Using bartPE for Virus Removal

I am thinking about learning how to use bartPE for virus removals of customers' machines. I could jump right in and start learning but I wanted to understand the concepts a little better and save some learning curve time.

1) Do I create the bartPE disk based on the OS that I will be working on... iow, if a customer's machine is XP-Home, will I eventually have a different bartPE CD for it and one for XP-Pro?

2) Plugins  I'm a little confused about these. Are these needed for my favorite version of a virus scanner... or are these mainly hardware related?

3) What are the "must have" plugins that you almost always include?

4) concept, concept, concept... the more you can tell me about the concept of using bartPE (especially in a virus/spyware removal environment) will be most helpful.

Thanks, in Advance!
Who is Participating?

Improve company productivity with a Business Account.Sign Up

Joseph DalyConnect With a Mentor Commented:
1. No you can use any version of XP. It will boot to the PE environment which is independent of the users machine.
2. Plugins can be any amount of different programs that do not come natively on the CD.
3. I mainly use BartPE for manually deleting files that are locked by viruses when windows is running. For my use i maiinly just use the explorer and delete the file.
4. As I said above I will usually run my default virus scan software either under regular windows or safe mode. Whatever isnt caught or able to be removed there I then fire up bartPE and manually delete. This is very good for DLL's or EXE's that have some sort of protection on them. Since BARTPE only reads the disk there is nothing that can lock the files.
AnselAdamsAuthor Commented:
Wow... thanks for the fast reply!

I'm still a little puzzled about the plugins. I see there is one for Avast. So I take it that I need to install the plugin to run advast, right? It doesn't specify any particular version but I've seen one for AVG that targets an older AVG version.

I the real question that I have at this time is:

Does this work any better than pulling the hard drive and scanning it with another computer? I can see the advantage of not pulling the hard drive, but almost always I pull off the case to blow out the dust and it's not much of a step to pull the hard drive.

My first focus is pulling the hard drive, backing it up, then working from there. I use Acronis as my backup tool. I've had problems installing it with highly infected computers so I typically pull the hard drive during the dust cleaning and use my work computer to backup and do the initial scanning.
Joseph DalyCommented:
the only real benefit I can see to using the boot CD rather than doing it your way is the time saved while pulling and attaching to another machine. If you are used to doing it and dont mind then I would stick with what works for you. That said I usually keep a copy of the CD in my laptop bag because you never know when your gonna need it and you might not have another machine to slave into.

I think as far as the scanning/cleaning both methods should work almost identically. In both situations the drive is only being read, there is no OS or EXE attempting to lock certain files.

Pulling an image with acronis is a good idea just incase the disinfection causes some unintended system failure. That said there are plugins for BARTPE that utilize the DriveimageXML program. This could be useful in the situations like you mention where Acronis wont install correctly.

I cant really give you a definite answer as to which is the better option for you as they both have their benefits. I would suggest setting yourself up a BARTPE disk just to have it as another option in your cleaning efforts.
Asta CuCommented:
Good general overview with detail and links here:
Outdated antvirus wont be effective.

And run the: "FULL SERVICE SCAN" it will cleanup & speedup your computer, if it won't run then:
You may have been infected with Worm:Win32/Conficker.B
To protect from Conficker apply an emergency patch that Microsoft issued in October - ahead of Conficker's arrival - for a recently discovered flaw in the Windows operating system that Conficker was designed to exploit.
The patch was originally intended to protect Microsoft's customers against a different piece of malicious code, a data-stealing worm called Gimmev.
Conficker could still activate itself, and it's not the most dangerous piece of malicious code out there
Ways to detect and clean a system that has the Win32/Conficker.B worm
If on a network, I recommend disabling "Password Lockout" policy for the time being, till you are sure the infection has been contained and cleaned in your network.
Also see:
Bit Defender:
This is  free:
(Regards from Michael Best: a Kiwi in Tokyo: I troubleshoot: both, English OS & Japanese OS)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.