Spybot Christmas Presents, Part 1: Bootable CD

[PepiMK]

Please note: This tool will be part of Spybot-S&D 2.0 Professional Edition and of commercial variants of Spybot-S&D 2.0. It is no longer available as a separate download.

Disclaimer: this is a beta - work in progress (means feedback is quite welcome)! The tool creates a bootable and usable CD, but the CD is quite bare currently, no runtime optimization etc.. Also, a 1 GB (yepp, that's right, 992 MB to be exact) requires a broadband connection. That said, let's get some description...

Some malware can best be removed if the infected system, including the malware itself, is not active during the cleaning. To use another system, one needs either a second full installation, or a operating system bootable from CD.

There are existing solutions to create bootable Windows CDs that include Spybot-S&D, including the well-known BartPE environment (this is not intended as competition to it). The BartPE solution has the disadvantage that the user needs to own a full Windows XP CD though (no recovery CD or partition only, and Win9x/ME CDs are not sufficient either), and some understanding of the process to create the CD.

The goal of this tool is to create a bootable CD with a minimum of interaction by the user required; our method skips or automates the difficult parts and tries to be as simple as possible using these steps nearly every user should be capable of (*):

• Download a DVD image from Microsoft (Windows Automated Installation Kit).
• Burn that DVD image to a real DVD
• Install the software from that DVD
• Run our tool to create an ISO file of a bootable CD
• Burn that ISO file to a real CD
• Boot from that CD and use Spybot-S&D

(*) The only downside to this solution is that the user needs to download a Microsoft file of 1 GB, which needs broadband access.

So your requirements would be:

• DVD burner (or CD burner if you extract the DVD image and install from the extracted files)
• Empty DVD (if you don't have one, you can install from an extracted version of the image)
• Empty CD (unless you only want to test the created image in VMWare)
• Broadband connection (or any other way to get the Windows Automated Installation Kit DVD)

And to create the CD, Microsoft specifies the following OS as a requirement:

• Windows Server 2003 SP1; Windows XP SP2, Windows Vista
• Windows XP SP2 with KB926044
• Windows Server 2003 SP1 with KB926044
• Windows Server 2003 SP2
• Windows Vista family

Download: No longer available.

And of course some screenshots:

Wizard page 1, prerequisites:

Wizard page 2, application selection:

Wizard page 3: ready to start:

Wizard page 3, again: CD image was created:

 

[PepiMK]

Quick update: current version detects applications only on 64 bit systems, updated one will be available tomorrow or the day after

 

[PepiMK]

Ok, the download link above now has an updated version (1.0.3), which should work on 32 and 64 bit systems.

Also comes with a basic plugin system that would allow easy extension, while keeping it the same simple three-steps-only way.

 

[beltman713]

Couldn't get it to work, got this message...

Press the Finish button to start creating the CD.
Started creating CD...
Copying regalyzer...
Copying runalyzer...
Copying spybotsd...
Application menu created.
Copying operating system files...
Mounting image file system...
Executing C:\Program Files\Windows AIK\Tools\x86\imagex.exe...
ImageX Tool for Windows
Copyright (C) Microsoft Corp. 1981-2005. All rights reserved.
Mounting (RW): [C:\SpybotBootCD\winpe.wim, 1] ->
[C:\SpybotBootCD\Mount]
Error mounting image (RW):
Access is denied.
Something went wrong, system hive file does not exist!
CD was not prepared sucessfully!

Check the above for error messages, we could not create a valid ISO file.

 

[PepiMK]

Hmmm.... I just tried with a fresh installation of it, works fine.
Which OS are you using to do create the CD? Vista maybe (in that case I would have to take a closer look at the Microsoft tools used here, e.g. the image mounting tool, on how to run it with sufficient rights)?

 

[beltman713]

Using XP Pro.

 

[PepiMK]

It works fine on XP Pro 64, but I could reproduce a problem, not exactly the same, but also with imagex.exe (Microsofts tool to handle the disk image), on XP Pro 32. The whole procedure is also described in an example from Microsoft, which fails as well, so I start to think there's a big in imagex.exe ...

 

[beltman713]

Yeah, I'm running 32 bit.

 

[chewdz]

does this works on any Microsoft operating systems?

 

[PepiMK]

Any? Well, the CD, once created, can be used to repair any OS.

