Wednesday, May 20, 2009

Killing Virii with Gentoo and Kaspersky

Sorry but if you pronounce kaspersky to rhyme with whisky, the title isn't going to sound as jiggly as it should ;) I used to pronounce it to rhyme with "sky" but apparently that's incorrect. Anyway, I've been a long time admirer of the Kaspersky AV engine. And today it has saved someone's a$$ one more time ;)

A friend of mine, who is pretty technical, well he maintains windows drivers for a living, so that sure makes him a hot-shot techy in anyone's book. That friend's laptop caught a nasty virus. In his own words, he was only downloading some power point presentations (ugh), when the miserable closed source proprietary OS he's running (euhm Vista) became infected. He was using Google's chrome browser, so the possibility of having been infected through a browser exploit remains pretty low in my opinion. Especially that Chrome auto-updates itself, thus fixing any potential security holes. My first impression was that he got infected through an exploit in MS Office 2007 (yuck). Anyway, with me trying to help him clean up the laptop, we tried the following

- Tried installing Symantec's AV suite. That totally fails to even install. What a piece of crap. Symantec's ware is highly over-rated IMO. I used to really like Norton stuff, back in the days of Norton's DiskDoctor .. those were the days :D

- Tried installing the tried and true MalwareBytes, which did detect and clean a whole bunch of malware, however, much to my surprise, the problem persisted. MalwareBytes is a cool piece of anti-malware, it has worked fantastically for me multiple times, but this time it wasn't enough!

- Having wasted a couple of hours on this already, I wanted to fire some Kaspersky power on the problem. I visited http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/ and downloaded a Live CD image Burned the iso, and booted!



Now this Live CD is absolutely cool, it's a customized build of Gentoo linux (w00t!) that automagically detected the hardware, connected to the network, started an X server, launched a customized icewm environment with Kaspersky's "K" logo as the "start" button down below. I was impressed, and through that GUI I could launch Kaspersky's AntiVirus tool.

The first thing it did was to auto-update itself over the internet. Most definitely needed. Afterwards it located and mounted all Windows NTFS partitions, and I was presented with options to scan them. I chose to scan the c: drive. Scan has begun, the scan tool sports a nice looking GUI, although it can be a bit confusing. Anyway scanning has started churning on the hard-disk. It was a bit slow, took around 3 hours for a 100G c: drive!




But I'll sure take slow and reliable over anything else every time! At the end, Kaspersky has located hundreds of infected executable files. I chose to disinfect them. It started disinfection one by one. This took around 20 minutes or so as well. Rebooting after that, windows came up finally clean . The system is working normally again, sigh!

All in all, Kaspersky proved to be a reliable tool. Kudos to their team for providing a top notch Linux based Live CD for free, that updates itself and provides adequate disinfection for free. Thank you Kaspersky. I will surely recommend you guys in the future. This is one AntiVirus tool I will be sure to remember, when a friend comes knocking on my door. Note however, that they're not the only game in town, others like Avira, and BitDefender and others as well offer Live CD "rescue-disks" as they are called. Hope this post helps anyone out there.

7 comments:

Madhukara Phatak said...

Good post.................
It shows why people are slowly moving from MS to Linux.They always worried about viruses in windows.Linux never have them.

LiNuXaWy said...

What a day :)

but really I was impressed to see that rescue linux-based disc. and even more, it's free :)

jhansonxi said...

Installing an anti-malware application on an infected system is a waste of time. Many malwares are anti-malware aware and can hide from them (rootkit) or disable them upon installation. Symantec may have worked but only if you installed it on another known-good Windows system and then installed the infected drive on it to scan. Don't take this as a Symantec promotion but as practical security advice. For the record, the only Symantec product I like is the Norton Removal Tool.

Ahmed Kamal said...

I totally agree. However, if one is working to fix an already infected PC, then surely a live CD based approach especially a linux based one, is very welcome

jaipal said...

Dear Ahmed,

Please update the link as http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/

Thanks,
jaipal
UAE

Ahmed Kamal said...

Update the link. Is there any news iso image than this 2008 one :)

hackingtom said...

There is Trinity Rescue Disk. With lot more options including windows admin password reset tools etc. Far better than Kaspersky rescue disk..