject: Bootable Vipre Rescue I know there was talk here awhile back about a “bootable” Vipre Rescue. Has that ever come to fruition? I’ve got a laptop our CEO brought into me to clean and it’s not wanting to respond to a CTL+ALT+DEL at the desktop, and the hard drive is thrashing! L He seems to think it’s badly infested, and wants me to clean it. John-AldrichTile-Tools s ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Bootable Vipre Rescue
Or try rebooting into Safe Mode with Command Prompt and run VIPRE Rescue off the USB. The newer infections often are impossible to boot in normal Safe Mode, but with Command Prompt it's sometimes doable. Alex From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Monday, May 17, 2010 9:10 AM To: NT System Admin Issues Subject: Re: Bootable Vipre Rescue Not what you are wanting to read, but currently the way to remedy this (especially on a laptop) is: 1. Physically remove the suspected drive 2. Attach it externally to a recently scanned system 3. Use your rescue tools (VIPRERESCUE, MalwareBytes, etc) on the external Good luck! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA(r) 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.orghttp://www.aspca.org/ The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. John Aldrich jaldr...@blueridgecarpet.com wrote on 05/17/2010 08:01:47 AM: I know there was talk here awhile back about a bootable Vipre Rescue. Has that ever come to fruition? I've got a laptop our CEO brought into me to clean and it's not wanting to respond to a CTL+ALT+DEL at the desktop, and the hard drive is thrashing! L He seems to think it's badly infested, and wants me to clean it. [image removed] [image removed] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Bootable Vipre Rescue
In preparation for my possible meeting with Pan Virut (Virut Pan anyone?) tomorrow, I prepared a bootable USB flash drive with the following recipe. I used Winternals ERD Commander (as I also run the built-in functionality extensively) but I'm sure most other WinPE implementations will work. 1) Download and install WinToFlash: http://wintoflash.com/home/en 2) Download the latest Vipre Rescue [1] http://live.sunbeltsoftware.com 3) Unpack the Vipre Rescue executable to a temp directory using WinRar, etc. 4) Unpack the ISO / CD / DVD containing your WinPE system to another temp directory (I use ImgBurn and WinRar) 5) Copy the directory in (3) somewhere into the directory in (4). I place all my extra executables into Programs as I intensely dislike the Windows use of a space in names. 6) Copy sbredrv.sys (the Vipre anti-rootkit engine) from (3) to the Windows drivers directory in (4). Nominally, this is %windir%\system32\drivers in that filesystem. 7) Copy sbbd.exe (the Vipre boot delete utility [sounds horrendous!]) from (3) to the Windows executables directory in (4). Nominally, this is %windir%\system32 in that filesystem. 8) Run WinToFlash and choose Transfer Windows XP/2003 setup to USB drive under Advanced mode and choose (4) as the source and the root of the USB flash drive as the destination. 9) 10 mins later you should have a bootable USB flash drive schtick. 10) Boot from the above flash drive and open a shell from whence you can run VIPRERescueScanner.exe (or renamed to simply vipre.exe to save typing) with your choice of switches. I run the .exe directly as ERD Commander doesn't like .bat files and I haven't bothered to find out why. 10) Batch / script the whole caboodle above so you don't have to wade through it again (especially since you'll want to update Vipre Rescue regularly). [1] Many thanks to Sunbelt for a great tool [2] [2] Not meant to be funny... -- Peter van Houten On the 17 May, 2010 15:01, John Aldrich wrote the following: I know there was talk here awhile back about a “bootable” Vipre Rescue. Has that ever come to fruition? I’ve got a laptop our CEO brought into me to clean and it’s not wanting to respond to a CTL+ALT+DEL at the desktop, and the hard drive is thrashing! L He seems to think it’s badly infested, and wants me to clean it. John-AldrichTile-Tools ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Bootable Vipre Rescue
Ok, we get it... ;-) -Original Message- From: Peter van Houten [mailto:peter...@gmail.com] Sent: Monday, May 17, 2010 5:23 PM To: NT System Admin Issues Subject: Re: Bootable Vipre Rescue In preparation for my possible meeting with Pan Virut (Virut Pan anyone?) tomorrow, I prepared a bootable USB flash drive with the following recipe. I used Winternals ERD Commander (as I also run the built-in functionality extensively) but I'm sure most other WinPE implementations will work. 1) Download and install WinToFlash: http://wintoflash.com/home/en 2) Download the latest Vipre Rescue [1] http://live.sunbeltsoftware.com 3) Unpack the Vipre Rescue executable to a temp directory using WinRar, etc. 4) Unpack the ISO / CD / DVD containing your WinPE system to another temp directory (I use ImgBurn and WinRar) 5) Copy the directory in (3) somewhere into the directory in (4). I place all my extra executables into Programs as I intensely dislike the Windows use of a space in names. 6) Copy sbredrv.sys (the Vipre anti-rootkit engine) from (3) to the Windows drivers directory in (4). Nominally, this is %windir%\system32\drivers in that filesystem. 7) Copy sbbd.exe (the Vipre boot delete utility [sounds horrendous!]) from (3) to the Windows executables directory in (4). Nominally, this is %windir%\system32 in that filesystem. 8) Run WinToFlash and choose Transfer Windows XP/2003 setup to USB drive under Advanced mode and choose (4) as the source and the root of the USB flash drive as the destination. 9) 10 mins later you should have a bootable USB flash drive schtick. 10) Boot from the above flash drive and open a shell from whence you can run VIPRERescueScanner.exe (or renamed to simply vipre.exe to save typing) with your choice of switches. I run the .exe directly as ERD Commander doesn't like .bat files and I haven't bothered to find out why. 10) Batch / script the whole caboodle above so you don't have to wade through it again (especially since you'll want to update Vipre Rescue regularly). [1] Many thanks to Sunbelt for a great tool [2] [2] Not meant to be funny... -- Peter van Houten On the 17 May, 2010 15:01, John Aldrich wrote the following: I know there was talk here awhile back about a “bootable” Vipre Rescue. Has that ever come to fruition? I’ve got a laptop our CEO brought into me to clean and it’s not wanting to respond to a CTL+ALT+DEL at the desktop, and the hard drive is thrashing! L He seems to think it’s badly infested, and wants me to clean it. John-AldrichTile-Tools ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
