Download and Run Kaspersky Rescue Disk (Antivirus Scan)

---

Section 0. Background Information

1. Kaspersky Rescue CD 
   • Kaspersky Rescue CD is freely provided by Kaspersky Lab. 
   • Kaspersky provides a full suite of Virus Removal Tools.
   • http://www.kaspersky.com/virus-removal-tools
2. Lab Notes
   • In this lab we will do the following:
     1. Download the Kaspersky iso
     2. Boot Windows 7 VM into the Kaspersky Rescue Environment
     3. Update Kaspersky
     4. Download a Virus Signature sample file called MALWARE-TESTFILE.exe (Note: This is not a virus, just a one-line signature)
     5. Run Kaspersky Antivirus Scan
3. Prerequisites
   • Instructions:
     1. Windows 7: Lesson 1: Installing Windows 7

Section 1. Download Kaspersky

1. Open A Firefox Browser
   • Notes: 
     • Login to the machine that has VM Player Installed.
   • Instructions: 
     1. Click on the Windows Start Button
     2. Type firefox in the search box
     3. Click on Mozilla Firefox
   • 
2. Open A Firefox Browser
   • Instructions: 
     1. Place the following address in the Firefox Browser
     2. http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso
     3. Click OK to download
   • 
3. Navigate and Save
   • Instructions: 
     1. Navigate to your external USB hard drive.
     2. Create a directory call Anti-Virus Live CD on your
     3. Click Save
   • 

Section 2. Start your Windows 7 VM

1. Edit Virtual Machine Settings
   • Instructions: 
     1. Click on Windows 7
     2. Click on Edit virtual machine
   • 
2. Configure CD/DVD (IDE)
   • Instructions
     1. Configure CD/DVD (IDE)
     2. Click the radio button "Use ISO image file:"
     3. Click the Browse button and Navigate to the location of the kav_rescue_10.iso
     4. Click the Okay button
   • 
3. Start Windows 7
   • Instructions: 
     1. Click on Windows 7
     2. Click on Play virtual machine
   • 
4. Access the Boot Menu
   • Instructions
     1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the <Esc> key.
   • 
5. Boot from CD-ROM Drive
   • Instructions
     1. Arrow Down to where CD-ROM Drive is highlighted
     2. Press <Enter>
   • 

Section 3. Using Kaspersky Rescue CD

1. Press any key to enter the menu
   • Instructions
     1. Press <Enter>
   • 
2. Select Language
   • Instructions
     1. Select Language of Choice, English is default.
   • 
3. Accept Agreement
   • Instructions
     1. Press "1"
   • 
4. Select Rescue Type
   • Instructions
     1. Select "Kaspersky Rescue Disk.  Graphic Mode"
     2. Press <Enter>
   • 
5. Open a Terminal
   • Instructions
     1. Select KDE Start Button
     2. Select Terminal
   • 
6. Get IP Address
   • Instructions
     1. ifconfig -a
   • Notes (FYI)
     • If you do not have an IP Address, do the following:
       1. /etc/init.d/network restart
          OR
       2. dhclient eth0
   • 
7. Update Kaspersky
   • Instructions
     1. Click the "My Update Center" tab
     2. Click Start update
   • 

Section 4. Download MALWARE-TESTFILE.exe

1. Open A Konqueror Web Browser
   • Instructions
     1. Click the KDE Start Button
     2. Click the Web Browser
   • 
2. Download MALWARE-TESTFILE.exe
   • Note(FYI):
     • The file MALWARE-TESTFILE.exe is not a virus. 
     • It contains only the below one-line virus signature that we will use to test Kaspersky.
     • X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
   • Instructions:
     1. In the Konqueror Address Bar, place the following web address
        • http://www.computersecuritystudent.com/WINDOWS/W7/lesson6/MALWARE-TESTFILE.exe
     2. Click the Save As... Button
   • 
3. Navigate to C: Drive
   • Instructions
     1. Click on the C Drive Picture
   • 
4. Save MALWARE-TESTFILE.exe
   • Instructions
     1. Click Save
   • 
5. Start Objects Scan
   • Instructions
     1. Click on All Three Check Boxes
     2. Click on Start Objects Scan
   • 
6. Rescue Disk Alarm
   • Notes (FYI):
     • Kaspersky detected the c:/MALWARE-TESTFILE.exe
   • Instructions
     1. Click on Delete
   • 
7. Open Report
   • Instructions
     1. Click the Report Link
   • 
8. View Detailed Results
   • Instructions:
     1. Click Report
     2. Click Detailed Report
   • 
9. View Last Object Scan
   • Instructions
     1. Click On the Last Object Scan
     2. View the Detected Viruses
   • 

Section 5. Proof of Lab

1. Open A Terminal
   • Instructions
     1. Click on the KDE Start Button
     2. Click on Terminal
   • 
    
2. Proof of Lab Instructions
   • Instructions:
     1. find /mnt/* -name "*.exe" | grep MALWARE | wc -l
        • This command returns a "0" because the sample virus was deleted.
     2. date
     3. Press <Enter>
     4. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
     5. Do a PrtScn
     6. Paste into a word document
     7. Upload to website www.antoanthongtin.edu.vn
   • 
3. Edit Virtual Machine Settings
   • Instructions: 
     1. From the VM Player Menu Bar do the following:
     2. Select Virtual Machine
     3. Select Virtual Machine Settings...
   • 
4. Edit CD/DVD (IDE)
   • Instructions: 
     1. Select CD/DVD (IDE)
     2. Select the Connection radio button: Use physical drive, with Auto detect selected.
     3. Click the OK Button
   • 
5. Windows 7 - VMware Player CD-ROW Disconnect Message
   • Instructions: 
     1. Select Yes
   • 
6. Power Off
   • Instructions: 
     1. Virtual Machine --> Power --> Power Off
   • 
7. VMware Player Message
   • Instructions: 
     1. Select Yes
   •