Have a virus that seems impossible to
remove?
Have virus symptoms but no apparent
infection?
An antivirus rescue CD avoids the
problems of viruses that embed themselves into Windows drivers, prevent
the computer from booting into safe-mode, or blue screen every time
they are tampered with. It is also one of the few methods for
definatively removing rootkits.
One problem that I have noted in my
experience is that rescue environments do not like CD-RW disks, so be
sure to use a fresh CD-R every time.
Choosing
a Rescue CD
The
most important factor in choosing a rescue CD is your comfort level and
familiarity. If you aren't familiar with Linux or aren't comfortable
using a command line interface, that can help to narrow down the list
of available rescue systems.
Most modern antivirus suites score very
well in terms of detection rates, and there are few barriers to removal
when the virus cannot run or prevent other programs from operating.
Avira Antivir Rescue System
A
Linux based rescue system.
Excellent detection rates and heuristics.
This particular system is best suited
for those more familiar with Linux and the command line. Though it
includes a graphical user interface which is loaded automatically, it
may be unstable and freeze the computer. This does no damage, and the
command line can be accessed by pressing Control-Alt-Backspace. The
scan can be tailored to your needs by turning the heuristics on or off,
setting scanner categories (including games) and the action to perform
when an infection is detected.
Kaspersky
Labs Rescue CD
A
Linux based rescue system.
Excellent detection rates and heuristics.
This particular system is good for
nearly anyone. Although it is Linux based, drive letters are mapped as
they would be in Windows. The graphical user interface is clean and
friendly, and the command line interface is an accessible Midnight
Commander type application with straight forward options for setting up
a scan. The scan can be customized, and there is an option to prompt
for action with every detection, something that Avira doesn't do.
Norton
Symantec Rescue Disk
A
Windows PE based rescue system.
Good detection rates.
This particular system is best suited
for those comfortable with only Windows. The graphical user interface
looks very similar to other Norton/Symantec products, though there are
very few options for the scanner. This scanner does not detect some
viruses that the other rescue disks or even the full version of Norton
Antivirus does. The scanner will prompt for action with each detection
when the scan has finished. This cannot be changed. Unfortunately,
unlike the Kaspersy or Avira offerings, this disk can only be created
by those who own a Norton/Symantec product that includes it.
For
ease of use and detection rates, I choose the Kaspersky rescue disk. As
noted in the full review, there are some systems that the Kaspersky
disk will not boot. This includes some Dell Inspiron series laptops and
desktops. For systems where the Kaspersky disk will not boot, Avira
somtimes does though in general the Avira disk is less flexible.
For systems where neither of the Linux
environments will boot, the Symantec rescue disk is nearly guaranteed
to work (since it is Windows based) though few viruses will be detected
and removed without up to date definitions from another computer
running Norton Antivirus since there is no built in definitions update
feature like the Linux disks.
The major benefit of the Windows PE
environment over the Linux based recovery disks is that the Windows
command line and other common windows tools (like registry editor) are
available to repair non-bootable Windows installations. I have used
these features to repair modified shell and userinit registry entries
and restore deleted safemode registry keys.
Some users may be familiar with BartPE
and other Windows PE environments, but I did not include them here
since the amount of effort to create and configure the disk is greater
than that of these boot disks and the utilities are often sub-par
compared to the ones listed here.
