Jump to content

BartPE and Boot option updates?

manumit
 Share

Recommended Posts

GT500

GT500

Posted
Posted
Any word on porting Malwarebytes to BartPE or making a bootable option of the software. Thats about the only think keeping this software from going big!

The way our heuristics work, MBAM's detection capabilities would be crippled when running in BartPE. The malware needs to be running normally for our heuristics to be the most effective, that means Windows needs to be booted normally.

Link to post
Share on other sites
manumit

manumit

Posted
  • Author
Posted
The way our heuristics work, MBAM's detection capabilities would be crippled when running in BartPE. The malware needs to be running normally for our heuristics to be the most effective, that means Windows needs to be booted normally.

If the spyware is keeping windows from booting to the point where I can't start Malwarebytes, which program do you like and suggest I run in a pre-windows boot setting to free up windows?

Thanks

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

    Avira AntiVir Rescue System
    Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:


  • repair a damaged system,
  • rescue data,

  • scan the system for virus infections.


    Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.
    The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.

Link to post
Share on other sites
Raid

Raid

Posted
Posted
Any word on porting Malwarebytes to BartPE or making a bootable option of the software. Thats about the only think keeping this software from going big!

We have no current plans to port MalwareBytes to BartPE. We will not be supporting this in the near future. MBAM is in fact, crippled when forced to run under those conditions. Other applications and tools are available that will help you under a bart PE environment so that you can usually get the machine back up and going so that MBAM can be loaded and deal with the malware.

Link to post
Share on other sites
rurbaniak

rurbaniak

Posted
Posted
The way our heuristics work, MBAM's detection capabilities would be crippled when running in BartPE. The malware needs to be running normally for our heuristics to be the most effective, that means Windows needs to be booted normally.

How about in a slaved drive situation? I had a non booting system that i ran Mbam against and it removed some spyware, enough to get it to boot, and when I installed it in Windows and ran it again, it found a bunch more. Is this the result of not being on the system? I confused why it doesn't get them all on the slaved scan. Any insight would be great.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

MBAM was not designed to scan remote drives and this has been discussed many times on this site.

Mainly due to environment variables and registry locations that are not LIVE when you're in a slaved or PE enviornment.

From my understanding there currently is no plan to change this behavior.

The average home user probably doesn't know how to build such a disk and would have little use for it in a day to day situation.

Those users that do build them are often Technicians that need them to help them repair a PC for customers.

The old Windows Preinstall Environment (WinPE) CD-ROM was for select corporate and OEM customers and was not available to a home user.

The newer WinPE for Vista (Windows PE 2.0) is the core deployment foundation for Windows Vista.

It is designed to make
large-scale
, customized deployments of the new Windows Vista operating system

notably easier. With the release of Windows Vista, Windows PE 2.0 is available to all Windows
business customers
to assist in
deployments of Windows Vista
as well as downlevel operating systems such as Windows XP

Link to post
Share on other sites
GT500

GT500

Posted
Posted
From my understanding there currently is no plan to change this behavior.

Marcin isn't going to change his mind. The way MBAM works it's more effective running normally on the infected computer, as opposed to other solutions that are better in Safe Mode or BartPE. There's no need to change that. If a system is not bootable, then you can load Spybot Search & Destroy on a BartPE disk and use the Avira Rescue CD to clear out a good deal of the infections, and pave the way for running MBAM.

Loading the registry and working from a BartPE disk is the domain of Safer Networking.

The old Windows Preinstall Environment (WinPE) CD-ROM was for select corporate and OEM customers and was not available to a home user.

The newer WinPE for Vista (Windows PE 2.0) is the core deployment foundation for Windows Vista.

You forgot PE Builder, which was designed for system admins.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted
You forgot [PE Builder, which was designed for system admins.

I did not forget it, it is not a Windows PE disk in the same since that the Microsoft one is. That's why PE Builder should be called by its nickname "BartPE"

There are dozens of tools available, the point is more so to basically point out that in general these requests for WinPE appear to be requests from TECHNICIANS not Home users. We also offer FREE help via this bulletin board for any Home User that needs help to clean their machine. What is so wrong with asking a Technician who makes a living charging others to repair their PC to pay for a Technician License to help pay the development, distribution, and other costs associated with running a business?

Even Avira has a similar request on usage rights

avirafreehomeuser.png

Link to post
Share on other sites
  • 10 months later...
DWi

DWi

Posted
Posted
The way our heuristics work, MBAM's detection capabilities would be crippled when running in BartPE. The malware needs to be running normally for our heuristics to be the most effective, that means Windows needs to be booted normally.

What about if MBAM were on a BartPE CD running in Windows? Ad-aware (older version), which does have a BartPE plug-in, 'recommends' this.

I don't know if there is much, if any, advantage of this, though (I don't have much experience being infected with malware).

Link to post
Share on other sites
GT500

GT500

Posted
Posted
What about if MBAM were on a BartPE CD running in Windows? Ad-aware (older version), which does have a BartPE plug-in, 'recommends' this.

Unless someone wrote a script to copy the drivers to the system32\drivers folder, and properly register them as well as the other files needed by MBAM, then it probably wouldn't work.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.