It used to be that getting a virus or other malware meant that your computer froze, popped up ads or rebooted on you unexpectedly. Times have changed, and hackers have realized that with people regularly typing in credit card numbers and logging into their bank’s website, there is real money to be made in infecting your computer and making sure you never find out about it until you discover a few thousand dollars missing from your bank account.
These days, any intelligent hacker will do everything possible to make sure that you never know your system is infected. Some viruses even go to the point of removing other viruses because they may might raise unwanted attention that something is wrong. Even with regularly updated anti-virus software, there are so many new viruses and other malware coming out every day that it’s possible something could slip past your anti-virus defenses. Once inside your computer, a virus or other malware can often hide from anti-virus software – or if the anti-virus software does find the bug, it won’t be able to successfully remove it: it simply reappears after the computer is rebooted.
There’s an inherent problem with nearly all anti-virus software when it comes to dealing with an infected system: it’s running on the same operating system that the virus is running on, and sense the virus is also active in the sytem, if it’s “smart” it will use methods to fool the anti-virus software into thinking it’s not there whenever a scan is done. Because of this, the only surefire way to scan for a virus is to scan when the virus isn’t running. But if the virus starts with the operating system (i.e. Windows) and you need to be running an operating system in order to run a virus scanner, how do you safely scan for viruses?
The hard way would be to take the hard drive out of your computer, hook it up to another computer and scan the drive from there. This does work, but even this method has it’s problems. In addition for it often being difficult to remove a hard drive, if the other computer you’re connecting it to is running Windows, there’s a chance it could too could become infected by means of the built-in Autorun features of Windows. This is one of the features that allowed for the spread of the infamous Conficker virus through USB flash drives and USB hard drives.
Fortunately there’s a better option: anti-virus live CDs, or rescue CDs. A live CD is a CD you can use to boot into a completely separate operating system which is contained entirely on the CD. When you turn on the computer with a live CD in the drive and the computer boots using that CD, it’s as if you’re booting a completely different computer, and your hard drive is now the “guest” of the system. You have full access to all the files on the hard drive, but since the virus isn’t actively running, you can perform a virus scan and look through all the files on the hard drive without worry of the virus actively interfering with the search.
There are a few such anti-virus live CDs or rescue CDs that are freely available to download and use, which I’ve summarized here based on my experience testing each on a test computer that was deliberately infected with a nasty rootkit virus, the kind that regular anti-virus software running in Windows struggled to get rid of.
Avira AntiVir Rescue System – Download
Pros: It’s the fastest scanner and has good detection rates. It’s also the easiest CD to create if you don’t know how to burn an ISO file to CD, as the download is an executable file which offers to burn the image directly to a blank CD when you run it. The CD image is updated regularly and is one of the smallest downloads at around 50MB.
Cons: It can’t perform updates using a wireless connection, so you’ll have to plug your laptop in with an Ethernet cable to perform an update. If you have a desktop with a wireless connection and no easy way of hooking it up by cable, just download the latest Rescue CD and it should contain the most current virus signature updates.
Note: When the live CD starts up the default language is German, but just click the British flag to switch everything to English. If you want to scan one specific drive or partition, you’ll need to understand Linux a bit, but to scan everything, just leave the settings as they are.
BitDefender Rescue CD – Download
Pros: Virus definition can be updated using your internet connection, and this is the only rescue CD that offers the possibility of using a wireless (Wi-Fi) connection. However, getting your wireless card to work is no easy task if you aren’t familiar with Linux, so for most people it will be much easier to connect their computer by Ethernet cable. The CD boots into a nice graphical interface and includes a copy of Firefox so you can surf the net and write some emails while scanning for viruses – a very nice touch. Also included are a file manager and even a basic partition imaging program.
Cons: It failed to detect one of the virus files on my test system. It’s also the slowest scanner of the ones I recommend, taking twice as long as the Avira AntiVir Rescue CD.
Note: Scanning may take an understanding of Linux file systems, like the fact that the first partition on the hard disk, what is normally your C: drive, is referenced as “/media/hda1”.
Kaspersky Rescue CD – Download
Pros: Good detection rates and it can update the virus definition through the internet, though only by Ethernet cable (no wireless). The graphical interface is slick and simple – the best of the bunch. It came in second place in terms of scan speed, right between the Avira scanner and the BitDefender scanner. It supports multiple languages, including Spanish, French, Italian, Russian, Polish, Chinese and Japanese. A file manager is included.
Cons: No wireless networking support.
Note: You may want to change the option for “On threat detection” to “Prompt on completion” so that it will ask you what to do at the end of the scan, rather than as it finds each item.
There are other rescue CDs which I’ll list below for informational purposes, but which I don’t recommend due to the noted problems:
F-Secure Rescue CD – While it supposedly updates via internet or USB drive if you download the update file, neither worked for me. This is probably why it didn’t detect any of the malware files on the test system.
G Data Rescue CD – It found none of the malware files, plus it’s completely in German.
Trinity Rescue CD – A command line scanner, it includes ClamAV which proved to be of limited effectiveness. AVG anti-virus is also an option, but it must downloaded, and since the network interface didn’t work for me, it turned out it wasn’t an option.
VBA Rescue CD – Also non-graphical scanner, it missed two of the essential malware files and lacks an internet update function.
What I recommend is that, using the guidelines below, you pick one of the rescue CDs and scan your computer with it once a month or anytime you suspect something. Here’s how to pick which one is best for you:
– If you don’t know how to burn an ISO image file to a CD, then download the Avira AntiVir Rescue CD. The download is an executable, and it will prompt you for a blank CD when run.
