These days family and friends call every so often saying that their computer has a Virus, and they need help right this very moment.
Connect and Fix Problem
If they are far away, they might want you to connect remotely and fix the problem.
That works, but I will suggest that you take this has a teaching opportunity for youself and a learning experience for the person in need.
Anti-Virus Boot CDs
Thankfully, there is a slew of Anti-virus Boot CDs available today.
Tim Fisher has a good list.
What use is reviewing a Virus cleansing tool without actual viruses.
Can’t ship and load actual viruses, but we can play with placebos.
Thankfully, Eicar.org have some available @ http://www.eicar.org/85-0-Download.html.
On the computer that we are using, we have an active virus detection tool.
It is Microsoft’s System Center Endpoint Protection.
Microsoft’s System Center Endpoint Protection
We need to disable real-time protection and exclude our targeted folder.
Excluded Files And Locations
We excluded E:\downloads\eicar.org
Avira Rescue System
Here is a quick summary on my recent experience with the Avira Rescue System.
When the Avira Disk is booting, we are presented with the option of :
- Avira Scan
- Check Memory
- Check Disk for Defects
The first screen is the Welcome screen.
Please click on the “Start Wizard”.
Wizard – Step 1 of 3: Partition Selection
Thankfully, unlike some other tools, the Avira tool displays the actual Windows Disk drives (C:, D:, E:).
This makes it easy to know that the drives are actually present and allow us to narrow our processing to specific drives or a combination of drives.
Wizard – Step 2 of 3: Scan and Repair
Here is what we see as the drive is being scanned…
Wizard – Step 2 of 3: Scan and Repair ( Wizard finished successfully )
Once the scanning is completed, we get a definite view of the number of files actually infected.
On the next screen we reviewed the list of files identified and chose to delete the ones that were actual viruses.
Please keep in mind that there were some false positives, as well.
As this is a public forum, will not disclose the false positives.
The tool comes with gparted.
The Windows drives are exposed and mounted as /target; i.e. /target/C: and /target/E:
With this knowledge we can directly explore our Windows Drive:
I will suggest that screenshots and downloads are kept in your exposed Windows Drives.
Screenshots can be captured via Alt-PrtSc.
Network, Internet and Browser
As discussed, we get Network, Internet, and Firefox access.
Found the Avira tool to be capable and easy to use.
I especially like the fact that it comes bundled with a Disk and Memory checker modules; the reason being that Disk and memory issues can sometimes be confused with Virus bouts .