I helped a friend with her infected laptop this past weekend. Usually I only need to boot the computer in safe mode and scan virus while in safe mode. However, this one is nasty and it got loaded even in safe mode. Without digging into how the virus got loaded in safe mode, I was able to boot to a Vista PE USB flash drive and scaned virus under Vista PE environment.
Even though Vista PE is a very powerful tool for system admins, it’s not easy to create. I found that there is a Rescue CD from one of my favorite security companies Avira. This tool is easier to create and use, what’s even better is that it’s free. Here are the steps to use it.
- Download the software from Avira’s site to a Windows PC with a CD burner. Note that the file is actively updated, so be sure to download the latestest one from the site when you need to use it.
- Insert a blank CD-R to the CD burner and double click on rescurecd.exe to burn the RescueCD. If for some reason, your CD burner is not recognized, you can click on Exit.
The program prompts you to save the ISO file.
Click on Yes to save the ISO file. You can then use your favorite disc burning software to burn the ISO to a CD. On Windows 7, right click on the ISO file and select Burn disc image to burn it.
- Now you need to boot the infected computer using the RescueCD. On most recent computers, you need to press F12 during system boot up process and select the CD/DVD drive as the boot up device. If F12 doesn’t work, try to enter the BIOS setup screen to set the CD/DVD drive as the boot up device. Consult your machine’s user guide if you still cannot boot your computer using the RescueCD.
- When the system boots up in Avira AntiVir RescueCD. Click on the British flag to set the interface to English if needed. Now you can click on Start scanner to start the scanning process.
- When you are done, click on Miscellaneous and then Shutdown to shutdown the machine.
When you got the virus removed, do yourself a favor, install Avira AntiVir or any other good program as the resident AntiVirus software. Also instruct the user to use the computer as a normal user and leave the admin account for software installation and maintenance only.