This topic contains 8 replies, has 5 voices, and was last updated by 
-
Posts
-
I have a USB device I want to use purely for malware removal from infected systems. However, obviously I am worried about infections jumping from one computer to another, or to my machine when I need to update them. I did a google search, but I was unable to find a free program that meets my needs. The ones I did see supposedly locked the device on the computer the app was installed on, but not on all PC’s
help? -
It’s not foolproof, but in the past I’ve encrypted all the free space on the drive in a truecrypt volume and left the removal tools in the unencrypted area so malware has nowhere to write to unless it overwrites existing files. Also, if you are doing your malware removal from a bootable USB where the malware isnt executing it’s probably a non-issue.
-
I agree, TrueCrypt is going to be your best bet in a free solution.
-
like that idea, its pretty unique. I haven’t used TC in a while I mainly use BL. Thanks for the info. π
-
Here’s another great solution i had not thought of
http://isc.sans.edu/diary/Read+only+USB+stick+trick/10588
Use the write protect switch on SD cards (+usb sd reader) π
-
Use two thumb drives. Use one as the clean/original copy and the other as the one that is actively used. Boot from a live CD and dd from clean to used after each use.
Don’t mix them up.
Alternatively, save the image somewhere else if you want to get by with a single thumb drive.
-
I like the SD idea. I have a portable media reader, so even if the PC doesnt have a reader, im GTG. I have a 1GB card that should do the trick.
-
@dynamik wrote:
Use two thumb drives. Use one as the clean/original copy and the other as the one that is actively used. Boot from a live CD and dd from clean to used after each use.
Don’t mix them up.
Alternatively, save the image somewhere else if you want to get by with a single thumb drive.
I like the live-cd + saved image idea, but I wonder how that works after learning how hard it is to wipe a USB.
-
@chrisj wrote:
I like the live-cd + saved image idea, but I wonder how that works after learning how hard it is to wipe a USB.
You’re not wiping it to prevent forensic recovery though; you’re just restoring the previous file system to prevent the auto-execution of something like switchblade or some other malware that may get on the drive during use on an untrusted system.
You must be logged in to reply to this topic.
