All I can say is that the first time I had to build UBCD4WIN it was over a weekend on an infected windows machine in my house and it did not have any problems and the live system did not become contaminated.  Your mileage may vary depending on your type of infection, however if you use the clean windows files from your original install cd you should be fine.  That said it is possible for the virus to install itself into the bootable CD media, but I have never seen one of these viruses in the wild, nor will the live UBCD4WIN CD remount the CD it boots from thus eliminating, or greatly diminishing, that infection vector for the live system.  Though I would still dispose of the disk once finished and recreate one on a known clean system; but I am just a computer germafobe that way ;)

From: plug-discuss-bounces@lists.plug.phoenix.az.us [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Mark Phillips
Sent: Monday, March 02, 2009 8:50 AM
To: Main PLUG discussion list
Subject: Re: UBCD4WIN

I agree that a local virus probably can't install itself into a downloaded iso. But couldn't a virus hitch a ride on a CD that is being made from a downloaded iso?

Also, as I understand it, one downloads UBCD4WIN and then runs a program that builds the iso with what you downloaded and some files from the Windows installation CD. Since I am running a program to build the iso locally, couldn't the virus attach itself to the iso image the UBCD4WIN program in building? And then infect other machines when the iso is loaded into memory and run?

If my chain of thought is faulty, then I should be able to build a UBCD4WIN iso image on an infected machine with no problems. Do you agree?

Mark


On Mon, Mar 2, 2009 at 8:35 AM, mike havens <bmike1@gmail.com> wrote:

I think a virus is A PROGRAM IN ITSELF. Is it attached to another? I don't thinkso. That means if you d/l an iso the virus doesn't attach itself to the iso.

Maybe.



On Mon, Mar 2, 2009 at 9:55 AM, Mark Phillips <mark@phillipsmarketing.biz> wrote:

OK, then I will ask a potentially silly question....;-)

If I make a UBCD4WIN CD on an infected machine, will that CD be infected? Is there a way to make the CD on a potentially infected machine and not spread the viruses to the machines to be tested? 

I need to make one of these CDs, but I only have 1 Windows machine, and that one is acting strange....maybe an infection, but ClamAV and other free antivirus programs report it clean.

Since there is only an .exe file for UBCD4WIN, I assume one has to make the iso image on a Windows machine - is this correct?

I think I am in a chicken and egg situation.....

Thanks!

Mark


On Mon, Mar 2, 2009 at 1:22 AM, Bryan O'Neal <boneal@cornerstonehome.com> wrote:
I should probably go back a reread this thread so I don't ask silly questions, but...
The application you download for UBCD4WIN is installed locally, you run the configuration script to tell it what you want on the CD, you feed it your windows installation packages (it does not come with it due to copywriter violation) and then it creates an iso for you to burn or a boot image or what ever you ask it to.  But it does not come with a bootable image ready to go.  That said, if you need a windows XP environment that is live, packed with tools, and is under 700MB it is a good way to go.

From: plug-discuss-bounces@lists.plug.phoenix.az.us [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of mike havens
Sent: Sunday, March 01, 2009 8:53 PM
To: Main PLUG discussion list
Subject: Re: UBCD4WIN

Thanks for letting me know about this program. I was s=wondering though: it seems that this was made to be installed. Is that so?

On Sun, Mar 1, 2009 at 4:51 PM, mike havens <bmike1@gmail.com> wrote:
yes... I will do this this way. thanks for the thrashing! lol


On Sun, Mar 1, 2009 at 4:31 PM, Lisa Kachold <lisakachold@obnosis.com> wrote:
Having this Windows ramdisk on a Flash disk, you MUST have copied it correctly - it's going to need a partition of it's own (RAMDISKs are like boot floppies); next you will need a BIOS that allows you to specify a USB device in boot order.  This is a complex process in itself.

I can see you are spoiled by Nix?  Under Linux you can download any iso and loop mount it, then copy it in total to a new drive, edit it and reburn it.

In this way, one can trivially change any distro you provide for an InstallFest, or as a gift for a new "trainee".

You can brand your own installs, script additional features or process startups (tunnels), preconfigure example files (hosts, sshd_config [certain characters in files {alt255 on keypad} will keep any line from running while it appears in the config file], recompile top/ls/df to do whatever you might like, or simply run a script to add a rootkit for instance.

I suggest that your repair ramdisk be made following the instructions - just use a CD.

obnosis.com | wiki.obnosis.com| (503)754-4452
PLUG HACKFESTS 2nd Saturday Each Month@Noon - 3PM

Date: Sun, 1 Mar 2009 13:46:57 -0500
Subject: Re: UBCD4WIN
From: bmike1@gmail.com
To: plug-discuss@lists.plug.phoenix.az.us


is this not possible?

On Sun, Mar 1, 2009 at 1:46 PM, mike havens <bmike1@gmail.com> wrote:
I was hoping that what i could do is drag-n-drop the drive onto an icon and  not need to burn a cd. That way I could update it at home nd bring the flash-drive to the job.


On Sun, Mar 1, 2009 at 1:26 AM, Charles Jones <charles.jones@ciscolearning.org> wrote:
mike havens wrote:
> I downloaded it and am unpacking it now. I am, however, unclear as to
> where to get updates and how to install them into the program. What I
> am going to do is put it onto a flash drive and just update the virus
> info!

Mike,

Once you boot the disc (it takes a frighteningly long time to boot up
windows from a super-compressed CD), it will ask you first which shell
to launch, the default one is fine.  Then it will ask if you want to
bring up the network interfaces. choose yes and just accept the defaults
(assuming DHCP).  Then once you are online you can for instance launch
SpyBot Search & Destroy (one of the AV tools), and use the built-in
update function.  It will connect to their server and download the
updates (to the RAMDISK) and then restart (spybot S&D restarts). You can
then do a scan with the newest updates.

You can also use the web browser, etc, if you want to download install
your own program (if its small enough to fit in the ramdisk).
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



--
:-)~MIKE~(-:



--
:-)~MIKE~(-:

Windows Live™ Contacts: Organize your contact list. Check it out.

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



--
:-)~MIKE~(-:



--
:-)~MIKE~(-:

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



--
:-)~MIKE~(-:

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss