secure-19-12-2013: Download and Run Avira AntiVir Rescue System

Thứ Ba, 26 tháng 11, 2013

Download and Run Avira AntiVir Rescue System

Section 0. Background Information

Avira AntiVir Rescue System
- The Avira AntiVir Rescue System allows access to computers that cannot be booted. This makes it possible to repair a damaged system, to rescue data or to scan for virus infections.
- The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.
- http://www.avira.com/en/download/product/avira-antivir-rescue-system
Lab Notes
- In this lab we will do the following:
  1. Download the Avira iso
  2. Boot Windows 7 VM into the Avira Rescue Environment
  3. Update Avira
  4. Download a Virus Signature sample file called MALWARE-TESTFILE.exe (Note: This is not a virus, just a one-line signature)
  5. Run Avira Antivirus Scan
Prerequisites
- Instructions:
  1. Windows 7: Lesson 1: Installing Windows 7

Section 1. Download Avira

Open A Firefox Browser
- Notes:
  - Login to the machine that has VM Player Installed.
- Instructions:
  1. Click on the Windows Start Button
  2. Type firefox in the search box
  3. Click on Mozilla Firefox
Open A Firefox Browser
- Instructions:
  1. Place the following address in the Firefox Browser
    - http://professional.avira-update.com/package/rescue_system/common/en/rescue_system-common-en.iso
  2. Click OK to download
Navigate and Save
- Instructions:
  1. Navigate to your external USB hard drive.
  2. Create a directory call Anti-Virus Live CD on your
  3. Click Save

Section 2. Start your Windows 7 VM

Edit Virtual Machine Settings
- Instructions:
  1. Click on Windows 7
  2. Click on Edit virtual machine
Configure CD/DVD (IDE)
- Instructions
  1. Configure CD/DVD (IDE)
  2. Click the radio button "Use ISO image file:"
  3. Click the Browse button and Navigate to the location of the rescue_system-common-en.iso
  4. Click the Okay button
Start Windows 7
- Instructions:
  1. Click on Windows 7
  2. Click on Play virtual machine
Access the Boot Menu
- Instructions
  1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the <Esc> key.
Boot from CD-ROM Drive
- Instructions
  1. Arrow Down to where CD-ROM Drive is highlighted
  2. Press <Enter>

Section 3. Using Avira Rescue CD

Press any key to enter the menu
- Instructions
  1. Type "1" after the boot prompt.
  2. Press <Enter>
Loading Avira AntiVir Rescue System
- Note(FYI)
  1. Avira will not load its' rescue system.
  2. Continue to next step.
Open a Terminal
- Instructions
  1. Click on the Miscellaneous Tab
  2. Select Command line
  3. When you are prompted with the Rescue System Message, Select Yes.
View IP Address
- Instructions
  1. ifconfig -a
    - My IP Address is 192.168.1.106.
- Notes (FYI)
  - If you do not have an IP Address, do the following:
    1. dhclient eth0
Download MALWARE-TESTFILE.exe
- Note(FYI):
  - The file MALWARE-TESTFILE.exe is not a virus.
  - It contains only the below one-line virus signature that we will use to test Avira.
  - X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
- Instructions:
  1. df -k
    - /media/Devices/hdc - This file system contains the Avira Utilities
    - /media/Devices/sda1 - This file system contains the actual C: Drive.
  2. cd /media/Devices/sda1
    - Now you are in the actual C: Drive
  3. wget http://www.computersecuritystudent.com/WINDOWS/W7/lesson7/MALWARE-TESTFILE.exe
    - This is the actual Virus Signature Test File.
  4. ls -l MALWARE*
    - This verifies we have downloaded the test file.
  5. Press <Alt>-F7
    - This will put you back into the Avira GUI.
Update Avira
- Instructions
  1. Click the "Update" tab
  2. Click the Yes Button
Update Results
- Instructions
  1. Once update is complete, you will see a successfully completed message.
  2. Continue to Next Section

Section 4. Configure the Avira Scanner

Open A Konqueror Web Browser
- Instructions
  1. Click the Configuration Tab
  2. Scan method: Select All Files
  3. Action when malware found:
    - Select Repair infected files
    - Select Rename file if repair is not possible
  4. Extended thread categories
    - Select Dialiers
    - Select Backdoor client
    - Select Adware/Spyware

Section 4. Run the Avira Scanner

Start Virus scanner
- Instructions
  1. Click on the Virus scanner tab.
  2. Click on Start scanner button.
Avira Summary Results
- Notes (FYI):
  - After the scan finishes, Avira will list summary of the results.
View MALWARE-TESTFILE.exe Alert
- Instructions
  1. Scroll all the way up in the log window
  2. Notice the Alert Entry
  3. Click the Save Button
Save Ariva Log File
- Instructions:
  1. Navigate to /media/Devices/sda1
  2. Click the Save Button

Section 5. Proof of Lab

Open a Terminal
- Instructions
  1. Click on the Miscellaneous Tab
  2. Select Command line
  3. When you are prompted with the Rescue System Message, Select Yes.
Proof of Lab Instructions
- Instructions:
  1. cd /media/Devices/sda1/
  2. ls -l MALWARE*
  3. grep -i alert rescue-system_scan.log
    - This shows you all the alerts in the Avira log.
  4. date
  5. Press <Enter>
  6. echo "Your Name"
    - Replace the string "Your Name" with your actual name.
    - e.g., echo "John Gray"
  7. Do a PrtScn
  8. Paste into a word document
  9. Upload to Moodle

Section 6. Post Lab Instructions

Edit Virtual Machine Settings
- Instructions:
  1. From the VM Player Menu Bar do the following:
  2. Select Virtual Machine
  3. Select Virtual Machine Settings...
Edit CD/DVD (IDE)
- Instructions:
  1. Select CD/DVD (IDE)
  2. Select the Connection radio button: Use physical drive, with Auto detect selected.
  3. Click the OK Button
Windows 7 - VMware Player CD-ROW Disconnect Message
- Instructions:
  1. Select Yes
Power Off
- Instructions:
  1. Virtual Machine --> Power --> Power Off
VMware Player Message
- Instructions:
  1. Select Yes

secure-19-12-2013

Thứ Ba, 26 tháng 11, 2013

Download and Run Avira AntiVir Rescue System

Không có nhận xét nào:

Đăng nhận xét