any of these would be fine
https://www.lifewire.com/free-bootable-antivi … s-tools-2625785

However I'm assuming your copy of GTA isn't quite legit 😉 in which case I would have thought your daily driver used to download the game would have picked up anything dodgy.
It's pretty hard to infect an offline PC accidentally if using an up to date PC to transfer files (be it burning CD's, network, etc)

Don't assume.

You can quite easily make a legal copy of GTA IV up to v1.8.0 work on XP using the Prophet crack (which includes xliveless). Unfortunately the goldberg social club emu and crack doesn't work on XP but works fine on later Windows versions.

For the Steam release:
As far as the DMCA since the publisher no longer "effectively controls" or "effectively protects" via the "technological measure" (Steam) the game due to their failure to provide a solution for XP users then users can legaly circumvent the DRM for up to v1.8.0 of the game on XP. Of course the crack contains modified copyrighted files so legally can't be shared (althought possibly not a "substantial part" so possibly could be legally shared if the copyrighted files were unmodified and the users modifies via xdelta or similar.) but it's virus free. Of course nothing prevents someone from repacking it or anything else with malware.

For the DVD release it's likely it may work fine without the crack as long as you like infecting your system with shitty buggy copy protection and MS Live crap. I've cracked my purchased games for so long I don't play copy protected infected versions.

You can use clamav if you want something simple.

Thanks yes, will check it out those virus sanners.

I only ever download ISO's on my Windows 11 PC and then just copy the iso to a USB to mount it on the WinXP machine (so shouldn't be able to infect my windows 11 PC).

Yes, although I own a legal copy of GTA 4 I can't bloody activate it on my XP or Windows 11 machines...don't you just DRM.

Thats what I'm trying to say.
Both the iso and crack were downloaded on your Win11 PC, any virus should have been picked up at that point.
but running the scan isn't going to hurt either, just rekon it's not what the issue is.

NovaCoder wrote on 2024-01-03, 23:14:

What do people recommend for an offline XP machine?

The XP partition on one machine here has no AV, but I have made a house-of-cards that re-images XP off the NAS, then boots it, if XP is selected to be simply booted.

ClamAV is installed on the other partition, in Debian, and scans of XP can be done from that. But Clam is more designed as an email server scanner, it's awkward to use.

I also use AV rescue CDs, and those I could get network booting are offered off my boot server. Kaspersky's one still updates virus definitions, some do not update and others might/might not. These are the ISOs on the NAS:

avg_arl_cdi_all_120_160420a12074.iso
avira-rescue-system.iso
bitdefender-rescue-cd.iso
comodo_rescue_disk_2.0.261647.1.iso
Kaspersky_Rescue_Disk_18.0.11.0[c]_[built_at_2019.08.09_18.25.54].iso

Any or all can be used to scan XP. IIRC some took some tracking down, and it seems live AV rescue disks are a bit of a thing of the past.

progman.exe wrote on 2024-01-06, 00:32:

The XP partition on one machine here has no AV, but I have made a house-of-cards that re-images XP off the NAS, then boots it, i […]
Show full quote

NovaCoder wrote on 2024-01-03, 23:14:

What do people recommend for an offline XP machine?

The XP partition on one machine here has no AV, but I have made a house-of-cards that re-images XP off the NAS, then boots it, if XP is selected to be simply booted.

ClamAV is installed on the other partition, in Debian, and scans of XP can be done from that. But Clam is more designed as an email server scanner, it's awkward to use.

I also use AV rescue CDs, and those I could get network booting are offered off my boot server. Kaspersky's one still updates virus definitions, some do not update and others might/might not. These are the ISOs on the NAS:

avg_arl_cdi_all_120_160420a12074.iso
avira-rescue-system.iso
bitdefender-rescue-cd.iso
comodo_rescue_disk_2.0.261647.1.iso
Kaspersky_Rescue_Disk_18.0.11.0[c]_[built_at_2019.08.09_18.25.54].iso

Any or all can be used to scan XP. IIRC some took some tracking down, and it seems live AV rescue disks are a bit of a thing of the past.

Thanks, I couldn't get any of the other antivirus software listed in this thread to install on my XP offline machine, most of them needed a new version of windows.

chinny22 wrote on 2024-01-05, 00:29:

Both the iso and crack were downloaded on your Win11 PC, any virus should have been picked up at that point.

The problem is that all AV tools have tons of false positives (deliberate?) when scanning cracks. One has to have a good sense of who to trust and there can still be mistakes...

