Saturday, January 23, 2010

Kaspersky Rescue Disk

You find your computer getting slower and slower to boot, and when it finally does boot it's so slow everything runs at a crawl. So you try running the antivirus you have and just get a message that says the definitions are out of date and you can't connect to the update server. Or you may find an annoying pop-up coming up every time you boot telling you PC Antivirus has found 70,278 infections and for $49.99 they will remove them for you. Well my friend, you are hosed! Your machine is so badly infected that you have to try desperate measures. At this point you can try pulling your hard drive out of the machine and putting it in another mounting it as a slave and using your other machine to try to clean it.

Another way to get this thing up and running is to try some kind of bootable rescue disk to clean it. Bootable rescue disks are bootable CD's/DVD's that contain small operating systems with some preinstalled tools contained for repairing your computer. When you turn on your computer hit F10 or F12, select your CD/DVD drive and your computer boots into an operating system contained on that CD. There are a lot of great rescue disks out there, the problem is most are very complicated and some take forever to boot. I found one great exception to this though. Kaspersky labs creator of the very capable Kaspersky Antivirus line of products has built a great free bootable rescue CD that is simple to use. Unlike many other bootable rescue disks it has one purpose, to clean your system. To create a Kaspersky Rescue Disk, download the ISO image from this link http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/ then burn the image to a CD. Depending on what operating system you are using you may need to download a CD burning program if you don't already have one. If you are running Windows 7 it has a built in, burning program that's simple to use and works great. If you are running XP or Vista, I like Image Burn http://www.cdburnerxp.se/ or CD BurnerXP http://www.cdburnerxp.se/ both do a great job of burning .ISO images and are free.

Once you have your rescue CD built, start your infected machine pushing F12/F10 to get it to the boot selection screen. Boot to the CD Rom drive as I stated earlier and relax, although faster than most rescue disks it's hardly fast. Follow the prompts and when it boots into the Kaspersky Rescue system you first need to update the virus definitions. Once updated do a scan, and go read the newspaper or get some coffee, it takes a while. Once it completes the scan go ahead and let it remove or quarantine all the files it has found. I've never had it delete anything that caused the machine it was fixing not to boot. But of course before you do anything like this, BACK UP YOUR DATA!!!!! But you already did that so proceed. Do the scan, remove the junk and log off Kaspersky. Just turning off your computer with the power button won't hurt anything when you are running a rescue CD.

The reason rescue CD's are so effective, is you're not trying to disinfect a computer with an infected OS. When you boot to the hard drive of an infected machine, you're playing on the bad guy's home turf. They control the machine and in many cases they've hidden the infected files so your antivirus can't see them. The rescue CD can scan your boot sector, and you hard drives from the outside looking in. The malware doesn't have a chance to hide if it's not running. It's become the first step I now use when I'm dealing with an infected machine. There are other rescue disks out there and many are very complicated and take a very long time. The Kaspersky Rescue Disk is the fastest and easiest I've found to clean an infected machine enough to allow me to boot back into Windows and complete the process by adding my favorite automated antimalware tools to keep the system clean going forward.