F-Secure Rescue CD 3.16
F-Secure provides a free Rescue CD which allows you to boot a PC from a CD and
scan it for malware using F-Secure's antivirus software. The F-Secure Rescue
CD will attempt to disinfect any infected files and will rename any it can't
disinfect by putting a .virus extension at the end of the file name. By doing
that, when you reboot the system into Microsoft Windows, the infected file will
not be loaded into memory.
[ More Info ]
F-Secure 3.11 Rescue CD Scan of Compaq SR1900NX Windows XP PC
If I need to scan someone's Microsoft Windows system for malware, I
usually make a backup of the system outside of Windows, e.g., by booting
the system with a Norton Ghost 2003 boot CD and backing up the system
to an external USB drive. I then usually perform an initial scan of the
system using a rescue CD, such as the
F-Secure Rescue CD
3.11. Using a rescue CD can be especially helpful
if a system won't boot into Windows or runs abysmally slow because of
a malware infection.
In this instance I used the F-Secure Rescue CD 3.11 on a Compaq Presario
SR1900NX system running WIndows XP to perform an initial malware scan of
[ More Info ]
Setting F-Secure Resce CD to Automatically Reboot
I needed to scan a system with an F-Secure Rescue CD 2.00. I started
the scan late at night and wanted to go home to sleep before the scan
completed. But I wanted the system to reboot into Microsoft Windows
after the scan was completed. Since the results of the scan are
, which exists only in the system's memory
when the system is booted from the F-Secure Rescue CD, I also wanted
the output log files produced by the scanning process to be stored
somewhere where I could access them after the reboot.
When a scan is started, the following is displayed:
Scanning all filesystems mounted under /mnt/scan/ directory.
The results of the scan will be saved in /tmp/scan_results.txt
Alt-F1 This screen.
Alt-F5 To see details of files being scanned.
Alt-F6 To see any malware found.
Ctrl-C TO cancel scanning.
You can also use Alt-F2, Alt-F3, or Alt-F4 to
get a shell prompt. I used Alt-F2 to obtain a shell prompt.
When a system is booted from the rescue CD, the hard drive on the system
is mounted under
/mnt/scan. In this case, the hard drive is an
drive designated as
hda2 by Linux, which is the operating system
used on the F-Secure Rescue CD. So I could store the log files, which are as
follows, somewhere under
On this system there was a
C:\TEMP directory, so I decided
to store them there. You can see the directories on the hard drive using
ls command, e.g.
pico editor on the CD, I created a script,
which I named
rebootwin in the
/tmp directory to automatically reboot the system after 9 hours,
presuming that the scan of the system should certainly be completed within
that time (it took about 3 hours).
root@tty2[/]# cd /tmp
root@tty2[tmp]# pico rebootwin
I put the following commands in the script:
cp scan*.txt /mnt/scan/hda2/TEMP/.
The script prints the date and time and then "sleeps" for 9h. When that
amount of time has elapsed, it copies the log files from the scanning
process from the
/tmp directory to the
directory on the system's hard drive. The system is then rebooted. If
the system is set to boot from the hard drive first, rather than a CD-ROM
drive, it will boot into Windows from the hard drive. If the system's BIOS
is set to attempt to boot the system first from a CD in a CD-ROM drive, it will
reboot from the F-Secure Rescue CD, but, unless a key is hit within a few
seconds, it will not continue with a reboot into the antivirus scanning
software, but will instead boot from the system's hard drive.
I saved the script with Ctrl-X and then made the script executable
chmod command. I then started the script with
root@tty2[tmp]# chmod 755 test
Sat Sep 13 23:52:46 UTC 2008
The next morning, I was able to check the results of the scanning process
by examing the log files on the system's hard drive.
Scan of J with AVG and F-Secure Rescue CDs
I've been continuing to check a Windows XP Pro system, J, which became
infected on September 8, with programs to detect any malware that might
remain on the system. I used
AVG Rescue CD
F-Secure Resce CD 2.00
to check the system tonight.
More Info ]
F-Secure Rescue CD 2.00
I've been using an
AVG Rescue CD
to boot Windows systems from a CD, rather than the copy
of Windows installed on the system's hard drive, and then perform an antivirus
scan of the system. The AVG Rescue CD provides a Windows
for performing scans
and I've found it works very well. The cost is currently $149.95 in U.S.
Searching for other rescue CD's, I also found one from
F-Secure, which uses a
Knoppix LiveCD to boot a system to
perform an antivirus scan of the system. You can use it to boot a Windows
system to check the system for viruses without booting into a possibly
infected copy of the Windows operating system.
F-Secure Rescue CD 2.00 is free and can update itself over the network,
if a DHCP server is
available on the network to provide it with
IP configuration information.
You don't need to understand Linux to use the software; you are presented
with prompts to walk you through the process of scanning a system.
[ More Info ]
F-Secure Anti-Virus for DOS
offers a free antivirus program
for DOS. This can be run from a command line within windows or you can boot
the system from a DOS floppy or CD when you can't get Windows to start properly
or want to run an antivirus program from outside of Windows. The program is
available from F-Secure at
, which provides a link for downloading the software
from F-Secure's FTP site at
[ More Info ]