Best way to clean a pc full of viruses without internet access

[iamgenius]

We have some pc's in a mini network that are infected with all types of viruses. The problem is that I can't connect them to the internet because of the nature of the info in them. This wasn't handled well by the IT guy who did the network.

What programs allow me to download definitions off the internet then load them into the program? It is going to be meaningless to run a full scan with an outdated software. Some viruses will not be detected.

I know there are iso's you can download and burn into cd's and use them to clean the pc even before getting into windows which is better, but are they up to date? I don't think so.

What do you recommend? Malwarebytes for example allows you to download its rules then load them. I want such a thing but with a good AV software.

Thanks.

 

[CalvinHobbes]

The "rescue discs" you get from AVG, Avira, etc. have the ability to update the virus definitions so they won't be out of date. Just connect them to the network once they boot into the linux environment that the rescue disc uses.

 

[iamgenius]

The "rescue discs" you get from AVG, Avira, etc. have the ability to update the virus definitions so they won't be out of date. Just connect them to the network once they boot into the linux environment that the rescue disc uses.

How can a cd be updated? I did download the kasbersky disk and updated it on my pc, and when I used it on the pc that can't connect to the net it said it is out of date. It made sense because how can the definitions be burned into the cd?

 

[MadScientist]

On computers as badly infected as yours I have had limited success with the boot-up rescue discs. Like their Windows counterparts they will find some malware but not all. As CH has already stated they run in Linux before Windows loads and update the running program via the internet, not the disc.

Before you do anything back up all your important files.

I suggest you first read John's Malware Guide, also referenced in the Security Resource Thread sticky. http://www.elitekiller.com/malware.htm
Download his Rogue Removal Kit, unzip it, and read his Readme.pdf.

I prefer to download the the AV programs from their websites to get the latest version and copy them to a flash drive.
I first run rkill to terminate the virus processes. This usually works and then you can install your AV programs, unless you also have a Rootkit. It will not stop these. You can then run TDSSKiller or rename the AV program. On a badly infected computer I worked on last week I had to rename Combofix.exe to IE.exe to get it to install.
http://www.bleepingcomputer.com/forums/topic308364.html
http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.bleepingcomputer.com/download/anti-virus/combofix
http://www.malwarebytes.org/mbam.php
http://free.antivirus.com/hijackthis/
Go here to analyze your HijackThis log: http://www.hijackthis.de/ or post your log at Bleepingcomputer: http://www.bleepingcomputer.com/tutorials/tutorial94.html

You can get updated MBAM rules to add to your flash drive, but the page has not been updated since 7/23. TDSSKiller and Combofix should clean up your computer enough so you can connect to the internet to get the latest MBAM updates after you install the program. http://malwarebytes.gt500.org/
In IE also check under Tools-Internet Options-Connections-LAN settings that it's set to Automatically Detect Settings or if you were using a proxy server that those settings are correct.

I also prefer to run the AV programs in Safe Mode with Networking. The scans run faster and some of the viruses may not load. I also run a second scan with Malawarebytes Anti-malware in Normal mode and a full scan with Microsoft Security Essentials.

The other alternative, since you can never be 100% sure that you are virus free, is to do an OS re-install.

 

[Chiefcrowe]

The Avira rescue disc is updated every day with the latest definitions before you burn to disc.

How can a cd be updated? I did download the kasbersky disk and updated it on my pc, and when I used it on the pc that can't connect to the net it said it is out of date. It made sense because how can the definitions be burned into the cd?

 

[imagoon]

Trend, McAfee, and Norton offer their signature files on the main sites if you are looking at a "non-freeware" product.

Example:

http://downloadcenter.trendmicro.com/index.php?clk=left_nav&clkval=pattern_file&regs=NABU

 

[Binky]

Step one should be to estimate how long a full reinstall of the OS would take. Compare that to decrapifying four machines and you may prefer to format them and start over.

 

[iamgenius]

Step one should be to estimate how long a full reinstall of the OS would take. Compare that to decrapifying four machines and you may prefer to format them and start over.

I can only format the OS drive. Several disks are installed which hold gigs of data and zillion of viruses.

By the way, it is not that I can't connect to the internet because of the infection. Internet access just doesn't reach where the pc is.

I can do it one way or another.........but you always get great ideas when asking. I'll try your suggestions guys. Thanks.