Jump to content

SkeeterPE

Members
  • Posts

    11
  • Joined

  • Last visited

Posts posted by SkeeterPE

  1. I know I'm probably beating a dead horse but it works so well that my enterprise level IT dept would buy whatever licensing we needed to be able to fix users' screw-ups without having to install more software. The images already come with so much. I'll knock it off though. Thanks for listening!

    We have no current plans to convert MBAM to run in a PE environment. There's several options which have been discussed several times now to help users in situations where MBAM cannot run due to the infections already present. While we realize some people do want PE support, PE discs aren't often built by home users, We still do not support it in PE environments. It wasn't designed for it, and PE provides no real benefits to you in this case.

    I suppose we should place this question in a FAQ someplace. :)

  2. I have to ask..... Any immediate plans to make a MBAM PE Edition? A portable or lite version that uses a more effective detection practice in this environment? I have alot of experience with infected machines and at some point scanning machines and even installing anti-malware software doesn't always completely install or launch. Some of it is so bad that it prevents installation of the tools out there. (Initials are SASW) Anti-Virus XP 2009 liked to have destroyed a machine only 2 years old. (Thank God for 3 year warrantys) User data was dead with the hard drive though.

    I guarrantee the MBAM popularity would explode with a PE version! Just curious....

    No problemo. By the way, just for future reference (and for situations where scanning offline is necessary) one of the best scanners/removers out there is the Avira Rescue CD: http://dl.antivir.de/down/vdf/rescuecd/rescuecd.exe

    It's a bootable ISO that is updated frequently and lets you scan for and remove infections offline.

  3. Yes. XPE fully operational.

    To the posters that have given us the plugins. I didn't intend to upset the community with my aimless frustrations, but I have not been able to make these plugins work with the configurations that are in the help file instructions. I'll get over it, though. My sincerest apologies to those who have tirelessly worked to continually improve this invaluable community!

    Respectfully,

    SkeeterPE

    @Skeeter...

    Sorry, I have been offline for a bit. Are you running XPE? If not, that may be key.

  4. The instructions for the MalWareBytes' plugin are unclear and so are the SuperAntiSpyware plugins. Runscanner or no runscanner, registry redirects or no redirects. Can't someone post their working plugins with the contents and edits all ready to go. (FOR PEBUILDER!!!) I don't have the time or room in my toolkit for five CD tools tjust to get rid of Malware. I'm an Admin. Not just an enthusiast of what "PE" has to offer. On the contrary, it has remade how an admin takes a bow to management for all the hard work. Please if you have a "Working Plugin", Please post it for everyone to make use of. I have several working plugins that I will e-mail out if anyone wants them.

    All the below are self-authored. If you want them, e-mail this post.

    DIY DataRecovery iRecover - full version.

    dotnet framework for bartpe

    Paragon Hard Disk Manager 8.5 pro

    Outlook PST Password Cracker

    Smart Driver Backup

    The best tool I'm aware of that already has out of the box support for many Virus scanners is Ultimate Boot CD for Windows

    List of tools included with Ultimate Boot CD for Windows

  5. Well to be honest, Spybot has to launch, then run, then close, then launch again and then finally update and run again which takes literally forever to scan a 60 or god forbid anything larger! Haven't been able to make RunScanner work with SuperAntiSpyware and MBAM has worked the best for me personally so..... If I can't make these simple tools work I'm not going to be able to successfully configure the virus toos to work properly. Hell I can't even get SysClean to work!

    I suppose all my efforts for the longest time has been keeping all the drivers for SATA and NICs there for all the newer machines coming out that supporting newer plugins has not been a huge priority yet.

    If anyone has a free working anti-virus plugin.... Zip it, RAR it, 7Zip it, or just plain stuff it in a box and e-mail it or post a link here for me. I have beat my time to death on getting any of these to work right out of the box. I'm done complaining. Really.

    Yeah, that makes sense. Honestly though, if a system isn't bootable then you can't even install MBAM on it in the first place, which is a requirement of the PE plugin. Perhaps if MBAM were made more portable so that it didn't require installation on the host system, then that would work. Otherwise, I'd use tools like Avira's rescue CD, Spybot Search & Destroy or (I know it's blasphemy) SUPERAntiSpyware as they are portable and don't have to be installed on the host system before they are run offline.
  6. @exile

    I don't intend to fully take advantage of MBAM in PE. I am looking for a reliable way to clean up enough to boot failed windows installation and then install and run MBAM as originally designed.

    MBAM v1.32 registry redirect option??

    Most likely that's accurate seeing as MBAM seeks malware specifically based on location and the registry. You can load the registry in a PE environment, but since the PE CD is considered the %systemdrive%, that will be the place MBAM looks for malware and if it is set to full scan, it may not hit on the offline Windows folder, at least not for most of it's detections.
  7. I have created what seems to be a working plug-in for Anti-Malware. Here goes...

