I can only speak from one experience of creating the disk image on an
infected machine when I say yes you can create the image without running
much risk of further infection. If you install and use the windows files
from the actual install CD then your should be fine. That is to say most
viruses are smart enough to defend the selves from removal, and spread
through the network, but they don't go and embed them selves into the
registry of an iso during creation via the UBCD4WIN installer. I had the
same question the first time I used it and it did not seem to be an issue.
However, if no viruses are currently being detected you may already be clean
and just suffering with the after effects of system corruption, much like
the lifetime of paralyses following a polio infection.
_____
From:
plug-discuss-bounces@lists.plug.phoenix.az.us
[
mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Mark
Phillips
Sent: Monday, March 02, 2009 7:55 AM
To: Main PLUG discussion list
Subject: Re: UBCD4WIN
OK, then I will ask a potentially silly question....;-)
If I make a UBCD4WIN CD on an infected machine, will that CD be infected? Is
there a way to make the CD on a potentially infected machine and not spread
the viruses to the machines to be tested?
I need to make one of these CDs, but I only have 1 Windows machine, and that
one is acting strange....maybe an infection, but ClamAV and other free
antivirus programs report it clean.
Since there is only an .exe file for UBCD4WIN, I assume one has to make the
iso image on a Windows machine - is this correct?
I think I am in a chicken and egg situation.....
Thanks!
Mark
On Mon, Mar 2, 2009 at 1:22 AM, Bryan O'Neal <
boneal@cornerstonehome.com>
wrote:
I should probably go back a reread this thread so I don't ask silly
questions, but...
The application you download for UBCD4WIN is installed locally, you run the
configuration script to tell it what you want on the CD, you feed it your
windows installation packages (it does not come with it due to copywriter
violation) and then it creates an iso for you to burn or a boot image or
what ever you ask it to. But it does not come with a bootable image ready
to go. That said, if you need a windows XP environment that is live, packed
with tools, and is under 700MB it is a good way to go.
_____
From:
plug-discuss-bounces@lists.plug.phoenix.az.us
[
mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of mike
havens
Sent: Sunday, March 01, 2009 8:53 PM
To: Main PLUG discussion list
Subject: Re: UBCD4WIN
Thanks for letting me know about this program. I was s=wondering though: it
seems that this was made to be installed. Is that so?
On Sun, Mar 1, 2009 at 4:51 PM, mike havens <
bmike1@gmail.com> wrote:
yes... I will do this this way. thanks for the thrashing! lol
On Sun, Mar 1, 2009 at 4:31 PM, Lisa Kachold <
lisakachold@obnosis.com>
wrote:
Having this Windows ramdisk on a Flash disk, you MUST have copied it
correctly - it's going to need a partition of it's own (RAMDISKs are like
boot floppies); next you will need a BIOS that allows you to specify a USB
device in boot order. This is a complex process in itself.
I can see you are spoiled by Nix? Under Linux you can download any iso and
loop mount it, then copy it in total to a new drive, edit it and reburn it.
In this way, one can trivially change any distro you provide for an
InstallFest, or as a gift for a new "trainee".
You can brand your own installs, script additional features or process
startups (tunnels), preconfigure example files (hosts, sshd_config [certain
characters in files {alt255 on keypad} will keep any line from running while
it appears in the config file], recompile top/ls/df to do whatever you might
like, or simply run a script to add a rootkit for instance.
I suggest that your repair ramdisk be made following the instructions - just
use a CD.
obnosis.com <
http://www.obnosis.com/> | wiki.obnosis.com
<
http://wiki.obnosis.com/> | (503)754-4452
PLUG <
http://http//plug.phoenix.az.us> HACKFESTS <
http://uat.edu/> 2nd
Saturday Each Month@Noon - 3PM
_____
Date: Sun, 1 Mar 2009 13:46:57 -0500
Subject: Re: UBCD4WIN
From:
bmike1@gmail.com
To:
plug-discuss@lists.plug.phoenix.az.us
is this not possible?
On Sun, Mar 1, 2009 at 1:46 PM, mike havens <
bmike1@gmail.com> wrote:
I was hoping that what i could do is drag-n-drop the drive onto an icon and
not need to burn a cd. That way I could update it at home nd bring the
flash-drive to the job.
On Sun, Mar 1, 2009 at 1:26 AM, Charles Jones
<
charles.jones@ciscolearning.org> wrote:
mike havens wrote:
> I downloaded it and am unpacking it now. I am, however, unclear as to
> where to get updates and how to install them into the program. What I
> am going to do is put it onto a flash drive and just update the virus
> info!
Mike,
Once you boot the disc (it takes a frighteningly long time to boot up
windows from a super-compressed CD), it will ask you first which shell
to launch, the default one is fine. Then it will ask if you want to
bring up the network interfaces. choose yes and just accept the defaults
(assuming DHCP). Then once you are online you can for instance launch
SpyBot Search & Destroy (one of the AV tools), and use the built-in
update function. It will connect to their server and download the
updates (to the RAMDISK) and then restart (spybot S&D restarts). You can
then do a scan with the newest updates.
You can also use the web browser, etc, if you want to download install
your own program (if its small enough to fit in the ramdisk).
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
:-)~MIKE~(-:
--
:-)~MIKE~(-:
_____
Windows LiveT Contacts: Organize your contact list. Check it
<
http://windowslive.com/connect/post/marcusatmicrosoft.spaces.live.com-Blog-
cns%21503D1D86EBB2B53C%212285.entry?ocid=TXT_TAGLM_WL_UGC_Contacts_032009>
out.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
:-)~MIKE~(-:
--
:-)~MIKE~(-:
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss