In this post I’ll give you step-by-step instructions on how to create and use a bootable antivirus disc. The bootable antivirus we’ll be using is the Kaspersky Rescue Disc. This post assumes you know little to nothing about creating bootable antivirus discs (or creating discs from an .iso).
Here are the reasons why you may need a bootable antivirus disc:
- Your PC has become infected with a rootkit. Rootkit detectors and removers that run in Windows like GMER, TDSSKiller and Combofix have limited success. Sometimes when they’re dealing with an updated rootkit they won’t run or they’ll just hang and require you to reboot your computer.
- Your PC has many infections and is preventing you from running or installing anti-malware or using the computer in general.
- You may have suffered a minor malware infection and you want to scan from a bootable environment just to make sure nothing’s hiding.
What you’re going to need (or may need):
- access to the internet
- 1 blank DVD or CD
- 1 DVD/CD Burner
- Software for burning .ISO’s (disc images). You can get a free one here - http://filehippo.com/download_imgburn/
- A copy of the latest Kaspersky Rescue Disc from here - http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/
- About 1-4 hours depending on how much data you have on C: (less if you just scan the most infectable areas)
Disc Creation Step-By-Step Instructions – you may follow the instructions below on your infected PC (if you have enough access to the internet) or the best way to go would be to perform the following steps on a computer that’s not infected.
- Open your web browser and put this url in the address bar (do not use search) http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/ This will immediately start downloading the Kaspersky Rescue Disk (kav_rescue_10.iso). If you get prompted to save this file please save it to your desktop for now.
- Download imgburn from here http://filehippo.com/download_imgburn/ (download is towards the top right) to your Desktop.
- Insert your blank DVD/CD in your burner now.
- Double click the imgburn download on your desktop t0 Install ImgBurn. Just choose the default options but uncheck the option to install the ask toolbar.
- Once imgburn has been successfully installed launch (open) ImgBurn.
- Click the first big button on the top left “write image file to disc”.
- Under “Source” towards the right click the browse button (little yellow folder with magnifying glass).
- Now find the Kaspersky Rescue Disk ISO you just downloaded (kav_rescue_10.iso)
- Now click the write button on the bottom
- The disc creation process will probably take about 5-10 minutes.
- Once the burning process has been completed take that disc out of your burner and label (just write something like my antivirus boot disc).
Using the Kaspersky Rescue Disk Step-By-Step Instructions
- On the infected PC. Turn off the infected PC. If the PC will not power down by going to the shutdown menu then just unplug the power.
- Make sure this PC is connected to the internet via a network (ethernet cable). We need to update the Kaspersky Rescue disc virus signatures once we’re in the bootable environment.
- Start the infected PC and immediately put your bootable antivirus disc in the DVD/CD drive.
- You’re probably going to need to shutdown your PC again since you may have missed the open to boot from disc. If your computer booted into Windows then you missed your chance to boot from the Kaspersky Rescue disk.
- So, turn on your computer and see if it starts to boot from the Kaspersky Rescue Disk. If it doesn’t then you need to make your DVD/CD drive first in the boot process. This can be accomplished in your computers BIOS.
- As the Kaspersky Rescue Disk starts just keep pressing enter to every option screen. This will start the Kaspersky Rescue environment in graphical mode. Press “A” on all the white screen with all that black text.
- Ok, great. Now we’re in a bootable environment and all the viruses on your computer are helpless.
- Let’s go ahead and update the Kaspersky Virus Signatures. Click the “My Update Center” tab.
- Click “Start Update” at the bottom. The update can take up to 20 minutes to complete. Wait until the “Database Status” says “up to date”.
- Click the objects scan tab.
- Check “disk boot sectors” and “C”
- Click “Start Objects Scan”
- This scan can take quite awhile (typically 1-4 hours). Malware will be detected as a red popup window on the bottom right. Typically the Rescue Disk allows you to deal with the malware at the end of the scan.
- Here is the order in which I get rid of the malware: 1: Disinfect – if that doesn’t work – 2: quarantine – if that does work – 3: delete.
- Once the scan is complete and the malware has been dealt with you can reboot your PC into Windows.
In Closing… Once you reboot your PC there may still be some malware and settings left behind. Here are the steps I would take to make sure you’re clean
- Malwarebytes – Download, Install, Update and Scan the C:\ drive with Malwarebytes. Remove anything it finds (click show results). Reboot.
- Reset Internet Explorer even if you use Firefox or Chrome. Open Internet Explorer – Click Tools – Internet Options – Advanced – Reset.
- Make sure a proxy setting is NOT enabled in Internet Explorer. Open Internet Explorer – Click Tools – Internet Options – Connections – Lan Settings – Uncheck the first check box under Proxy (if one is checked).