Norton Boot Disks - suggestion

Various Symantec products come with boot disks that allow to boot directly from the disk when you either can't boot into Windows or once you do, your system is so infected that you can't do anything.

I recently ran across a system like this.  My son's friends laptop was so infected that although you could boot into it, you couldn't do anything once you did.  What ever was doing this would show it's ugly face when a browser was ran.  If you tried to run is Anti virus software (webroot), you would get a message that there was a problem with the executeable.

I booted his system up from one of my Symantec boot disks and ran the anti-virus program.  It supposedly checked every file and didn't find a thing.  I then booted up the system into Safe Mode and did a system restore and that fixed the problem.

Why didn't the Boot disk find the problem?  My guess would be that there are files that it doesn't check that would be checked if  the anti-virus software was run from Windows.  I would guess that these files would include whatever files are loaded/ran when Windows is booted, including the registry file.

My suggestion is that the Anti-virus program on the boot disks check these files as well.  There also has to be a way for the boot disk anti-virus program to know what these files are and where they are located.  One way to do this would be when the system is booted into Windows, you put in the Boot disk and when you select the option to find the Anti-virus signatures and put them in a location that the boot disk can find them, such as a CD, you can also put in that same location a file that the boot disk creates that tells it which files are loaded when Windows is booted up and where the system registry file is located and even put a copy of the system registry file on the disk as well in case you have a problem so bad that the system registry file badly corrupted to the point that you would be better off not to use it, or use the copy to rebuild it.

Labels: New Feature



Re: Norton Boot Disks - suggestion

Hi Nragone, Thank you for the detailed post. I assume that you ran the Norton Bootable Recovery Tool. If you didn't, then that is the tool that we recommend you run in these situations. The tool (NBRT) does do what you described. I can't say why it didn't find the particular threat that your son's friend had, but i can tell you that a) we've recently released a new tool called Norton Power Eraser that is designed to find and remove difficult to detect threats, and b) we are going to be integrating more aggressive technology into NBRT to ensure that it is as effective as possible. Dan