Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Boot-disk to clean/scan a Windows computer

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Other OS
View previous topic :: View next topic  
Author Message
mrtux



Joined: Sun Aug 19, 2012 4:52 am
Posts: 1

PostPosted: Fri Jan 03, 2014 10:32 pm    Post subject: Boot-disk to clean/scan a Windows computer Reply with quote

I've been asked by a friend of my partner's to have a look at her computer (Windows), and make sure it's as clean as Windows can be.
The friend has a feeling that her ex has put a key-logger or something similar on to her computer, as the ex has regularly gained access to and taken control of various online accounts she has. Additionally, he seems to be able to get FAR too much information about what she's doing, where she's going and who she is talking to.

I feel that there's also a moderate amount of user-education to be done, regarding good passwords and the like.

I personally would like to just blow Windows away and give her a Linux install, but I haven't got the time to hand-hold through the learning of Linux.

Instead, I would like some suggestions for good boot-disks which will allow me to scan the Windows install and remove anything which shouldn't be there.
I already have Hiren's BootCD on a USB and am quite happy with the tools that I've used on it so far. However, I have mostly used it for hardware testing and Windows password resets, not for scanning for key-loggers and root-kits.
My current USB thumbdrive is bootable, and I can drop ISO files straight on to it, hack up a boot-menu config file and boot in to the ISO file as if it were a real CD, so CD-only bootdisks are fine for suggestions as well.
Back to top
View user's profile Send private message
towy71
Moderator


Joined: Wed Apr 06, 2005 3:11 pm
Posts: 4258
Location: wild West Wales

PostPosted: Fri Jan 03, 2014 10:41 pm    Post subject: Reply with quote

System Rescue has featured several times on this forum for doing such things
_________________
still looking for that door into summer
Back to top
View user's profile Send private message
Dutch_Master
LXF regular


Joined: Tue Mar 27, 2007 2:49 am
Posts: 2431

PostPosted: Sat Jan 04, 2014 1:04 am    Post subject: Reply with quote

+1 for SystemRescueCD Smile
Back to top
View user's profile Send private message
dhester



Joined: Thu Feb 19, 2009 6:19 pm
Posts: 72

PostPosted: Sat Jan 04, 2014 1:35 am    Post subject: Reply with quote

For key logger try Absolute Key logger tool

http://download.cnet.com/Absolute-Key-Logger-Removal-Tool/3000-8022_4-75447038.html

For root kit removal try

http://www.mcafee.com/uk/downloads/free-tools/rootkitremover.aspx

these can be added to a Hiren boot disk or added to a usb stick.
Back to top
View user's profile Send private message
guy
LXF regular


Joined: Thu Apr 07, 2005 1:07 pm
Posts: 1070
Location: Worcestershire

PostPosted: Sat Jan 04, 2014 12:43 pm    Post subject: Reply with quote

Much of the online stalking may be due to simple knowledge of user account details. The ex may well have been covertly collecting the victim's login details for some time before the actual breakup.

Your friend should change their passwords on all their online accounts, especially social networking.

Besides fixing the PC's OS, it is also worth checking through all the user accounts, deleting/deactivationg any surprises and changing passwords on all the rest, but I would hope that has already been done.

Does your friend have a smartphone or other mobile device? These things can often also be tracked, for example if GPS (or other) geolocation is active and not made private, or of course if a covert tracking app is installed - and there are a good few of those about.

I'd just add, the "I'm sure my ex wouldn't have / couldn't have done that" is a sure sign that the ex has been misdirecting the victim, but is all too often taken the other way because that's what the victim wants to believe. In my experience, conquering that wanting to believe is more than half the battle.

And finally, the victim needs to methodically collect any and all evidence of stalking and/or harrassment, both online and offline. Keep that dossier in a safe place such as a USB stick and back it up, say create a new Cloud storage account for the purpose. If the ex ever gets out of order, that dossier can and must be handed to the police and legal action started to keep the ex at bay. It all sounds a bit draconian, but believe me, ex-es can sometimes turn very, very nasty and if your victim doesn't protect themself now they risk a truly evil few years ahead.
_________________
Cheers,
Guy
The eternal help vampire
Back to top
View user's profile Send private message
johnhudson
LXF regular


Joined: Wed Aug 03, 2005 2:37 pm
Posts: 870

PostPosted: Sat Jan 04, 2014 9:57 pm    Post subject: Reply with quote

Download the very latest version of System Rescue and make sure you have a USB key. Use
Code:
fsarchiver probe -v
to identify the USB key as well as the Windows partitions and when you get to step 5 with ClavAV, add
Code:
>path/to/USB key
so that you have a record of the scan.

Open the scan in a texteditor and search for FOUND. Note the files and delete them. I actually found this easier to do with Partition Magic. So download that as well.
Back to top
View user's profile Send private message
purplepenguin
LXF regular


Joined: Wed Oct 05, 2011 3:19 pm
Posts: 121
Location: Blissfully at the Command Line

PostPosted: Sun Jan 05, 2014 11:05 am    Post subject: Reply with quote

My brother-in-law had a similar problem too.

He recently spit with his boyfriend. He got home from work one night and was sat quietly in his flat. When he heard a computer fan spin up. He went looking for the source and found his ex's old laptop hidden away under the sofa. When he opened it to see what it was doing. (now here comes the scary part) It was streaming video footage of his bedroom. Turns out the camera had been hidden in a shoe box on top of his wardrobe.

Anyway back to your question.

If the couple have split. I assume the ex doesn't have physical access to the laptop any more. Which raises the question of how is he getting the data?

Try running the command
Code:
netstat
on win or linux to see the active tcp/udp connections if the key logger is communicating you should see something suspect in the output.

As Guy points out it is important to collect evidence for a successful prosecution. I'd also suggest taking a clone of the HDD to work on so you don't destroy any evidence on the original HDD. The police may require it for data forensics if you friend does seek a prosecution.

PP
_________________
Debian Testing 64bit KDE i5 CPU 8GB RAM

Firefox 29 wont let me move the Reload and Back buttons. It's my computer Mozilla not yours.
Back to top
View user's profile Send private message
pastychomper



Joined: Wed Apr 07, 2010 11:54 am
Posts: 52

PostPosted: Tue Jan 07, 2014 11:08 am    Post subject: Reply with quote

Even after a good malware search, I'd still be strongly inclined to nuke and pave the OS - even if that meant wading through a Windows install & update-reboot-update cycle. It's the only way to be sure. The same goes for any other programmable, network-attached device.

After reading purplepenguin's story ( Shocked ), I'd also consider sweeping the house with a current sensor.
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Other OS All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast