Re: [推薦] Linux based Rescue Disk

看板AntiVirus (防毒)作者cnoize (泥巴星球Server)時間17年前 (2009/02/05 23:34)推噓1(1推 0噓 0→)

留言1則, 1人參與討論串2/2 (看更多)

推薦 PLoP Linux; LiveCD, USB boot, PXE network boot, antivirus, rescue http://www.plop.at/en/ploplinux.html 可以不用燒錄 CD, 節省資源。我之前是用 linux knoppix cdrom 開機: 輸入 linux 2 (文字模式開機較快) # cd /ramdisk # fdisk -l Disk /dev/sda: 164.6 GB, 164696555520 bytes 255 heads, 63 sectors/track, 20023 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sda1 1 244 1959898+ 83 Linux /dev/sda2 245 6324 48837600 83 Linux /dev/sda3 6325 12404 48837600 83 Linux /dev/sda4 12405 20023 61199617+ 83 Linux System 是 HPFS/NTFS 或 FAT 的就是 windows. 我的 IBM notebook 是 /dev/hda1 而且 c:\i386 是 XP files. 所以 # cd /ramdisk # mkdir /c # mount /dev/hda1 /c # wget http://dl.antivir.de/down/vdf/rescuecd/rescuecd.iso # mkdir /ramdisk/r # mount rescuecd.iso /ramdisk/r -o loop,ro # cd /ramdisk/r/antivir # ./antivir >& /ramdisk/virlog01.txt 或 #./antivir -s /c/WINDOWS >& /ramdisk/virlogwindows.log # mkdir /c/virinfo # mv /ramdisk/virlog01.txt /c/virinfo # cd /c/WINDOWS/system32/drivers # ls -la > /c/virinfo/dirdriversinlinux.txt # mkdir /c/vir <% 假設中了 9aaa.com IE 首頁病毒 http://baike.360.cn/4024037/18915635.html?page=2 %> # mv /c/WINDOWS/system32/drivers/sarqlyku.sys /c/vir/ <% 看小紅傘 scan log %> # less -r /c/virinfo/virlog01.txt # mv /c/WINDOWS/system32/xxxx /c/vir/ <% linux 的 windows password/registry 工具 http://home.eunet.no/pnordahl/ntpasswd/chntpw-source-080526.zip http://home.eunet.no/pnordahl/ntpasswd/ 備分 registry mkdir /c/bak cp -Ra /c/WINDOWS/system32/config /c/bak/ %> <% mscompress cabextract http://www.cabextract.org.uk/ XP cdrom 上有 I386 目錄. %> # cd /ramdisk/ # cp /c/I386/SVCHOST.EX_ /ramdisk # cabextract SVCHOST.EX_ extracting svchost.exe # md5sum svchost.exe ccfc400f3305a61cbd8ad2a6f5671e4b svchost.exe # md5sum /c/WINDOWS/system32/svchost.exe ccfc400f3305a61cbd8ad2a6f5671e4b /c/WINDOWS/system32/svchost.exe <% http://www.csie.ntu.edu.tw/~piaip/tools/unxutils/md5sum.exe 另一台 windows XP SP2. C:\WINDOWS\system32>md5sum svchost.exe 723ba2efe4a16774e98f53d7ac6c71fd *svchost.exe %> <% http://file.ikaka.com/ %> google 找到的介紹文: http://antbsd.twbbs.org/~ant/wordpress/?p=910 Free Live CD with Anti-Virus tool (2) http://antbsd.twbbs.org/~ant/wordpress/?p=904 Free Live CD with Anti-Virus tool -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 210.192.198.24