I'm quite sure that this subject has been hashed out in my absence, but it deserves another heads-up.

I spent more hours than I wanted to recently clearing a nasty Trojan from my niece's laptop. It was the "My Web Search" toolbar and the "Personal Anti-virus" that comes with it. Her IE browser had SIX TOOL BARS and very little viewing screen left. These install themselves when people don't uncheck those little boxes that offer up add-ons to downloaded programs and games. Even legitimate boxed programs often have these items as extra offerings that must be refused manually. Examine every screen during any installation for crapware add-ons. This particular nasty rode in with a game bundle that was downloaded for her kids, although I question letting little ones play on a new laptop.

I wouldn't mention this to the experienced group here except that it is so invasive and so difficult to remove. It is a "false positive" virus detector that reports numerous infections and demands expensive registration to fix them. It also has the ability to block removal by normal anti-virus programs and even block the downloading of additional tools from anti-virus web sites. Every security website that I tried was redirected to "about.blank" in the browser and it stopped McAfee and Trend Micro in their tracks. Since the toolbar is added to the browser, even working in safe mode didn't help.

The working fix seems to be loading a virus detector on a disk or thumb drive with a Linux application that can run from the disk. Even those who aren't Linux fans should have one of these handy for just such a task.

I remeber when I had first joined I had my web search virus or what eve ryou call it, they are a true pain in the boo-tay!

I use DSL (damnsmall Linux) which is a complete OS that runs from removable media (CD, DVD, thumbdrive, etc). It can be downloaded free with no restrictions for use or distribution. The download is 50 mgb ISO that self extracts into 128 mgb of system RAM. Some included features are:
XMMS (MP3, CD Music, and MPEG), FTP client, Dillo web browser, Netrik web browser, FireFox, spreadsheet, Sylpheed email, spellcheck (US English), a word-processor (Ted), three editors (Beaver, Vim, and Nano [Pico clone]), graphics editing and viewing (Xpaint, and xzgv), Xpdf (PDF Viewer), emelFM (file manager), Naim (AIM, ICQ, IRC), VNCviwer, Rdesktop, SSH/SCP server and client, DHCP client, PPP, PPPoE (ADSL), a web server, calculator, generic and GhostScript printer support, NFS, Fluxbox and JWM window managers, games, system monitoring apps, a host of command line tools, USB support, and pcmcia support, some wireless support. I think the calculator in Windows probably takes more space than this entire OS.

Before thumb drives became dense enough to hold the OS and a virus detector, I used a mini CD that I carried in my wallet. Booting from this CD gave me complete access to any 32 bit FAT Windows system and many other OS's. Since Windows never boots, passwords and security are non existent and the files are open game. This is why physical security is as important as software security. Unless one has a need to boot from CD, DVD, or USB on a regular basis it is wise to disable boot from removable media in the system bios. It doesn't stop a pro, (or the average 12 yr old) but it adds a couple of steps that might make them think twice. Linux doesn't see NT files without an add on, but that is now easily incorporated on many thumb drives.

Even if the virus detector won't clean the system while in Linux, most will list the infected files so that you can delete or modify them as required. This is quite tedious and can be dangerous to the system, so it should be used as a last resort after Windows safe mode fails. It is also strongly suggested that one rename files with a standard convention that can be searched, such as ".old" instead of deleting them.

Thanks, Keith. I take it that the virus detector has to be on the removable media as well? Which one(s) did you use that will run on Linux?

Keith,

You said Linux doesn't see NT files without an add on. So in order for the virus detector to work would I need the add on? How do I get the add on.

I don't have a thumb drive and was looking at some online. The ones I looked at didn't list Linus as a supported OS, so do I have to get a certain type thumb drive?

Fay

Re-reading my own post, I realize that I probably should start over. I must have been having an oldtimer's moment.

The Linux OS can be downloaded from here:

http://www.pendrivelinux.com/all-in-one-usb-dsl/

The site has full instructions for installing the OS on your media (min 64mgb). Any media that is, or can be, formatted to FAT32 will work. Many new drives ship with utilities installed for Windows. The utilities can be left if there is sufficient space. Otherwise, simply format the drive to a blank FAT32 state.

The virus scan must be done while booted in Windows. Placing the scanner on the drive with DSL is just convenient, but not necessary. Once the infected files and the problematic registry keys are identified a print out should be made. The system is then rebooted into the Linux OS where one can manipulate or delete the files listed by the scanner. THIS OFTEN REQUIRES EDITING THE WINDOWS REGISTRY KEYS. Stop here if you are not comfortable navigating and making changes to critical system files.

The scanner, Malwarebytes anti malware, is available here, with full instructions for "automated" recovery.

http://www.bleepingcomputer.com/virus-removal/remove-personal-antivirus

I found that more recent versions of the virus have mutated and now are seen by Windows as critical "system" files that are protected from deletion or change. This makes automated recovery impossible while Windows is running and the application will stop or hang. This is why one should have the Linux OS available. If the automated recovery works for you then use it by all means, and count yourself among the blessed. If not, print or manually copy the list of infected files detected by the application and reboot into the Linux OS.

If you are going to be working with NTFS formatted volumes you should include this utility on the removable media as well.

http://www.jankratochvil.net/project/captive/

The problem Linux has with NTFS is not in reading the files, but rather in "mounting" the volume that contains the files. Linux sees all devices and folders as "files", quite similar to early DOS versions. This utility simply mounts the NT volume into Linux OS's for use. There is a bit of command line work involved, but most here probably have the required experience from our old days of DOS and Basic. The commands are available for "copy / paste" at the download site also.

Each of the infected files should be renamed or deleted. I always rename the file extension to ".old" and run the system for a few days before deleting them. This assures that the file is available should it be required for the OS or an application. If this is the case, one can Google the file using the original extension and copy / paste it into the parent folder from the net. Never restore the original file back to it's folder using the original extension as it will likely reinfect your system.

Registry entries and keys should be changed to render them harmless. I do this by placing an "O" before the HKEY entry name. This stops Windows from recognizing the entry without deleting it. Use the same caution mentioned above and run the system a few days to check for adverse results before deleting the keys.

Thanks for that explanation, Keith.

Ok so from the elementary row...
1. the disk we are talking about are the kind you can burn for cds or a special kind?

2. Does this work with Vista? Since nothing seems to work easily with Vista

I have a friend who is now using Linux on his computer so am learning some from him, but it makes my head spin yet.

Keith,

You said

Quote:

Any media that is, or can be, formatted to FAT32 will work.

How would I know if a thumb drive could be fomratted to FAT32?

Fay

HI Ketih,

I don't have thumb drive. I was thinking about getting one of the smaller ones just to try out the DS Linux. It is just that when I was looking at some thumb drives on the Intenet, where it listed the OS's, Linus was not mentioned. Now I am thinking that maybe that was becuase they were formatted in NTF - so maybe reformatting it in FAT32 - would make it so that LINUX would run on it. Does that sound correct?

But then I am a little confused. You said

Quote:

FAT32 probably isn't important

So then, are you saying the drive does not have to be formatted in FAT32? - So why would the jump drives I looked at not list Linux as a supported OS?.

Sorry but I am confused.

Fay

Feel free to move this discussion to wherever it belongs.

I got a 2GB flash drive, went to:
http://www.pendrivelinux.com/all-in-one-usb-dsl/
;and tried following the instructions there.

Thought things were going ok. But when I tried the reboot, I got a message:
could not find kernel image: linux

What did I do wrong?

Fay