Bootable Kaspersky Antivirus CD.

  • Thread starter Thread starter FreeAVman
  • Start date Start date
F

FreeAVman

I have just managed to make a bootable linux CD which can scan and disinfect
both FAT32 and NTFS file systems, using the very latest Kaspersky virus
definitions.

A very useful tool to disinfect "dead" systems which will not boot due to
destructive virus activity.

Furthermore, I created it using only free and trial programs, so there is
nothing "illegal" about it.

Also, you don't need Kaspersky Anti-Virus installed on your system to create
the boot CD.

Is anybody interested in knowing how to do it?
 
FreeAVman said:
I have just managed to make a bootable linux CD which can scan and disinfect
both FAT32 and NTFS file systems, using the very latest Kaspersky virus
definitions.

A very useful tool to disinfect "dead" systems which will not boot due to
destructive virus activity.

Furthermore, I created it using only free and trial programs, so there is
nothing "illegal" about it.

Also, you don't need Kaspersky Anti-Virus installed on your system to create
the boot CD.

Is anybody interested in knowing how to do it?
Click to expand...

Go for it !!

eric
 
Download the trial version of AVK2005 from here:

http://space.gdata.de/dl_shop/shop/avk2005e_trial.exe

Install it using "custom install" options and choose to install "program
files" and "Boot CD" only. Then uncheck "scan system weekly". This will
now not interfere with any other Antivirus programs that you already have
installed.

Follow the instructions in the program to create a "linux Boot CD".

You now have your linux boot CD, but you will find that the virus
definitions are way out of date. To update them, you need to do this:

Go to: http://www.kaspersky.com/avupdates/zip

and download these 3 zip files, cumul.zip, weekly.zip and daily.zip.

Extract all three zip archives to the same folder in the following order -
first cumul.zip, second weekly.zip and last daily.zip. Always choose to
overwrite any existing files when you do this. Then rename the folder to
kavdefs. You now have a completely up to date (to the hour) set of
Kaspersky virus definitions.

Here comes the "not for newbies" bit:

Go to: http://www.ezbsystems.com/ultraiso/

Download "UltraIso", install it, and use it to create (and save to your hard
drive) a "CD Image" of the "linux Boot Cd" that you created earlier.

Now use "UltraIso" again to open the CD image that you have just saved to
your hard drive, and navigate to the LINBOOT\SCANNER folder contained within
this CD image. Now in "UltraIso", select "Actions" then "Add Files" and
navigate to the "kavdefs" folder that you created earlier.

Hold the "Shift" key down and click on the first and the last files
contained in this folder (they should all turn blue if you have highlighted
them all). Now click "Open" and choose to overwrite any existing files.

Now click save, and the "CD Image" file on your hard drive will now contain
a completely up-to-date set of Kaspersky's virus definitions.

Now put a blank CD in your CD Burner.

Now close and re-open "UltraIso", then open your updated "CD Image" file.

Now click "Tools" then click "Burn CD/DVD Image" then click "Burn".

When your new "linux Boot CD" has been created, you can boot from it and
test it.

If you get an error saying something like "you need to specify the file
system" or something like that and your drive ejects the CD, then do not
worry about it as the contents of the CD have already been loaded into a
"ramdrive".

If you have successfully created and booted from your new "linux Boot CD"
you will see a menu displayed on your screen.

Just select what you want to do from this menu, and away you go.

Happy disinfecting.

All the best,

FreeAVman.
 
Antivirus definitions change daily. How will you keep your CD
updated? Also, it seems that use of Kaspersky full-time, with
updates, should prevent what you are trying to fix.

Dale
 
FreeAVman said:
Download the trial version of AVK2005 from here:

http://space.gdata.de/dl_shop/shop/avk2005e_trial.exe

Install it using "custom install" options and choose to install "program
files" and "Boot CD" only. Then uncheck "scan system weekly". This will
now not interfere with any other Antivirus programs that you already have
installed.

Follow the instructions in the program to create a "linux Boot CD".

You now have your linux boot CD, but you will find that the virus
definitions are way out of date. To update them, you need to do this:

Go to: http://www.kaspersky.com/avupdates/zip

and download these 3 zip files, cumul.zip, weekly.zip and daily.zip.

Extract all three zip archives to the same folder in the following order -
first cumul.zip, second weekly.zip and last daily.zip. Always choose to
overwrite any existing files when you do this. Then rename the folder to
kavdefs. You now have a completely up to date (to the hour) set of
Kaspersky virus definitions.

Here comes the "not for newbies" bit:

Go to: http://www.ezbsystems.com/ultraiso/

Download "UltraIso", install it, and use it to create (and save to your hard
drive) a "CD Image" of the "linux Boot Cd" that you created earlier.

Now use "UltraIso" again to open the CD image that you have just saved to
your hard drive, and navigate to the LINBOOT\SCANNER folder contained within
this CD image. Now in "UltraIso", select "Actions" then "Add Files" and
navigate to the "kavdefs" folder that you created earlier.

Hold the "Shift" key down and click on the first and the last files
contained in this folder (they should all turn blue if you have highlighted
them all). Now click "Open" and choose to overwrite any existing files.

Now click save, and the "CD Image" file on your hard drive will now contain
a completely up-to-date set of Kaspersky's virus definitions.

Now put a blank CD in your CD Burner.

Now close and re-open "UltraIso", then open your updated "CD Image" file.

Now click "Tools" then click "Burn CD/DVD Image" then click "Burn".

When your new "linux Boot CD" has been created, you can boot from it and
test it.

If you get an error saying something like "you need to specify the file
system" or something like that and your drive ejects the CD, then do not
worry about it as the contents of the CD have already been loaded into a
"ramdrive".

If you have successfully created and booted from your new "linux Boot CD"
you will see a menu displayed on your screen.

Just select what you want to do from this menu, and away you go.

Happy disinfecting.

All the best,

FreeAVman.
Click to expand...

Nice post ..I'm a Bart PE guy myself.. just had to use it to remove a newer
version of Wintools popup crapware, even killbox would not take it out..

Mich...
 
Antivirus definitions change daily. How will you keep your CD
updated? Also, it seems that use of Kaspersky full-time, with
updates, should prevent what you are trying to fix.
Click to expand...

It is meant as a toolbox item for troubleshooting, not a backup. You
create it when you need it after updating the defs on the machine used
to create the disk. Looks good to me - but IIRC people didn't quite
trust Linux's NTFS for writing to disk. Has this attitude changed?
 
Mich said:
Nice post ..I'm a Bart PE guy myself.. just had to use it to remove a
newer
version of Wintools popup crapware, even killbox would not take it out..

Mich...
Click to expand...
Thanks Mich,

I use Bart PE as well. I generally use it to recover data from dead systems
by using the Nero plug-in to burn the required data to CD.

I've also just made a new Bart PE Boot CD using a Kaspersky Antivirus
plug-in. I've tested it, and it works a treat. It might be useful to you
Mich, if you don't already have it.

The Bart PE Kaspersky plug-in info is here:

http://www.bootcd.us/BartPE_Plugin_Details/345/Kaspersky-AntiVirus-Personal-5_0_156.html

All the best,

FreeAVman.
 
Antivirus definitions change daily. How will you keep your CD
updated? Also, it seems that use of Kaspersky full-time, with
updates, should prevent what you are trying to fix.
Click to expand...
Hello Dale,

You keep your CD updated by keeping a "CD image" on your hard drive and
using "UltraIso" to edit this "CD Image", thus allowing you to update the
virus definitions whenever you feel like it. Then you burn a new "Boot CD"
or you can use a re-writable CD if you want to.

The CD is not to fix my own computer, I run a Corporate version of Kaspersky
with hourly virus definition updates. I will probably use the CD to
"disinfect" some people's PCs who are not as "switched-on" about viruses as
you and I seem to be.

It is certainly true what you say; that using Kaspersky (or other AV
software) with regular updates will almost definitely put you in a position
of never needing to use this CD on your PC. But it is also true that many
people who use PC's regularly would not know the difference between a "virus
definition update" and a hole in the ground.

I know this because of the number of PC's I repair daily that have been
brought to me due to serious virus, trojan, spyware and adware "infections".
A couple of days ago, I had a 20 year old University student crying her eyes
out in my office, and pleading with me to attempt to recover two years work
on her thesis that she lost when her PC "died" after becoming infected with
"malware" which I identified as "Trojan.Win32.KillFiles.hi". I managed to
recover most of it, but only after spending a lot of time and using some
very expensive forensic data-recovery software. Anyway, I am only trying to
illustrate my point that many people still fall victim to viruses etc.

