(Windows 7: Lesson 6)

{ Download and Run Kaspersky Rescue Disk (Antivirus Scan) }

Section 0. Background Information

Kaspersky Rescue CD
- Kaspersky Rescue CD is freely provided by Kaspersky Lab.
- Kaspersky provides a full suite of Virus Removal Tools.
- http://www.kaspersky.com/virus-removal-tools
Lab Notes
- In this lab we will do the following:
  1. Download the Kaspersky iso
  2. Boot Windows 7 VM into the Kaspersky Rescue Environment
  3. Update Kaspersky
  4. Download a Virus Signature sample file called MALWARE-TESTFILE.exe (Note: This is not a virus, just a one-line signature)
  5. Run Kaspersky Antivirus Scan
Prerequisites
- Instructions:
  1. Windows 7: Lesson 1: Installing Windows 7
Legal Disclaimer
- As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
- In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
- In addition, this is a teaching website that does not condone malicious behavior of any kind.
- Your are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
- © 2012 No content replication of any kind is allowed without express written permission.

Section 1. Download Kaspersky

Open A Firefox Browser
- Notes:
  - Login to the machine that has VM Player Installed.
- Instructions:
  1. Click on the Windows Start Button
  2. Type firefox in the search box
  3. Click on Mozilla Firefox
Open A Firefox Browser
- Instructions:
  1. Place the following address in the Firefox Browser
  2. http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso
  3. Click OK to download
Navigate and Save
- Instructions:
  1. Navigate to your external USB hard drive.
  2. Create a directory call Anti-Virus Live CD on your
  3. Click Save

Section 2. Start your Windows 7 VM

Edit Virtual Machine Settings
- Instructions:
  1. Click on Windows 7
  2. Click on Edit virtual machine
Configure CD/DVD (IDE)
- Instructions
  1. Configure CD/DVD (IDE)
  2. Click the radio button "Use ISO image file:"
  3. Click the Browse button and Navigate to the location of the kav_rescue_10.iso
  4. Click the Okay button
Start Windows 7
- Instructions:
  1. Click on Windows 7
  2. Click on Play virtual machine
Access the Boot Menu
- Instructions
  1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the <Esc> key.
Boot from CD-ROM Drive
- Instructions
  1. Arrow Down to where CD-ROM Drive is highlighted
  2. Press <Enter>

Section 3. Using Kaspersky Rescue CD

Press any key to enter the menu
- Instructions
  1. Press <Enter>
Select Language
- Instructions
  1. Select Language of Choice, English is default.
Accept Agreement
- Instructions
  1. Press "1"
Select Rescue Type
- Instructions
  1. Select "Kaspersky Rescue Disk. Graphic Mode"
  2. Press <Enter>
Open a Terminal
- Instructions
  1. Select KDE Start Button
  2. Select Terminal
Get IP Address
- Instructions
  1. ifconfig -a
- Notes (FYI)
  - If you do not have an IP Address, do the following:
    1. /etc/init.d/network restart
      OR
    2. dhclient eth0
Update Kaspersky
- Instructions
  1. Click the "My Update Center" tab
  2. Click Start update

Section 4. Download MALWARE-TESTFILE.exe

Open A Konqueror Web Browser
- Instructions
  1. Click the KDE Start Button
  2. Click the Web Browser
Download MALWARE-TESTFILE.exe
- Note(FYI):
  - The file MALWARE-TESTFILE.exe is not a virus.
  - It contains only the below one-line virus signature that we will use to test Kaspersky.
  - X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
- Instructions:
  1. In the Konqueror Address Bar, place the following web address
    - http://www.computersecuritystudent.com/WINDOWS/W7/lesson6/MALWARE-TESTFILE.exe
  2. Click the Save As... Button
Navigate to C: Drive
- Instructions
  1. Click on the C Drive Picture
Save MALWARE-TESTFILE.exe
- Instructions
  1. Click Save
Start Objects Scan
- Instructions
  1. Click on All Three Check Boxes
  2. Click on Start Objects Scan
Rescue Disk Alarm
- Notes (FYI):
  - Kaspersky detected the c:/MALWARE-TESTFILE.exe
- Instructions
  1. Click on Delete
Open Report
- Instructions
  1. Click the Report Link
View Detailed Results
- Instructions:
  1. Click Report
  2. Click Detailed Report
View Last Object Scan
- Instructions
  1. Click On the Last Object Scan
  2. View the Detected Viruses

Section 5. Proof of Lab

Open A Terminal
- Instructions
  1. Click on the KDE Start Button
  2. Click on Terminal
Proof of Lab Instructions
- Instructions:
  1. find /mnt/* -name "*.exe" | grep MALWARE | wc -l
    - This command returns a "0" because the sample virus was deleted.
  2. date
  3. Press <Enter>
  4. echo "Your Name"
    - Replace the string "Your Name" with your actual name.
    - e.g., echo "John Gray"
  5. Do a PrtScn
  6. Paste into a word document
  7. Upload to Moodle
Edit Virtual Machine Settings
- Instructions:
  1. From the VM Player Menu Bar do the following:
  2. Select Virtual Machine
  3. Select Virtual Machine Settings...
Edit CD/DVD (IDE)
- Instructions:
  1. Select CD/DVD (IDE)
  2. Select the Connection radio button: Use physical drive, with Auto detect selected.
  3. Click the OK Button
Windows 7 - VMware Player CD-ROW Disconnect Message
- Instructions:
  1. Select Yes
Power Off
- Instructions:
  1. Virtual Machine --> Power --> Power Off
VMware Player Message
- Instructions:
  1. Select Yes