    Note the following is based on version 1.31...

    1. Install MalwareBytes Anti-Malware on your PC.

    2. Follow the instructions given in the MalwareBytes Anti-Malware.htm file included in plug-in folder.

    Please note that I needed this and threw it together yesterday after searching for one that had already been created. By all means, give feedback if something does not work right or even if it works as wished. While I am not in a position to support this, I will fix what needs to be fixed. This may be distributed on other sites without the need to ask permission.

    -----------------------------------------------------------------------------------------------------------------------------------------

    @Richard Jordan-

    I can't seem to get it to work and I have screenshots at work but will have to post them here tomorrow or the next day(Holidays at work are painfully slow <Grins>) Gives me a chance to play around with my PE Builder and Plug-ins! Error codes display and script file closes. For now, it doesn't work for me but, I'd grovel at you feet if you could offer suggestions! I don't think PE Builder is over-writing a part of the build process but I could be wrong. I've seen it happen before with much much simpler apps.

    From a wise man.... "...cause being an Admin is hard enough!"

  8. I have created what seems to be a working plug-in for Anti-Malware. Here goes...

    Note the following is based on version 1.31...

    1. Install MalwareBytes Anti-Malware on your PC.

    2. Follow the instructions given in the MalwareBytes Anti-Malware.htm file included in plug-in folder.

    Please note that I needed this and threw it together yesterday after searching for one that had already been created. By all means, give feedback if something does not work right or even if it works as wished. While I am not in a position to support this, I will fix what needs to be fixed. This may be distributed on other sites without the need to ask permission.

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Wow Guys. Awesome. Thanks for everyone's efforts. I reimaged a notebook just this afternoon because of destructive malware. Prevented mbam.exe from running. I tried renaming the executable, but still not able to get going so this is going to be a sweet time for me and my group of guys.

    SkeeterPE Admin in Houston

    xw4300, Windows XP x64, superantispyware, malwarebytes' anti-malware, trendmicro, and spybot S&D

  9. Here is a simple work-around for Malwarebytes and BartPE.

    Boot the CD with Network support.

    Use TotalCommander to share the root of the C:/ drive.

    On another computer with MalwareBytes installed, map the shared folder (drive) from the target computer, then run MalwareBytes from that computer and scan the shared drive.

    While it doesn't do the registry on the drive properly, it does do about everything else.

    Hope this helps.

    :)

    What an excellent idea! I didn't think about that. Truly outside the box thinking! I can't wait to attempt this at the office on monday.

    I'll let you know the results.

    SkeeterPE

  10. Chris,

    A lot of Malwarebytes' Anti-Malware is already programmed in C++ including one of the DLL's and all of the drivers. Without having BartPE on hand, I have no idea how to resolve the issue you are having. In fact, I have never used a pre-installed environment.

    @RubbeR DuckY:

    Admins rely on BartPE for data rescue and other administrative tasks. It brought admins like myself out of the dark ages. Truly. When SpyBot introduced it's spyware scanner it was a god-send because of most Malwares' MO, makes cleaning the "C" drive while in windows, utterly impossible. Re-imaging the PC was the only fix. More and more, malwares disable the launch of anti-malware appllications inside of windows. Enter, BartPE. It IS a pseudo-windows installed temporarily on the RAM sticks(operating completely independent of the hard drive).

    MBAM being programmed in C++ means that whatever platform it runs on must have VB software installed in order to run properly. BartPE is setup to accept what we call "plug-ins" in the PE(Pre-installed Environment) community. Plug-ins are just programs and applications that have been scripted into the BartPE, Windows-like environment so that these things run like they were at one time actually installed complete with registry entries and shortcuts on the desktop.

    The fact that my custom MBAM plugin doesn't work could be a multitude of issues not even related to how it is programmed. MBAM has worked impecably everytime. When you or one of the other posters mentioned that BartPE didn't support VB applications I wanted to mention that it recently had support for VB added. It could be that maybe if I told the scripting app to process MBAM plugin after everything else or process it last it might work because it could be that the plugin is being over written with something else at the end of the process. (happens all the time)

    Any suggestions or questions are welcome.

    SkeeterPE

  11. Still think it will take you a year of coding to get MBAM ported into 100% C++ before it will be possible?

    @Rubber Ducky

    with respect to anyone who can C++....

    I am an admin who has XPE shell running on BartPE. MalwareBytes' Anti-Malware scanner has been a life saver installed on windows. I installed it and ran Plugin Creator to develop a working plugin. Frustratingly enough it doesn't. There's been quite a bit of talk of MBAM not able to run in Pre-installed Environment however; Bartpe does in fact support VB, because I have the VB plugin enabled and it still reports C+ errors. Could this error be evidence of another requirement that BartPE does not have? .Net is also enabled on my rescue CD.

    Any input would be more than I have now. Many, many many thanks in advance!!

    Chris

    Houston,TX.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.