Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Seek And Destroy Malware With An Antiviral Live CD

timothy posted more than 9 years ago | from the toolkit dept.

Security 31

Yx writes "CHRONOMIUM Virus Live is a GPL automatic decontamination LiveCD. It can without installing anything on your computer, seek and destroy viruses found on it. It is very useful when viruses have taken over a computer, and made it unable to work correctly. In its new 0.9 version, the GPL flavour is fully functional. So if you're doomed by those petty viruses, just try it, it may help you much! Download it here."

cancel ×

31 comments

Sorry! There are no comments related to the filter you selected.

One Comment! (-1, Offtopic)

BrittinFLA (829359) | more than 9 years ago | (#11158401)

Natalie Portman AND Brittney Spears in warm grits ahhhhhhhhhhh!

fonctional? (0)

Dr. Bent (533421) | more than 9 years ago | (#11158421)


Maybe the next version should seek and destroy bad grammar and spelling.

Re:fonctional? (1)

Atzanteol (99067) | more than 9 years ago | (#11158585)

Or you could realize the maintainer is French, and speaks English as a second language?

Such an obvious idea... (1)

Spudley (171066) | more than 9 years ago | (#11158423)

It's such an obvious idea, I can't belive it's taken this long for someone to produce it.

I've been wondering for ages why the anti-virus companies haven't been producing this sort of thing.

The only difficulty with the format is that it's harder to update for new viruses than a traditional virus checker, but even then it's still a good idea, and I'm sure it's a problem they could find a way around.

Re:Such an obvious idea... (2)

tdemark (512406) | more than 9 years ago | (#11158507)

Evidently, the CD can read updates to the Virus DB and the application off of a USB drive.

- Tony

Re:Such an obvious idea... (2, Interesting)

tdemark (512406) | more than 9 years ago | (#11158638)

Yeah, I'm responding twice to the same post... sorry.

In terms of "an obvious idea", what I've always wanted to see is a LiveCD/Knoppix offering that could read a FAT/NTFS partition on boot and run equivalents to the following software:

- Norton AV / ClamAV
- AdAware
- Spybot S&D

By the title of the story, I thought we might have actually gotten something close ("Seek and Destroy" vs "Search and Destroy").

- Tony

Re:Such an obvious idea... (1)

Nimey (114278) | more than 9 years ago | (#11158869)

It's been a feature for years with Norton Antivirus, at least since the 2000 release. NAV's only limitation was that it could only read and write FAT partitions -- this was so until at least 2003, I've not tried '04.

Re:Such an obvious idea... (1)

milkman_matt (593465) | more than 9 years ago | (#11160928)

The only difficulty with the format is that it's harder to update for new viruses than a traditional virus checker, but even then it's still a good idea, and I'm sure it's a problem they could find a way around.

Couldn't they set up a small RAMDisk to store the definitions file on? Assuming it can find a valid network connection and maybe DHCP an address from it the way most of the LiveCDs i've seen do? Of course you would store the most 'current' definitions possible on the disc, in case the disc can't find your NIC or establish a connection or anything.. but I think that would be a viable solution right?

Bloody Heck! (-1, Offtopic)

BrittinFLA (829359) | more than 9 years ago | (#11158437)

I just got my FIRST First Post! Wahooooo Flame Me, I wear Nomex underwear!!!!

Can it update? (1)

twiztidlojik (522383) | more than 9 years ago | (#11158446)

I'd like to see this use virus definition files that are recent. Can this CD automatically download them and use them? I'd rather see this than some schmuck running around with a six month old liveCD with old virus defs.

By the way, a USB memory stick won't cut it.

Re:Can it update? (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11158578)

you're a fuckstain. shut the fuck up. you are in no position to criticize the work of anyone given your limited intellect.

that's right - you're a moron.

Re:Can it update? (1)

StillDocked (471133) | more than 9 years ago | (#11159523)

Why won't a USB Memory stick work for you?

I am testing the software right now, and I like what I see.

