ComputerSecurityStudent (CSS) [Login] [Join Now]

|WINDOWS >> Windows 7 >> Current Page |Views: 18635

(Windows 7: Lesson 7)

{ Download and Run Avira AntiVir Rescue System }

Section 0. Background Information
  1. Avira AntiVir Rescue System 
    • The Avira AntiVir Rescue System allows access to computers that cannot be booted. This makes it possible to repair a damaged system, to rescue data or to scan for virus infections.
    • The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.

  2. Lab Notes
    • In this lab we will do the following:
      1. Download the Avira iso
      2. Boot Windows 7 VM into the Avira Rescue Environment
      3. Update Avira
      4. Download a Virus Signature sample file called MALWARE-TESTFILE.exe (Note: This is not a virus, just a one-line signature)
      5. Run Avira Antivirus Scan

  3. Prerequisites
  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2012 No content replication of any kind is allowed without express written permission.


Section 1. Download Avira
  1. Open A Firefox Browser
    • Notes
      • Login to the machine that has VM Player Installed.
    • Instructions
      1. Click on the Windows Start Button
      2. Type firefox in the search box
      3. Click on Mozilla Firefox


  2. Open A Firefox Browser


  3. Navigate and Save
    • Instructions
      1. Navigate to your external USB hard drive.
      2. Create a directory call Anti-Virus Live CD on your
      3. Click Save


Section 2. Start your Windows 7 VM
  1. Edit Virtual Machine Settings
    • Instructions
      1. Click on Windows 7
      2. Click on Edit virtual machine


  2. Configure CD/DVD (IDE)
    • Instructions
      1. Configure CD/DVD (IDE)
      2. Click the radio button "Use ISO image file:"
      3. Click the Browse button and Navigate to the location of the rescue_system-common-en.iso
      4. Click the Okay button


  3. Start Windows 7
    • Instructions
      1. Click on Windows 7
      2. Click on Play virtual machine


  4. Access the Boot Menu
    • Instructions
      1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the <Esc> key.


  5. Boot from CD-ROM Drive
    • Instructions
      1. Arrow Down to where CD-ROM Drive is highlighted
      2. Press <Enter>


Section 3. Using Avira Rescue CD
  1. Press any key to enter the menu
    • Instructions
      1. Type "1" after the boot prompt.
      2. Press <Enter>


  2. Loading Avira AntiVir Rescue System
    • Note(FYI)
      1. