Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Virtualization and Scanning of Infected PCs

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
linuxer1999
Newbie


Joined: 08 Jul 2009
Last Visit: 08 Jul 2009
Posts: 1
PostPosted: Wed Jul 08, 2009 5:57 am    Post subject: Virtualization and Scanning of Infected PCs Reply with quote
Hullo folks. I have just discovered this site, and am very IMPRESSED. All this nice, pure HTML, and good information... it is refreshing!

I willl be launching a home-service PC repair business in the coming weeks. Am usually able to deal with the ordinary hardware problems: dust, fans, burnt power supplies, and components.

But on the software side, it can get tricky. It is easy to waste a LOT of time debugging an infected machine. I have become pretty good at the quick re-install by creating pre-made, up-to-date XP install disks with RyanVM updates, and all sorts of generic drivers. But I have to give the customer what he wants, and this is always at least an ATTEMPT at cleansing the PC of bad stuff.

What I would like to do with the infected PCs is this:
1. GHOST[32] them, or otherwise create a primary partition disk image on a nice fast USB2/SATA3 external disk.
2. Virtualize the image, using VMware, and P2V Assistant.
3. Scan them in the virtual machine, using a battery of free and commercial tools, like those listed on this site. (automate this?)
4. If the infected virtual machine can be cleaned and made bootable, then restore the cleaned image to the original PC.
5. If not, recover those files of interest to the user (mail/bookmarks/data files), creating data DVD disks or such, and re-install the OS. Note: Am uncertain if simply pruning out the %SYSTEMROOT% and overwriting the boot sector will be enough.

As those of you who are routinely called upon to fix all your friends' and family's computers know, it can be neigh impossible to repair an infected, SLOW PC using a mere BartPE or utility disk. I want to virtualize the infected computer and scan its files from another clean, FAST, virtual computer that already has all my favorite and up-to-date anti-bad-stuff utils installed. This way, the customer won't have to buy anything, and the repair person will not need the Internet.

Does anyone have good information on doing this?

There must be a business somewhere that will take a disk image of an infected PC by mail, and ship back disks with a clean image...

Does anyone know where I am coming from? Any help, comments and opinions will be appreciated.[/u]
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group