Re:Can it update? (0)

Godeke (32895) | more than 9 years ago | (#11160107)

So you would prefer a malware infested machine to be hooked to a network than to use a USB stick??? I'm not following how that is a good idea.

Write to NTFS volumes? (2, Interesting)

rhild (659603) | more than 9 years ago | (#11158459)

Anyone know if this thing can write to NTFS volumes? I couldn't tell from the English part of their website and my French ain't so good.

If it can't write to NTFS volumes it wouldn't do me any good.

Re:Write to NTFS volumes? (1)

Beatbyte (163694) | more than 9 years ago | (#11158561)

it's experimental but yes.

Re:Write to NTFS volumes? (1, Informative)

Anonymous Coward | more than 9 years ago | (#11158572)

The NTFS partitions are borne through the use of captive-ntfs and the antivirus engaged is CLAM.

If it uses captive-ntfs it *should* be able to write to NTFS but there's no more detail than that.

Re:Write to NTFS volumes? (1)

Sepper (524857) | more than 9 years ago | (#11158825)

I looked in the forums, and they say they use a Non-GPL driver for NTFS... I don't know which one they are talking about, but that's the reason why the GPL edition of the LiveCD won't write (read?) NTFS.

Re:Write to NTFS volumes? (1)

Firehawke (50498) | more than 9 years ago | (#11159110)

Captive NTFS works by providing a WINE-style interface between the real NTFS drivers from Microsoft and Linux. That would definitely explain why they're avoiding trying to tag that version as GPL, with 'tainted' filesystem drivers.

Re:Write to NTFS volumes? (2, Informative)

fm6 (162816) | more than 9 years ago | (#11159271)

"Non-GPL"? That's an interesting way to put it. The problem with writing a driver for NTFS is that Microsoft keeps making undocumented changes in the system. (Sabotaging third-party driver vendors, or just their usual compulsive bit-twiddling? Only The Shadow Knows.) Captive-NTFS's workaround is to provide hooks for Microsoft's NTFS.sys. Which they can't distribute, for obvious reasons. But there's nothing to prevent you from copying the file from an XP installation.

Though it is possible that "Non-GPL" refers to something else.

Re:Write to NTFS volumes? (1)

advocate_one (662832) | more than 9 years ago | (#11162790)

"Non-GPL" refers to the antivirus software... Clam AV is fully redistributable, but the other one, F-prot, is only free for personal use.

Re:Write to NTFS volumes? (4, Informative)

Sepper (524857) | more than 9 years ago | (#11158780)

Yes it can.

But there seems to be 3 version of the ISO... (6 if you count the fact that each come in En and Fr)

As far as I can tell, these are the edition (I can read french but the info is a bit spread across the site):

GPL Edition (Which uses ClamAV)
Fr: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-GPL-fr.iso [antesis.org]
En: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-GPL-en.iso [antesis.org]

Community Edition (using F-prot)
Fr: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-COMMUNITY-fr.iso [antesis.org]
En: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-COMMUNITY-en.iso [antesis.org]

Community Edition With NTFS drivers (using F-prot)
Fr: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-COMMUNITY_FULL-fr.iso [antesis.org]
En: ftp://telechargement.antesis.org/download/CHRONOMI UM-0.9.0-COMMUNITY_FULL-en.iso [antesis.org]

The lastest defintions for F-Prot have to be downloaded from: http://www.f-prot.com/download/ [f-prot.com]
(but they can be stored in a USB key)

Voilà!
Hope it clarify things a bit...

Re:Write to NTFS volumes? (1)

rhild (659603) | more than 9 years ago | (#11159002)

Thanks for the translation/clarification

Re:Write to NTFS volumes? (1)

Bravo_Two_Zero (516479) | more than 9 years ago | (#11158911)

This:

"The NTFS partitions are borne through the use of captive-ntfs and the antivirus engaged is CLAM." ...would suggest yes, but clarification from one of our French-speaking compadres would be better.