This CD is nothing really new or special. But it is easy and free to
create. There are other methods of booting "dead systems" and "disinfecting"
them. But most of them require a good knowledge of either "Linux" or
"Windows Pre-Installation Environments". Also, for booting and
"disinfecting" NTFS file systems, some methods require the purchasing of a
very expensive program called "NTFSDos Pro". In fact, the Linux used on
"my" Boot CD is not totally 100% reliable when writing to NTFS file systems
( it is about 99.9999% reliable though). So, a better solution would be to
create a Windows Pre-Installation Boot CD with a Kaspersky plug-in as
described here:

http://www.bootcd.us/BartPE_Plugin_Details/345/Kaspersky-AntiVirus-Personal-5_0_156.html

However this Windows Pre-Installation solution is not "free" because it
requires a licensed version of Kaspersky to be installed on your PC to be
able to use the plug-in. Also, the construction the Boot CD using this
plug-in would not be easy for somebody who is not an experienced user.

"My" Boot Cd is totally "free" and only requires somebody to read the
relatively simple instructions I have posted in this newsgroup to be able to
create it.

Anyway, you pays your money and you takes your chance.

Happy disinfecting,

FreeAVman.
 
Simon Crowle wrote:

"You should not advocate the use of something that is not 100% effective.
The Bootable Antivirus CD you created could damage the file structure on
NTFS drives and cause irrecoverable loss of data."
.........................................................................................

Well, f**k me sideways. I'm really sorry for telling people how to create a
FREE CD which will "disinfect", (using the world's best Antivirus system),
computers that have been so f**ked-up by viruses that they will not even
boot-up. Especially if they can expect an NTFS write success rate of ONLY
99.9999%.

Firstly Simon, no file system has a write success rate of 100%. If it did,
Microsoft would not have needed to incorporate "chkdsk" into Windows XP.

Secondly, I did not "create" this Boot CD. I only showed people how to
update the virus definitions on it. AVK actually created this Boot CD, and
they are a world renowned Antivirus company with a reputation that matches
Kaspersky's. In fact they use exactly the same virus definition files as
Kaspersky, because they are licensed by Kaspersky to use them. Do you think
that AVK would include this Boot CD in their premier Antivirus product if
they did not have complete confidence in it?

Thirdly, can someone tell me why, whenever somebody posts something helpful
or useful in this newsgroup, they always get comments "slagging-off" what
they have done?

A recent example of this was the amazing "slanging-match" that went on after
"idbeholda" posted a link to his free VTE Virus Scanner, because he
"sinfully" told people where they could download a virus "zoo" in order to
test his scanner with. He even included warnings about being very careful
with "live viruses" etc, but he still took a severe "slagging-off".

Is it jealousy, envy or just plain boredom that causes people to do this?

Anyway, it is extremely boring, so I am going now.

One final thing: if you don't like "my" Boot CD, then don't use it!!!

Bye bye,

FreeAVman.
 
I have just managed to make a bootable linux CD which can scan and disinfect
both FAT32 and NTFS file systems, using the very latest Kaspersky virus
definitions.

A very useful tool to disinfect "dead" systems which will not boot due to
destructive virus activity.

Furthermore, I created it using only free and trial programs, so there is
nothing "illegal" about it.

Also, you don't need Kaspersky Anti-Virus installed on your system to create
the boot CD.

Is anybody interested in knowing how to do it?
Click to expand...
in the earlier versions of KAV there was an option to make a bootcd,
which was based on a Linux system just to be sure that windows viruses
can harm the scanning. That made me convinced that Kaspersky takes the
AV-business very, very seriously.

Jari
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jari said:
in the earlier versions of KAV there was an option to make a bootcd,
which was based on a Linux system just to be sure that windows viruses
can harm the scanning.
Click to expand...

I don't see how the OS would matter. If it's off of a read-only media any
malware would have no way of interfering with the scan either way. It's
more likely the decision was based on cost and technical issues. Linux is
free, and it can be made to boot from a read-only media with a minimum of
fuss. Windows is definitely not free, and it must be an interesting
challenge getting it to boot read-only.


- --
Frode

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQniuV+XlGBWTt1afEQKXdQCg/xmGInggkex9rMyAbjJI9kI0PhgAoK1p
goVRKNN5cr2b6+l1+JM42FOr
=ytDz
-----END PGP SIGNATURE-----
 
Frode said:
I don't see how the OS would matter. If it's off of a read-only media any
malware would have no way of interfering with the scan either way.
Click to expand...

That would only be so if there was no risk of anything booted from the
CD accidentally executing anything on the system being examined. But
Windows is sufficiently complex that I expect that is difficult to
guarantee.
It's
more likely the decision was based on cost and technical issues. Linux is
free, and it can be made to boot from a read-only media with a minimum of
fuss. Windows is definitely not free,
Indeed

and it must be an interesting
challenge getting it to boot read-only.
Click to expand...