– If you’re using a laptop (notebook) with wireless internet and you don’t have easy access to an Ethernet cable connection because of the location of the router, this is also reason to use the Avira CD, as the download image is updated daily.
– If your computer is connected by Ethernet cable (not wireless) and you know how to burn an ISO image, get the Kaspersky Rescue CD. It will save you from having to burn new images to CD every time you want to scan your computer.
– If you want a CD that can update via wireless and you know how to setup Wi-Fi in Linux, you might try BitDefender, but I would use it only in addition to either the Avira or Kaspersky CD.
Which ever option you choose, I recommend you use a re-writable CD (CD-RW). That way you can try them all if you like: just erase the CD and burn it again with another choice. A CD-RW is practically essential if you’re going to use the Avira AntiVir CD regularly, since it doesn’t have an update option and scanning with an outdated CD is pretty pointless.
If you discover your computer is infected after performing a scan with one of these CDs, here’s what I recommend you do:
– Get online with a computer you know is clean, or using your computer with a live CD that has internet access, such as the BitDefender CD, or perhaps an Ubuntu Linux CD. Once online, login and change the passwords for your bank, credit card, email accounts and any other accounts which are sensitive. If your system was infected, it should be assumed that your passwords for these accounts have been compromised – meaning they’re on a list on some hackers computer somewhere, just waiting to be used. You may want to notify your credit card company if you recently made online purchases with your credit card.
– These CDs may prompt you to delete infected files. Realize that if you do, it’s possible your computer will no longer start properly. You may want to backup your personal files first. If you’re uncertain what you’re doing, at this point it would be wise to consult with someone who can help you.
– You cannot count on these CDs to remove 100% of the infection. As far as I’m concerned, once you know your system has been compromised, the only way to be sure there’s nothing left hiding is to back up your files, wipe the hard drive, reformat and reinstall Windows. It may sound like a lot, and you may need the help of someone more knowledgeable to do it, but it’s the best thing to do. Reinstalling Windows is a good thing to do once in awhile anyway, and most people are surprised at how much faster there computer runs after a fresh reinstall.
– If you delete the infected files and your system boots up without problem and you insist on continuing to use it without reformatting the drive (which I do not recommend, but it may be necessary), at least do the following: First and foremost, don’t use this computer anymore for online banking or anything similar until you get Windows reinstalled. If you need to do those things, boot up with a live CD as mentioned in the previous steps. Next, try to make sure there’s nothing left hiding: update your existing anti-virus software and do a full system scan. If the subscription has expired, don’t renew it if it requires typing in your credit card number. Get new anti-virus software instead. For paid anti-virus I recommend Kaspersky Anti-Virus, McAfee VirusScan, Symantec’s Norton Anti-Virus (the latest version has good reviews) and Avira AntiVir Premium. Avira also offers their totally free AntiVir Personal Edition which is also good but lacks the Web and POP3 email protection of the Premium edition. A better free solution in the case of a system that’s already been infected by a virus is Avast Home Edition because it’s better able to remove stubborn malware with its boot-time scan function. (Note: always uninstall your old anti-virus software before installing a new one, as conflicts are likely.) After doing a full system scan, download and install Malwarebytes’ Anti-Malware. Update it and do a full system scan with it as well. In the testing I did, this software found a few leftover files that all of the rescue CDs and Windows-based anti-virus software missed. Even though they were probably inactive “scraps” so to speak, I wouldn’t want them on my system and neither should you.
Whether your system is clean or suffering from an infection, now you have a way of double-checking it in the future. Again, I recommend doing a scan with one of these live CDs at least once a month, or anytime you suspect something fishy is happening with your computer. Remember, though, that the key in the battle against viruses and malware is to make sure your system never gets infected in the first place: make sure you install Windows updates as soon as they’re released. Use a good firewall: Comodo Internet Security is the top-rated firewall according to tests by Matousec.com and it also happens to be available for free (although the paid Pro version has added features which may be useful). Note that it includes an optional anti-virus software, which you should not install if you already have anti-virus software. Another good firewall is Online Armor. It’s also available in a free version which still scores better than most any other firewall out there, but if you really want the best protection, get the paid version which scores 2nd place, just after Comodo. Last but not least, make sure you’re using good anti-virus software such as the ones mentioned above – and keep an eye on it to make sure it’s running and always up to date.
Any questions, just leave a reply below.
i currently use avira rescue cd but it doesnt delete the virus files, even after i configured stuff properly(just a note, im not a linux noob nor a computer noob.. ^^ )
anyway, some viruses inject some of their code onto important files like explorer.exe and networking services.i deleted those files and the other virus files with a full minimal linux distribution(coz avira wont delete em).
one time i had to take files from another windows installation on another computer..
i blogged about this.. go check it out.. ^^
I would guess that the Avira Rescue CD doesn’t delete files which are known to be essential for Windows to boot up, such as explorer.exe. You can get around this by deleting them manually with a Linux live CD or one of the other rescue CDs mentioned above which includes a file manager, then replacing them with files from another healthy Windows install as you did. However, with the amount of work that can take, it makes more sense to me to simply reinstall Windows – though I recommend doing that any time you find out your system is infected.
yes, i just re-install OS image from time to time…and use HiJackThis and Process Explorer type programs to try to see what’s happening…
what if you took a regular Live CD like a Kubuntu (to boot into), could you then download and run these AV files without having to re-burn CD’s all the time?
Here’s a thread on how to install AntiVir in Linux. The problem is that live CDs generally don’t allow you to install a program and have it be there next time you boot up. However, I was able to install AntiVir in Puppy Linux which saves your sessions for the next time you boot up, making it ideal for this purpose.