A Trojan Question

[Zazen]

Have you considered building yourself a bootable OS environment for doing all these scans? It'd be faster than running with whatever gunk comes on the machine and you'd be guaranteed that malware isn't running (safe mode isn't always good enough for that, as you've seen). You'd never have to reboot for a scan to do its job either.

[trevelyn]

one of the security deployment guys here made one, it's pretty sweet.  He gave me links on how to make my own as well, I just never got around to it.  Have you made a Win32 based Live disk before? I have only made *nix. 

[Zazen]

No, I've never had the need. In the rare case that there's an infection at work I just eliminate it using my quick method. If the infection did any kind of damage then I just reinstall the machine with my big scripted OS install that does everything in about 20 minutes.

In your case why not use a nix disc? Add in whatever you need to mount ntfs and you're in good shape. It'd be really convenient to script the crap out of it so it does all of those scans and stuff automatically.

[trevelyn]

  WeakNet Linux!  I was going to release my Unix Passwd Cracker "Perlwd" about 2 weeks ago, but now I decided to wait and just release it on my own snazzy version of Linux instead.