Re:Write to NTFS volumes? (1)

Geoffreyerffoeg (729040) | more than 9 years ago | (#11160599)

Les partitions NTFS sont supportées à travers l'utilisation de captive-ntfs

In other words, oui. NTFS is supported through Captive (which, I might add, works well from personal experience on Knoppix). Captive requires using NTFS drivers on an existing Windows installation, but does anyone have an NTFS drive without Windows installed on it? (Even if your install is b0rked, the drivers are still there.)

Torrent link? (1)

Darkness Productions (143908) | more than 9 years ago | (#11158673)

Anyone with a torrent link? I highly expect the server to not last too horribly long, but it's still up as of right now.

Awosome (1)

rd_syringe (793064) | more than 9 years ago | (#11159609)

Focking awosome! I con't woit to try out thos wonderfol softwore.

Work with a windows system? (1)

Dibson (723948) | more than 9 years ago | (#11159717)

Call me foolish for asking-

I'm looking to clean up a friends Windows machine in a few weeks: would this do the trick? If not, how does one go about removing all the software that's crippled a computer?

It's pretty bad, my current suggestion is to format the drive... maybe there's a better way.

Re:Work with a windows system? (2, Informative)

jayfehr (806252) | more than 9 years ago | (#11160197)

Ad Aware should remove most of the spyware, but there's a lot of stuff that digs itself so far into the system that it's nearly impossible to clean. I also recommend "Hijack This", although it will not remove anything it will give you a list of all running process, then with the help of google, you can disable anything that shouldn't be running. Also be sure to use "msconfig" to disable any processes that try to start at boot time that may be malware (again google is your friend).

Of course when this is all done run a complete virus scan, I use the free version of AVG and haven't had any problems. And also be sure to get all the windows updates.

Last thing to be aware of is that some of this malware will corrupt system files and whatnot and a full reinstall may have to be done anyway, but I always recommend that as a last resort when fixing someone elses machine because there is always something that they forgot to backup and it's you they're going to call to try and find it.

Ad Aware: http://www.lavasoftusa.com/software/adaware/ [lavasoftusa.com]
Hijack This: http://www.spywareinfo.com/~merijn/ [spywareinfo.com]

Re:Work with a windows system? (1)

advocate_one (662832) | more than 9 years ago | (#11162682)

is it possible to run adaware from this live cd using wine and get it to scan the windows disk registry rather than the wine registry?

Re:Work with a windows system? (1)

bhtooefr (649901) | more than 9 years ago | (#11164707)

Actually, THAT inspired an idea here... USB Live Windows 98, but it copies the registry straight from the HDD (rather than using a real Win98 registry - could be a bit dicey, though), and then runs AdAware and Spybot on it...

Re:Work with a windows system? (1)

tchuladdiass (174342) | more than 9 years ago | (#11163664)

If it's mostly just adware ad not viruses, then boot up into single user (i mean "safe") mode (hit F8 on initial bootup, and select "safe mode with network support"), and log in as administrator. This will at least keep the adware startup scripts from running.
Then, run ad-aware and spybot. Finally, take a manual look at the startup fields in the registry -- run regedit and look at the key "HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/ CurrentVersion/Run".
Also, there's a bunch of startup fields that are kicked off by IE. The best way to find them all is to grab CWShredder (which is designed to speciffically handle Cool Web Search, a particulary nasty bit of malware). It has a "report" option, run it and it will display all your starup registary keys, both under the ...windows/currentversion/run and the various IE startup / helper objects / toolbars -- kill anything that looks like it doesn't belong.
Then, open a command window (cmd.exe), cd to /"Program Files", and do a "dir /od" (order directory listing by date). This will group the most recent program installs towards the bottom, to make it a bit easier to identify possible bad ones. Look at the exe files in there, and do a google search using unrecognized program names as keywords (along with the keywords "windows" and "spyware").
Once things are cleaned up, reboot normally, pull up the tasklist and again lookup any program that you don't recognize.
This process has worked for me everytime so far (takes about an hour or so once you get into the swing of it).
Good luck.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>