UBCD4WIN
Lisa Kachold
lisakachold at obnosis.com
Sun Mar 1 22:40:00 MST 2009
I think this is meant to be a virus "innoculation" type RAMDISK or unwritable CD?
There are a whole class of virus checking security programs that run completely from a RAMDISK in order to mount and analyze virus and trojan behavior outside of Windows.
Historically virus's have developed a whole subset of behaviors including:
1) self replication = when attempts to remove them are made, they replicate to BIOS or a USB key for instance, so running from RAM which is reset upon boot was developed.
2) self defense = i.e. when removed from active running systems they copy themselves to another file name
3) camoflauge = they use various Windows features to hide from general checks
4) controls that preclude removal written into RPC don't allow you to remove them.
Of course there are quite a few other things they do, but this will explain why running your virus cleaner rom a CD where the virus cannot further infect by writing and can run through special controls.
obnosis.com | wiki.obnosis.com| (503)754-4452
PLUG HACKFESTS 2nd Saturday Each Month at Noon - 3PM
Date: Sun, 1 Mar 2009 22:53:11 -0500
Subject: Re: UBCD4WIN
From: bmike1 at gmail.com
To: plug-discuss at lists.plug.phoenix.az.us
Thanks for letting me know about this program. I was s=wondering though: it seems that this was made to be installed. Is that so?
On Sun, Mar 1, 2009 at 4:51 PM, mike havens <bmike1 at gmail.com> wrote:
yes... I will do this this way. thanks for the thrashing! lol
On Sun, Mar 1, 2009 at 4:31 PM, Lisa Kachold <lisakachold at obnosis.com> wrote:
Having this Windows ramdisk on a Flash disk, you MUST have copied it correctly - it's going to need a partition of it's own (RAMDISKs are like boot floppies); next you will need a BIOS that allows you to specify a USB device in boot order. This is a complex process in itself.
I can see you are spoiled by Nix? Under Linux you can download any iso and loop mount it, then copy it in total to a new drive, edit it and reburn it.
In this way, one can trivially change any distro you provide for an InstallFest, or as a gift for a new "trainee".
You can brand your own installs, script additional features or process startups (tunnels), preconfigure example files (hosts, sshd_config [certain characters in files {alt255 on keypad} will keep any line from running while it appears in the config file], recompile top/ls/df to do whatever you might like, or simply run a script to add a rootkit for instance.
I suggest that your repair ramdisk be made following the instructions - just use a CD.
obnosis.com | wiki.obnosis.com| (503)754-4452
PLUG HACKFESTS 2nd Saturday Each Month at Noon - 3PM
Date: Sun, 1 Mar 2009 13:46:57 -0500
Subject: Re: UBCD4WIN
From: bmike1 at gmail.com
To: plug-discuss at lists.plug.phoenix.az.us
is this not possible?
On Sun, Mar 1, 2009 at 1:46 PM, mike havens <bmike1 at gmail.com> wrote:
I was hoping that what i could do is drag-n-drop the drive onto an icon and not need to burn a cd. That way I could update it at home nd bring the flash-drive to the job.
On Sun, Mar 1, 2009 at 1:26 AM, Charles Jones <charles.jones at ciscolearning.org> wrote:
mike havens wrote:
> I downloaded it and am unpacking it now. I am, however, unclear as to
> where to get updates and how to install them into the program. What I
> am going to do is put it onto a flash drive and just update the virus
> info!
Mike,
Once you boot the disc (it takes a frighteningly long time to boot up
windows from a super-compressed CD), it will ask you first which shell
to launch, the default one is fine. Then it will ask if you want to
bring up the network interfaces. choose yes and just accept the defaults
(assuming DHCP). Then once you are online you can for instance launch
SpyBot Search & Destroy (one of the AV tools), and use the built-in
update function. It will connect to their server and download the
updates (to the RAMDISK) and then restart (spybot S&D restarts). You can
then do a scan with the newest updates.
You can also use the web browser, etc, if you want to download install
your own program (if its small enough to fit in the ramdisk).
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
:-)~MIKE~(-:
--
:-)~MIKE~(-:
Windows Live™ Contacts: Organize your contact list. Check it out.
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
:-)~MIKE~(-:
--
:-)~MIKE~(-:
_________________________________________________________________
Windows Live™ Contacts: Organize your contact list.
http://windowslive.com/connect/post/marcusatmicrosoft.spaces.live.com-Blog-cns!503D1D86EBB2B53C!2285.entry?ocid=TXT_TAGLM_WL_UGC_Contacts_032009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090302/df4d1c90/attachment.htm
More information about the PLUG-discuss
mailing list