ICC Home  /  Members  /  Meetings  /  Peer Support  /  Documentation  /  Projects

Off-line infection scanning:

Return to IT/SA Services Documentation: Security Tools

Wayne Hyde has made available methods of performing off-line scans of machines using McAfee. These are very handy for boxes that have been infected with root kits, etc.:

  • A WinPE image is now available via PXE boot for any capable on-campus machine
  • To use PXE network boot, you generally must go to the BIOS setup and configure the machine. This is usually an option for the network card that is not on by default. Once that is done, you press F12 during restart (on Dell machines anyway) to get a boot menu. You select the on-board network controller which will do a PXE boot to the DHCP server that runs WDS. From there you may boot this image (along with default Vista installs should you wish).

    Once the image boots and you get a command prompt, go to "W:\Tools" and then run "scangui.exe".

  • An ISO version "cleaner.iso" is also available
  • Download and burn this bootable image to a CD. Booting off that CD will allow you to run an off-line scan.

last edited 8 August 2007 by Steve Lasley