Creating the CD is a bit different I'm afraid. On XP Pro 64 bit it works for sure
Microsoft designed it for the newest OS onl though... Here you can see a list of what they say these tools support:

• Windows Server 2003 SP1; Windows XP SP2, Windows Vista
• Windows XP SP2 with KB926044
• Windows Server 2003 SP1 with KB926044
• Windows Server 2003 SP2
• Windows Vista family

XP SP2 is surely named there; and I think while the first one probably means the 64 bit version (since that is more 2003 than XP), the second mentioning should really mean 32 bit XP.

Test supported Operating Systems is the task I wrote for us where you'll probably find more information soon.

If this is all too bad, we might have to think about using a third-party extracting for those .wim files I guess, if one exists.

 

[129260]

this would be a vry useful tool

i like the idea!

 

[Coronamaker]

Just curious, when using this would the user need to burn a new Boot CD to have current updates, or is there another way to use a bootable CD with current detections? For instance I use the AVG Rescue CD for viruses, and the Boot CD Image gets updated every 4 months or so, but it allows you to update the definitions from a removable drive or the internet if your NIC has the drivers in the Boot CD image.

 

[chewdz]

Creating the CD is a bit different I'm afraid. On XP Pro 64 bit it works for sure
Microsoft designed it for the newest OS onl though... Here you can see a list of what they say these tools support:

• Windows Server 2003 SP1; Windows XP SP2, Windows Vista
• Windows XP SP2 with KB926044
• Windows Server 2003 SP1 with KB926044
• Windows Server 2003 SP2
• Windows Vista family

XP SP2 is surely named there; and I think while the first one probably means the 64 bit version (since that is more 2003 than XP), the second mentioning should really mean 32 bit XP.

If this is all too bad, we might have to think about using a third-party extracting for those .wim files I guess, if one exists.

well... It does not support Windows 2000 SP4...... but never mind. Can u let us know if there is any third-party extracting softwares/applications which can do similar functions?

 

[PepiMK]

Yes, I think it should allow dynamic live CD updates. That's a feature we added for the BartPE version some time ago already - updates would get downloaded to the RAM disk and used from there, regardless of the burnt ones.
I guess the problem here would be to add NIC drivers, I didn't deal with that yet, but it should be possible (BartPE can do that as well ^^).

 

[Coronamaker]

Ran from Windows Server 2003, no problems at all. Would it be possible to add a Browse button for the AIK Installation Location or to have it read the location from the registry? Not a problem really, but it may be easier for some people who don't use the standard install of the AIK. Other than that working fine and a nice tool to have.:bigthumb:

 

[PepiMK]

Thanks for the report, added 2003 Server to the list of working OS's, and added your feature request here (indeed a good idea, I admit I spent most of the time on the functionality only, and not a lot on the GUI so far, having a browse button is really standard ;-) )

 

[Soultrain]

Basically it is a Windows PE 2.0 with Spybot in it. Wouldn't it be rather simpler to make a portable version of spybot and put it on windows pe 2.0 tools folder while building it?

Just one more question as I didn't test this yet. Does it have a graphical user interface or just runs on command line just as the windows pe 2.0?

Anyway, it is great to see new tools coming out...

 

[PepiMK]

Yes, it's the full graphical version; the command line version is only used in the distributed testing thing currently.

What is "rather simpler" usually depends You could use Spybot-S&D for example with a BartPE CD for years. But you would need to copy the files into a special folder &c.; this one is aiming to get as much a one-click solution that would allow unexperienced users to create a CD to scan their system.

 

[Soultrain]

Yes, it's the full graphical version; the command line version is only used in the distributed testing thing currently.

What is "rather simpler" usually depends You could use Spybot-S&D for example with a BartPE CD for years. But you would need to copy the files into a special folder &c.; this one is aiming to get as much a one-click solution that would allow unexperienced users to create a CD to scan their system.

Well, I am glad it has a GUI. Command line make us waste a lot of time, which is needed to fix whatever needs to be fixed.

The only reason why I wondered if wouldn't be easier to develop a portable version of Spybot is that I am aiming to build my own winpe 2.0 and add a few tools that I consider essential, and that also includes, of course, security software such as Spybot. But for what I can understand from your words this project is aiming to be a one-click solution, which would also mean it would be possible to add it to winpe 2.0, or where ever people want to add it. Or am I just being silly? :angel:

So... anyway... as I mentioned before it is great to see a new tool coming out and I wish the best of lucks for it!!!!

 

[kbz1960]

I would love this. I have worked on some computers that were nothing short of a pain in the a__ to get rid of some nasties! :bigthumb: