ComputerSecurityStudent (CSS) [Login] [Join Now]




|WINDOWS >> Windows 7 >> Current Page |Views: 8521

(Windows 7: Lesson 6)

{ Download and Run Kaspersky Rescue Disk (Antivirus Scan) }


Section 0. Background Information
  1. Kaspersky Rescue CD 
  2. Lab Notes
    • In this lab we will do the following:
      1. Download the Kaspersky iso
      2. Boot Windows 7 VM into the Kaspersky Rescue Environment
      3. Update Kaspersky
      4. Download a Virus Signature sample file called MALWARE-TESTFILE.exe (Note: This is not a virus, just a one-line signature)
      5. Run Kaspersky Antivirus Scan

  3. Prerequisites
  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2012 No content replication of any kind is allowed without express written permission.

 

Section 1. Download Kaspersky
  1. Open A Firefox Browser
    • Notes
      • Login to the machine that has VM Player Installed.
    • Instructions
      1. Click on the Windows Start Button
      2. Type firefox in the search box
      3. Click on Mozilla Firefox

     

  2. Open A Firefox Browser

     

  3. Navigate and Save
    • Instructions
      1. Navigate to your external USB hard drive.
      2. Create a directory call Anti-Virus Live CD on your
      3. Click Save

 

Section 2. Start your Windows 7 VM
  1. Edit Virtual Machine Settings
    • Instructions
      1. Click on Windows 7
      2. Click on Edit virtual machine

     

  2. Configure CD/DVD (IDE)
    • Instructions
      1. Configure CD/DVD (IDE)
      2. Click the radio button "Use ISO image file:"
      3. Click the Browse button and Navigate to the location of the kav_rescue_10.iso
      4. Click the Okay button

     

  3. Start Windows 7
    • Instructions
      1. Click on Windows 7
      2. Click on Play virtual machine

     

  4. Access the Boot Menu
    • Instructions
      1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the <Esc> key.

     

  5. Boot from CD-ROM Drive
    • Instructions
      1. Arrow Down to where CD-ROM Drive is highlighted
      2. Press <Enter>

 

Section 3. Using Kaspersky Rescue CD
  1. Press any key to enter the menu
    • Instructions
      1. Press <Enter>

     

  2. Select Language
    • Instructions
      1. Select Language of Choice, English is default.

     

  3. Accept Agreement
    • Instructions
      1. Press "1"

     

  4. Select Rescue Type
    • Instructions
      1. Select "Kaspersky Rescue Disk.  Graphic Mode"
      2. Press <Enter>

     

  5. Open a Terminal
    • Instructions
      1. Select KDE Start Button
      2. Select Terminal

     

  6. Get IP Address
    • Instructions
      1. ifconfig -a
    • Notes (FYI)
      • If you do not have an IP Address, do the following:
        1. /etc/init.d/network restart
          OR
        2. dhclient eth0

     

  7. Update Kaspersky
    • Instructions
      1. Click the "My Update Center" tab
      2. Click Start update

 

Section 4. Download MALWARE-TESTFILE.exe
  1. Open A Konqueror Web Browser
    • Instructions
      1. Click the KDE Start Button
      2. Click the Web Browser

     

  2. Download MALWARE-TESTFILE.exe
    • Note(FYI):
      • The file MALWARE-TESTFILE.exe is not a virus. 
      • It contains only the below one-line virus signature that we will use to test Kaspersky.
      • X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
    • Instructions:
      1. In the Konqueror Address Bar, place the following web address
        • http://www.computersecuritystudent.com/WINDOWS/W7/lesson6/MALWARE-TESTFILE.exe
      2. Click the Save As... Button

     

  3. Navigate to C: Drive
    • Instructions
      1. Click on the C Drive Picture

     

  4. Save MALWARE-TESTFILE.exe
    • Instructions
      1. Click Save

     

  5. Start Objects Scan
    • Instructions
      1. Click on All Three Check Boxes
      2. Click on Start Objects Scan

     

  6. Rescue Disk Alarm
    • Notes (FYI):
      • Kaspersky detected the c:/MALWARE-TESTFILE.exe
    • Instructions
      1. Click on Delete

     

  7. Open Report
    • Instructions
      1. Click the Report Link

     

  8. View Detailed Results
    • Instructions:
      1. Click Report
      2. Click Detailed Report

     

  9. View Last Object Scan
    • Instructions
      1. Click On the Last Object Scan
      2. View the Detected Viruses

     

Section 5. Proof of Lab
  1. Open A Terminal
    • Instructions
      1. Click on the KDE Start Button
      2. Click on Terminal
     
  2. Proof of Lab Instructions
    • Instructions:
      1. find /mnt/* -name "*.exe" | grep MALWARE | wc -l
        • This command returns a "0" because the sample virus was deleted.
      2. date
      3. Press <Enter>
      4. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
      5. Do a PrtScn
      6. Paste into a word document
      7. Upload to Moodle

     

  3. Edit Virtual Machine Settings
    • Instructions
      1. From the VM Player Menu Bar do the following:
      2. Select Virtual Machine
      3. Select Virtual Machine Settings...

     

  4. Edit CD/DVD (IDE)
    • Instructions
      1. Select CD/DVD (IDE)
      2. Select the Connection radio button: Use physical drive, with Auto detect selected.
      3. Click the OK Button

     

  5. Windows 7 - VMware Player CD-ROW Disconnect Message
    • Instructions
      1. Select Yes

     

  6. Power Off
    • Instructions
      1. Virtual Machine --> Power --> Power Off

     

  7. VMware Player Message
    • Instructions
      1. Select Yes


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth