Anti-Virus Boot CD – Avira

Background

These days family and friends call every so often saying that their computer has a Virus, and they need help right this very moment.

Connect and Fix Problem

If they are far away, they might want you to connect remotely and fix the problem.

That works, but I will suggest that you take this has a teaching opportunity for youself and a learning experience for the person in need.

Anti-Virus Boot CDs

Thankfully, there is a slew of Anti-virus Boot CDs available today.

Tim Fisher has a good list.

Name GUI/ Text? Functionality Tutorial
Anvi Rescue CD  GUI 1) Nice familiar MS Windows type interface
2) Check Memory
3) Check Disk for defects
AVG Rescue CD  Text  1) Network How it works

http://www.avg.com/us-en/avg-rescue-cd

Avira Rescue System  GUI 1) Auto-updates Virus definitions before initiating Virus Scan
2) Definition Updates can not be scanned
How to use the Avira Rescue System
BitDefender  GUI 1) Supports installation of Remote Access program
Comodo Rescue CD GUI and Text 1) Download Virus signature updates
2) Browse Internet
3) Access File and Folder Explorer
Introduction to Comodo Rescue CD
Dr. Web LiveDisk  GUI 1) Choice in whether to download updates How does to work
F-Secure Rescue CD  Text 1) Cannot skip automatic updates of Virus signatures (-)
2) No GUI ( – )
3) Textual Only – Does not allow mouse interaction ( – )
Kaspersky Rescue CD  GUI 1) Virus signatures have to be downloaded Create Boot CD and Boot Computer

Start a Scan

Lab

What use is reviewing a Virus cleansing tool without actual viruses.

Can’t ship and load actual viruses, but we can play with placebos.

Eicar.Org

Thankfully, Eicar.org have some available @ http://www.eicar.org/85-0-Download.html.

VirusFileList

Download

On the computer that we are using, we have an active virus detection tool.

It is Microsoft’s System Center Endpoint Protection.

Microsoft’s System Center Endpoint Protection

We need to disable real-time protection and exclude our targeted folder.

Real-time protection
Before

SettingsAndRealTimeProtection-Current

After

SettingsAndRealTimeProtection-Post

Excluded Files And Locations

We excluded E:\downloads\eicar.org

ExcludedFilesAndLocations
With the changes summarized above taken, we were able to download the fake viruses.

Avira Rescue System

Here is a quick summary on my recent experience with the Avira Rescue System.

Boot Options

When the Avira Disk is booting, we are presented with the option of :

  1. Avira Scan
  2. Check Memory
  3. Check Disk for Defects

Welcome

The first screen is the Welcome screen.

Please click on the “Start Wizard”.

Welcome

Wizard – Step 1 of 3: Partition Selection

Thankfully, unlike some other tools, the Avira tool displays the actual Windows Disk drives (C:, D:, E:).

This makes it easy to know that the drives are actually present and allow us to narrow our processing to specific drives or a combination of drives.

WhatDoYouWantToScan

Wizard – Step 2 of 3: Scan and Repair

Here is what we see as the drive is being scanned…

ScanAndRepair-Detections

Wizard – Step 2 of 3: Scan and Repair ( Wizard finished successfully )

Once the scanning is completed, we get a definite view of the number of files actually infected.

WizardFinishedSuccessfully

On the next screen we reviewed the list of files identified and chose to delete the ones that were actual viruses.

Please keep in mind that there were some false positives, as well.

As this is a public forum, will not disclose the false positives.

Other Functionalities

gparted

The tool comes with gparted.

The Windows drives are exposed and mounted as /target; i.e. /target/C: and /target/E:

GParted

With this knowledge we can directly explore our Windows Drive:

Folder

I will suggest that screenshots and downloads are kept in your exposed Windows Drives.

Screen Shots

Screenshots can be captured via Alt-PrtSc.

Network, Internet and Browser

As discussed, we get Network, Internet, and Firefox access.

Summary

Found the Avira tool to be capable and easy to use.

I especially like the fact that it comes bundled with a Disk and Memory checker modules; the reason being that Disk and memory issues can sometimes be confused with Virus bouts .

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s