Not that I trust an antiquated scanner on an offline XP to do any better job.

There is also some pruning of older malware in the AV databases for new systems, e.g. old malware that gets obsolete on new OS versions.

(I have an old PC magazine CD which contained 2-3 malware items which caused havoc at the time it was distributed, but current AV products do not recognize that specific malware any more, which I noted when someone wanted a copy of some unaffected shareware parts from the CD)

Not a problem on new systems maybe, but for retro stuff it can be.

progman.exe wrote on 2024-01-06, 00:32:

I also use AV rescue CDs, and those I could get network booting are offered off my boot server. Kaspersky's one still updates virus definitions, some do not update and others

So you have something like a PXE server setup to do AV scans, I've never thought of that and is a pretty good idea!
I mean I'm never going to do it as I don't see the need for AV on offline machines (and still haven't set up PXE for OS rollouts yet which I do want to do)
but can appreciate the elegance of the setup.

chinny22 wrote on 2024-01-09, 23:43:

So you have something like a PXE server setup to do AV scans, I've never thought of that and is a pretty good idea! I mean I'm n […]
Show full quote

progman.exe wrote on 2024-01-06, 00:32:

I also use AV rescue CDs, and those I could get network booting are offered off my boot server. Kaspersky's one still updates virus definitions, some do not update and others

So you have something like a PXE server setup to do AV scans, I've never thought of that and is a pretty good idea!
I mean I'm never going to do it as I don't see the need for AV on offline machines (and still haven't set up PXE for OS rollouts yet which I do want to do)
but can appreciate the elegance of the setup.

Yes, the PXE server (the three services of DHCP, TFTP and HTTP) has turned out to be useful.

One thing I have done is made a custom version of Debian live, a minimal OS for system recovery with the tools I'd want and pre-configured for my LAN/servers. All the PCs on the LAN that have hard drives are set to boot off the LAN, 2nd. So if an HDD fails in a PC and the machine reboots, it will boot into the recovery system and be present on the LAN for troubleshooting.

I don't think I ever aimed to put AV on the boot server. I think I realised it might be possible because I had got to the point of getting near arbitrary distros network booting, and things like Kaspersky AV are just Gentoo underneath. Maybe I saw some something about how to netboot AV CDs, and thought I'd try it because I have a PXE system, can't remember.

That link you posted had a few more live AV products, thanks for that. I've tried a few of them in a virtual machine, ISO booting, and likely will try and cram a couple more onto my boot server.

OS installs from the LAN are very convenient, too. Combined with ISO auto-mounting you barely need much more space for the boot system (generally only the kernel and initrd need copying out of an ISO. And mostly copy the boot options from the ISO's bootloader config, with something to tell it to get the rootfs off the LAN (that detail usually will need some reading of The Fine Manual)).

dr_st wrote on 2024-01-09, 08:32:

The problem is that all AV tools have tons of false positives (deliberate?) […]

Part of what made technical drawing class in high school interesting was that I figured out the 0-byte file commonly known as "New Text Document.txt" would fire up Norton 2006 if renamed to "keygen.exe" 😁

Back to the original question - yes, Clam[Win] is what I used even back then, exactly because it's an all-manual scanner with no resident bloatware and no commercial interest to err in the side of pretending to be worth paying For Your Protection™

---

For another fun one, Norton 2003 was famous for barking at every window with "echo j | format c:" in the title bar, you can still search the web for that string and laugh!

Ryccardo wrote on 2024-01-16, 18:17:

Part of what made technical drawing class in high school interesting was that I figured out the 0-byte file commonly known as "New Text Document.txt" would fire up Norton 2006 if renamed to "keygen.exe" 😁

That's great. Now with Win10 it just complains "this app can't run on your PC" and suggests that I contact my "software publisher" to find a compatible version. 🤣

dr_st wrote on 2024-01-16, 19:59:

Now with Win10 it just complains "this app can't run on your PC" and suggests that I contact my "software publisher" to find a compatible version. 🤣

Program without MZ header = COM format (funnily for the OS that makes the most fuss about extensions, EXE/COM/PIF/SCR are all the same, it's the content that matters), and those are "necessarily" 16 bit so no go 😜

And that's what a "PIF virus" really is - not a shortcut on steroids that takes advantage of its possibility to use a custom autoexec.bat to do stuff, but rather a renamed program to fool people who may or may not know what I just said but not knowing all executable extensions are loaded with an universal process based only on the actual contents!