Photo by Karsten Winegeart on Unsplash

Photo by Karsten Winegeart on Unsplash

Six emergency CDs from antivirus manufacturers

Life Jacket

Article from ADMIN 64/2021
By
Linux-based rescue systems, such as those offered by most antivirus software manufacturers, can repair and recover data from Windows computers compromised by malware.

Because of its many security weaknesses, Microsoft Windows is considered particularly vulnerable to malware such as viruses, worms, and Trojans. However, because the operating system has more or less a monopoly on the desktop, administrators in the enterprise in particular are repeatedly confronted with malware damaging Windows workstations or even rendering them unusable.

In such cases, it usually makes sense to boot the damaged computers from a removable disk and then examine the mass storage devices with an external rescue system. For this purpose, many manufacturers of proprietary antivirus and anti-malware software provide free emergency CDs that use the manufacturer's own scanners to detect and remove malware on Windows systems. In many cases, they can also be used to repair damaged system files so that the Windows system can be used again.

The rescue CDs, available for download as ISO images on the websites of the respective manufacturers, are based on Linux derivatives and, in addition to the antivirus scanners, often contain free Linux tools for creating a backup of the target systems or managing mass storage devices.

Avira Rescue System

Avira [1], a company based in Tettnang on Lake Constance, Germany, has developed over the years into a global player in the field of system security, primarily for Windows computers. Avira offers various antivirus applications for products from Redmond but has continuously expanded its portfolio in recent years to include virtual private network (VPN) services, security solutions for mobile systems such as Android and iOS, and protection software for dealing with email.

The company also offers a freely available rescue system based on Linux called Avira Rescue System [2]. The system, offered as an ISO image, focuses on damaged Windows computers. It scans target computers for malware, can repair the operating system, and supports editing the registry file that acts as the central configuration database on Windows computers. The tool does not let you repair boot sectors or modify partitions.

Additionally, Avira Rescue System also scans Linux systems for malware, which it also can remove. The hybrid image, which weighs in at around 1.2GB, can be booted both from an optical data carrier or from a USB memory stick.

Start

The system, based on Ubuntu 20.04.1 and equipped with a fairly up to date 5.8 kernel, first boots into a graphical GRUB screen that offers various startup options and settings. You can also test the RAM or check the mass storage available on the system from the corresponding menu entries. The system then boots into a modified Unity desktop, which has just a few applications in the vertical panel on the left (Figure 1). For an overview of all the installed applications, click the tile icon at the bottom of the vertical panel. The start buttons of the existing applications now appear on the desktop.

Figure 1: The Avira Rescue System has an up-to-date look.

Features

The panel bar hosts a very fast web browser borrowed from the Gnome treasure trove, as well as the Déjà Dup backup program, also courtesy of Gnome, and the forensic Windows registry editor Fred. The central element of the distribution, however, is the Avira Rescue System, which you launch by pressing the umbrella icon in the top left corner of the desktop.

After confirming the license, the tool performs some basic configuration steps before you press the Quick scan button at bottom center to run a quick system scan. The strong focus on Windows is already noticeable in this dialog. If you launch the Avira DVD on a computer whose mass storage consists entirely of Linux partitions, the rescue system stops without any further activity in the system scan (Figure 2). With multiboot installations, the scan software fails to deliver satisfactory results. The Update dialog is also non-functional on Linux.

Figure 2: Avira Rescue System is for Windows only, despite the penguin in the sidebar.

In the Tools dialog, in addition to the Déjà Dup backup tool, you will also find a button for calling the TeamViewer remote maintenance software. Both can also be used on Linux, although the individual versions of TeamViewer are not compatible. TeamViewer v15.15.3 included in the Avira package was the current version of the remote maintenance solution at press time.

Outside of Avira's own rescue tool, you will find the GParted graphical front end in the tile overview of the applications, which you can use to manage mass storage devices. This universal tool is useful for creating and editing partitions and drives. A terminal for executing Linux commands is also available.

On Windows

The Avira Rescue System also exhibits some minor weaknesses on Windows. After starting the tool, you must update the virus signature database. The software displays the message Detection database is outdated to let you know. After clicking Check update , it first checks whether Internet access is available. If so, a click on the Start update button updates the database and displays a message to that effect.

Next, press Start Scan to start the system scan and choose between a quick and a full scan of the Windows system. Even a quick scan of a current NVMe SSD was quite slow in the test. You will need to allow several hours for a scan, even with a freshly installed Windows on a larger partition. Afterward, any malware identified in the scan can be removed.

Comodo Rescue Disk

Comodo Rescue Disk is a rescue system for Windows computers that uses Linux tools developed in-house. The US manufacturer [3] uses the lean SliTaz Linux from Switzerland as its basis. The operating system in Comodo, developed independently from sources, comes with kernel 2.6.37 and uses the Openbox window manager. It will also run on 32-bit hardware and works frugally and quickly on all platforms. You can pick up the Comodo Rescue Disk system in the form of a hybrid ISO image [4] of only about 55MB, which then runs from a USB flash stick or CD-ROM.

Software

Comodo Rescue Disk only includes a small software inventory. The central element that stands out is Comodo Cleaning Essentials (CCE), a collection of GUI tools for removing malware from Windows systems. CCE loads automatically after booting the system and first updates the signatures; then, a wizard opens to scan the Windows system.

To begin, you define whether you want to perform a Smart Scan , a Full Scan , or a Custom Scan (Figure 3). For the Custom Scan , you specify in a separate dialog the directories to scan and whether CCE should also check the system's boot sector. The Full Scan and the Smart Scan have no further settings. CCE first updates the malware signature database and then starts the system scan (Figure 4). In the process, a progress bar, updated almost in real time, provides information about the problematic files found.

Figure 3: The Comodo Rescue Disk provides various scan modes from which to choose.
Figure 4: Comodo Rescue Disk comes with its own tool for rescuing Windows installations.

Before selecting a scan option, you should click the Options link at the top of the program window. Specify whether CCE should also check the disk's master boot record (MBR) for modifications and whether it should include file archives in the scan. Also, you can specify the maximum size of the content to be scanned; by default, the scan leaves out files larger than 40MB.

The Tools link, also at top right, lets you view the files removed to a quarantine directory after the scan has been completed and evaluate the logfiles generated by default for each run. You can save the plain text logfiles to an external data medium for later documentation.

Additional Tools

The Comodo Rescue Disk also has a small program menu in the upper panel where you will find the SliTaz Netbox Manager for configuring the LAN and WiFi interfaces, the lean Midori web browser, the PCManFM file manager, a small screenshot tool, and the Xterm terminal. Installing other applications on the system is not possible.

Text Mode

As a special feature, the Comodo Rescue Disk also features a text mode, which you enable in the GRUB boot menu from the Enter Text Mode option. In this mode, CCE starts as a text-only application that integrates some additional options that run separately in graphical mode (Figure 5), including, for example, a tool for configuring the network. Operation is entirely from the keyboard, and output is partly by means of semi-graphical elements, such as a progress bar when scanning the mass storage devices.

Figure 5: Friends of text mode will also get their money's worth from Comodo Rescue Disk.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Rescue Disc
    SystemRescueCd comes with a gallery of helpful system tools for diagnosing and repairing Linux and Windows computers. SystemRescueCd is based on the long-term-support Linux kernel 3.10. Boot from a CD/DVD, a USB stick, or a hard drive.
  • This Issue’s CD
    SystemRescueCd 4.5.4
  • Four rescue systems compared
    Sys admins turn to rescue systems when faced with difficulties. Four alternatives – Grml, Rescatux, Knoppix, and SystemRescueCd – show what they can do.
  • SystemRescueCd (Live, 64-bit)
    The venerable SystemRescueCd has been used for years to repair unbootable and damaged computers with the x86-64 architecture.
  • Redo Backup
    Redo Backup backs up complete hard drives locally or over a network. The focus is on simple operation and high reliability in a variety of deployment scenarios.
comments powered by Disqus