Tag: F-Secure

Virus definition update on the F-Secure rescue CD

So, a co-worker from the office asked me to clean their personal laptop from one of those anti-virus application that install themselves and creates a bunch of pop-ups telling you you are infected. Obviously, I didn’t want to connect that machine to our corporate LAN, so I figured I should use a rescue CD of some sort that does AV scans. I was highly recommended to use F-Protect’s rescue CD for this type of malware in my SANS 504 course that I just took last week.

So, a co-worker from the office asked me to clean their personal laptop from one of those anti-virus application that install themselves and creates a bunch of pop-ups telling you you are infected.  Obviously, I didn’t want to connect that machine to our corporate LAN, so I figured I should use a rescue CD of some sort that does AV scans.  I was highly recommended to use F-Protect’s rescue CD for this type of malware in my SANS 504 course that I just took last week.

A quick Google search returned a very useful page from techmixer.com titled FREE Bootable AntiVirus Rescue CDs Download List.  This page lists seven freely available Antivirus rescue CD options.  So I downloaded the ISO for F-Protect and burned it to a CD.  Obviously, you want to make sure you are scanning with the latest virus definition update, but since the CD is a read-only media, you can’t update the virus definition on it.  The ISO contains a virus definition file from July 2009, but that’s way to old to be useful.  I tried to follow the instructions that were on the techmixer.com page about F-Protect to use the updates on a USB stick, but without success.  When all else fails, read the instructions.  😉

I downloaded the PDF manual from http://www.f-secure.com/linux-weblog/files/rescue_cd_user_guide.20090717.pdf and those instructions, unlike the ones on the techmixer.com ones, instructed to create a fsecurerescuecd folder on your USB stick.  That way, the virus definition gets expanded to the rescuecd folder as well as the results of the scan is saved in a reports folder.  The trick is to use a USB drive that has nothing else on it.  Why they had to do it that way, I’m not sure.  I wished that it wasn’t so because I would rather carry only one stick instead of dedicating one to having the F-Secure virus definition file.

For those of you who prefer bullets and get ‘er done, here is a step-by-step how-to:

  1. Download the ISO  from the F-Secure web site.  As of this writing, version 3.11 is current.
  2. Burn the ISO to a CD.
  3. Have a FAT formated USB thumb drive with nothing on it.
  4. Create a fsecure folder at the root of the drive.
  5. Create a rescuecd folder in the fsecure folder.
  6. Download the latest virus definition file from F-Secure from http://download.f-secure.com/latest/fsdbupdate9.run
  7. Copy the fsdbupdate9.run to the root of your USB drive.
  8. Plug-in the USB drive on the sick computer and then boot the rescue CD.

F-Secure picked-up that I had a USB drive connected and used the virus definition for the scan.  Simply follow the on-screen instructions and your computer will be cleaned up.