FANTASTIC AV Tool!

Thrax

A computer at work here was infected with the Backdoor.Rustock.B rootkit virus (Nasty little thing to get rid of), and in my epic journey across the plains of Google to Mount Disinfectus, I came across a tool called "MULTIAV."

In regular windows, you fire it up via StartMenu.bat, and it gives you a menu which includes Trend Micro, Sophos, McAfee and Kaspersky; running the number for each one will log into the AV def servers of each AV vendor, download the latest defs and their command line scanner. Rebooting into safe mode, you can run each one, and they're no less thorough than the full software packages each company offers for up to $50 a piece.

You can find it HERE

Pterocarpous

Thrax wrote:

A computer at work here was infected with the Backdoor.Rustock.B rootkit virus (Nasty little thing to get rid of), and in my epic journey across the plains of Google to Mount Disinfectus, I came across a tool called "MULTIAV."

In regular windows, you fire it up via StartMenu.bat, and it gives you a menu which includes Trend Micro, Sophos, McAfee and Kaspersky; running the number for each one will log into the AV def servers of each AV vendor, download the latest defs and their command line scanner. Rebooting into safe mode, you can run each one, and they're no less thorough than the full software packages each company offers for up to $50 a piece.

You can find it HERE

Great find, Thrax! Thanx for sharing it w/ us.

profdlp

Right into the ol' toolbox.

Thanks, Thrax.

Trogan

Thrax, here's a Tool that removes Rustock.b.

Download RustBFix from one of the following locations...

http://www.uploads.ejvindh.net/rustbfix.exe

http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe

...and save it to your desktop.

Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt).

Thrax

I already fixed the rustock infection hours and hours ago. I just tossed this AV tool up as convenient find in that process.

Trogan

I know you did. I posted the Tool in case you may need it another time.

Sorry for hijacking your thread.

rapture

Liking the idea of this. The main reason I don't use AV is to avoid the invasive (has to be by nature I know...) and resource hogging apps

Could be one for the work machine at least.

rapture

Can't believe I have to double post this thread should be busier. This is a great little tool, just did my first virus scan in about 2 years.

0 infected files of course but it’s nice to be 99.9% certain.

Thanks for sharing!

Thrax

I was certainly expecting this thread to be a whole lot more active, that's for sure. This tool is fantastic, and though I've not run AV software in six years, my stuff came up clean as I expected.

Pterocarpous

Thrax wrote:

I was certainly expecting this thread to be a whole lot more active, that's for sure. This tool is fantastic, and though I've not run AV software in six years, my stuff came up clean as I expected.

I tried it out, Thrax and was very impressed. It's on my USB pen drive now and backed up to my software & apps storage. Definetly a part of my toolbox as well now. Thankyou again for sharing it with us. I'm sure many others will come along overtime and discover it, too.

mtrox

Nice find Thrax...though I haven't tried it yet. I also have yet to run into this rustock thing but I guess its all over the 'net. Probably see it next time I do a house call with your typical kids computer full of crud.

Also forwarded your Repair in 8 Steps thing to a buddy.

Pterocarpous wrote:

It's on my USB pen drive now and backed up to my software & apps storage.

Fruitwing you're like me, if it elevates itself to my 2 Gig USB drive that means I think its truly worthwhile. Then the same stuff is on a CD I carry around just in case..... Oh and the CD has autopatcher.

Pterocarpous

mtrox wrote:

...Fruitwing you're like me, if it elevates itself to my 2 Gig USB drive that means I think its truly worthwhile. Then the same stuff is on a CD I carry around just in case.....

You know, you make a good point, mtrox. I used to have everything on CDs as well. They're a pain to keep updated, though. When I started using my 2GB pen drive, I was, in the beginning, good about still keeping my CDs updated as well as the pen drive. Over time, however, I've gotten lazy and have just kept my pen drive updated and haven't kept the CDs updated. Now I'm thinkin' I should break down and update my CDs.....

mtrox wrote:

...Oh and the CD has autopatcher...

Autopatcher??? Ok, what's autopatcher? Is this something I should add to my toolkit as well??

Pterocarpous

Trogan wrote:

Thrax, here's a Tool that removes Rustock.b.
Download RustBFix from one of the following locations...
http://www.uploads.ejvindh.net/rustbfix.exe
http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe
...and save it to your desktop.
Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt).

Thanx Trogan! Instructions and fix are in the ol' toolbox now along with Thrax's MultiAV find.

mtrox

Pterocarpous wrote:

Autopatcher??? Ok, what's autopatcher? Is this something I should add to my toolkit as well??

I use it when I rebuild. It's all the Win updates since SP2 on one disk. You download the 270 Meg file, do a checksum on it, then burn it to a CD. It saves all the downloading time for all the updates on a new machine or rebuild.

Check it out here: http://www.autopatcher.com/

Pterocarpous

mtrox wrote:

I use it when I rebuild. It's all the Win updates since SP2 on one disk. You download the 270 Meg file, do a checksum on it, then burn it to a CD. It saves all the downloading time for all the updates on a new machine or rebuild.
Check it out here: http://www.autopatcher.com/

Thankyou, mtrox. You'd think I would've known about that. A disadvantage of being a one person show is you miss out on a lot of stuff you might otherwise pick up on if working in a coorporate, etc environment. I hope to address that deficit here - in fact I already am thanks to folks like you and a number of others here on SM.

I'm going to download autopatcher in just a tic here.

BTW, what utility do you prefer for running checksums?

Thanx again.

mtrox

Pterocarpous wrote:

BTW, what utility do you prefer for running checksums?

I use Fastsum.....not for any particular reason other than that I've always used it. I'm sure you can Google and find it.

Pterocarpous

mtrox wrote:

I use Fastsum.....not for any particular reason other than that I've always used it. I'm sure you can Google and find it.

I will do that.

Thanx again.