UBCD4WIN

Bryan O'Neal boneal at cornerstonehome.com
Mon Mar 2 10:12:50 MST 2009


All I can say is that the first time I had to build UBCD4WIN it was over a
weekend on an infected windows machine in my house and it did not have any
problems and the live system did not become contaminated.  Your mileage may
vary depending on your type of infection, however if you use the clean
windows files from your original install cd you should be fine.  That said
it is possible for the virus to install itself into the bootable CD media,
but I have never seen one of these viruses in the wild, nor will the live
UBCD4WIN CD remount the CD it boots from thus eliminating, or greatly
diminishing, that infection vector for the live system.  Though I would
still dispose of the disk once finished and recreate one on a known clean
system; but I am just a computer germafobe that way ;)

  _____  

From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Mark
Phillips
Sent: Monday, March 02, 2009 8:50 AM
To: Main PLUG discussion list
Subject: Re: UBCD4WIN



I agree that a local virus probably can't install itself into a downloaded
iso. But couldn't a virus hitch a ride on a CD that is being made from a
downloaded iso?

Also, as I understand it, one downloads UBCD4WIN and then runs a program
that builds the iso with what you downloaded and some files from the Windows
installation CD. Since I am running a program to build the iso locally,
couldn't the virus attach itself to the iso image the UBCD4WIN program in
building? And then infect other machines when the iso is loaded into memory
and run?

If my chain of thought is faulty, then I should be able to build a UBCD4WIN
iso image on an infected machine with no problems. Do you agree?

Mark



On Mon, Mar 2, 2009 at 8:35 AM, mike havens <bmike1 at gmail.com> wrote:



I think a virus is A PROGRAM IN ITSELF. Is it attached to another? I don't
thinkso. That means if you d/l an iso the virus doesn't attach itself to the
iso.

Maybe. 



On Mon, Mar 2, 2009 at 9:55 AM, Mark Phillips <mark at phillipsmarketing.biz>
wrote:


OK, then I will ask a potentially silly question....;-)

If I make a UBCD4WIN CD on an infected machine, will that CD be infected? Is
there a way to make the CD on a potentially infected machine and not spread
the viruses to the machines to be tested? 


I need to make one of these CDs, but I only have 1 Windows machine, and that
one is acting strange....maybe an infection, but ClamAV and other free
antivirus programs report it clean. 

Since there is only an .exe file for UBCD4WIN, I assume one has to make the
iso image on a Windows machine - is this correct?

I think I am in a chicken and egg situation.....

Thanks!

Mark


On Mon, Mar 2, 2009 at 1:22 AM, Bryan O'Neal <boneal at cornerstonehome.com>
wrote:


I should probably go back a reread this thread so I don't ask silly
questions, but...
The application you download for UBCD4WIN is installed locally, you run the
configuration script to tell it what you want on the CD, you feed it your
windows installation packages (it does not come with it due to copywriter
violation) and then it creates an iso for you to burn or a boot image or
what ever you ask it to.  But it does not come with a bootable image ready
to go.  That said, if you need a windows XP environment that is live, packed
with tools, and is under 700MB it is a good way to go.

  _____  

From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of mike
havens
Sent: Sunday, March 01, 2009 8:53 PM
To: Main PLUG discussion list
Subject: Re: UBCD4WIN


Thanks for letting me know about this program. I was s=wondering though: it
seems that this was made to be installed. Is that so?


On Sun, Mar 1, 2009 at 4:51 PM, mike havens <bmike1 at gmail.com> wrote:


yes... I will do this this way. thanks for the thrashing! lol 


On Sun, Mar 1, 2009 at 4:31 PM, Lisa Kachold <lisakachold at obnosis.com>
wrote:


Having this Windows ramdisk on a Flash disk, you MUST have copied it
correctly - it's going to need a partition of it's own (RAMDISKs are like
boot floppies); next you will need a BIOS that allows you to specify a USB
device in boot order.  This is a complex process in itself. 

I can see you are spoiled by Nix?  Under Linux you can download any iso and
loop mount it, then copy it in total to a new drive, edit it and reburn it.

In this way, one can trivially change any distro you provide for an
InstallFest, or as a gift for a new "trainee".

You can brand your own installs, script additional features or process
startups (tunnels), preconfigure example files (hosts, sshd_config [certain
characters in files {alt255 on keypad} will keep any line from running while
it appears in the config file], recompile top/ls/df to do whatever you might
like, or simply run a script to add a rootkit for instance.

I suggest that your repair ramdisk be made following the instructions - just
use a CD.

obnosis.com <http://www.obnosis.com/>  | wiki.obnosis.com
<http://wiki.obnosis.com/> | (503)754-4452
PLUG <http://http//plug.phoenix.az.us>  HACKFESTS <http://uat.edu/>  2nd
Saturday Each Month at Noon - 3PM


  _____  

Date: Sun, 1 Mar 2009 13:46:57 -0500
Subject: Re: UBCD4WIN
From: bmike1 at gmail.com
To: plug-discuss at lists.plug.phoenix.az.us 


is this not possible?


On Sun, Mar 1, 2009 at 1:46 PM, mike havens <bmike1 at gmail.com> wrote:


I was hoping that what i could do is drag-n-drop the drive onto an icon and
not need to burn a cd. That way I could update it at home nd bring the
flash-drive to the job. 


On Sun, Mar 1, 2009 at 1:26 AM, Charles Jones
<charles.jones at ciscolearning.org> wrote:


mike havens wrote:
> I downloaded it and am unpacking it now. I am, however, unclear as to
> where to get updates and how to install them into the program. What I
> am going to do is put it onto a flash drive and just update the virus
> info!


Mike,

Once you boot the disc (it takes a frighteningly long time to boot up
windows from a super-compressed CD), it will ask you first which shell
to launch, the default one is fine.  Then it will ask if you want to
bring up the network interfaces. choose yes and just accept the defaults
(assuming DHCP).  Then once you are online you can for instance launch
SpyBot Search & Destroy (one of the AV tools), and use the built-in
update function.  It will connect to their server and download the
updates (to the RAMDISK) and then restart (spybot S&D restarts). You can
then do a scan with the newest updates.

You can also use the web browser, etc, if you want to download install
your own program (if its small enough to fit in the ramdisk).
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss





-- 
:-)~MIKE~(-:





-- 
:-)~MIKE~(-:


  _____  

Windows LiveT Contacts: Organize your contact list. Check it
<http://windowslive.com/connect/post/marcusatmicrosoft.spaces.live.com-Blog-
cns%21503D1D86EBB2B53C%212285.entry?ocid=TXT_TAGLM_WL_UGC_Contacts_032009>
out.

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss





-- 
:-)~MIKE~(-:





-- 
:-)~MIKE~(-:


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss




---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss





-- 
:-)~MIKE~(-:


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090302/274ca6dd/attachment.htm 


More information about the PLUG-discuss mailing list