Microsoft have something called WinPE, as Bart notes.

Regards
 
FreeAVman said:
Thanks Mich,

I use Bart PE as well. I generally use it to recover data from dead systems
by using the Nero plug-in to burn the required data to CD.

I've also just made a new Bart PE Boot CD using a Kaspersky Antivirus
plug-in. I've tested it, and it works a treat. It might be useful to you
Mich, if you don't already have it.

The Bart PE Kaspersky plug-in info is here:

http://www.bootcd.us/BartPE_Plugin_Details/345/Kaspersky-AntiVirus-Personal-5_0_156.html

All the best,

FreeAVman.
Click to expand...


Thanks again for posting some useful information.


Mich...
 
Simon Crowle wrote:

"You should not advocate the use of something that is not 100% effective.
The Bootable Antivirus CD you created could damage the file structure on
NTFS drives and cause irrecoverable loss of data."
........................................................................................

Well, f**k me sideways. I'm really sorry for telling people how to create a
FREE CD which will "disinfect", (using the world's best Antivirus system),
computers that have been so f**ked-up by viruses that they will not even
boot-up. Especially if they can expect an NTFS write success rate of ONLY
99.9999%.

Firstly Simon, no file system has a write success rate of 100%. If it did,
Microsoft would not have needed to incorporate "chkdsk" into Windows XP.

Secondly, I did not "create" this Boot CD. I only showed people how to
update the virus definitions on it. AVK actually created this Boot CD, and
they are a world renowned Antivirus company with a reputation that matches
Kaspersky's. In fact they use exactly the same virus definition files as
Kaspersky, because they are licensed by Kaspersky to use them. Do you think
that AVK would include this Boot CD in their premier Antivirus product if
they did not have complete confidence in it?

Thirdly, can someone tell me why, whenever somebody posts something helpful
or useful in this newsgroup, they always get comments "slagging-off" what
they have done?

A recent example of this was the amazing "slanging-match" that went on after
"idbeholda" posted a link to his free VTE Virus Scanner, because he
"sinfully" told people where they could download a virus "zoo" in order to
test his scanner with. He even included warnings about being very careful
with "live viruses" etc, but he still took a severe "slagging-off".

Is it jealousy, envy or just plain boredom that causes people to do this?
Click to expand...

In that case, there were several legitimate concerns and issues.
Anyway, it is extremely boring, so I am going now.
Click to expand...

You strike me as a intelligent "doer" who knows what he's doing. As I
understand it, there is no single approach that isn't without possible
pitfalls. It's unfortunate that the virus newgroups don't get more
posts from real contributors such as yourself.

Art

http://home.epix.net/~artnpeg
 
FreeAVman said:
Simon Crowle wrote:

"You should not advocate the use of something that is not 100% effective.
The Bootable Antivirus CD you created could damage the file structure on
NTFS drives and cause irrecoverable loss of data."
.................................................................................
.........

Well, f**k me sideways. I'm really sorry for telling people how to create a
FREE CD which will "disinfect", (using the world's best Antivirus system),
computers that have been so f**ked-up by viruses that they will not even
boot-up. Especially if they can expect an NTFS write success rate of ONLY
99.9999%.

Firstly Simon, no file system has a write success rate of 100%. If it did,
Microsoft would not have needed to incorporate "chkdsk" into Windows XP.

Secondly, I did not "create" this Boot CD. I only showed people how to
update the virus definitions on it. AVK actually created this Boot CD, and
they are a world renowned Antivirus company with a reputation that matches
Kaspersky's. In fact they use exactly the same virus definition files as
Kaspersky, because they are licensed by Kaspersky to use them. Do you think
that AVK would include this Boot CD in their premier Antivirus product if
they did not have complete confidence in it?

Thirdly, can someone tell me why, whenever somebody posts something helpful
or useful in this newsgroup, they always get comments "slagging-off" what
they have done?

A recent example of this was the amazing "slanging-match" that went on after
"idbeholda" posted a link to his free VTE Virus Scanner, because he
"sinfully" told people where they could download a virus "zoo" in order to
test his scanner with. He even included warnings about being very careful
with "live viruses" etc, but he still took a severe "slagging-off".

Is it jealousy, envy or just plain boredom that causes people to do this?

Anyway, it is extremely boring, so I am going now.

One final thing: if you don't like "my" Boot CD, then don't use it!!!

Bye bye,

FreeAVman.
Click to expand...

Well, I appreciate your info.
Thanks,
Buffalo
 
Back
Top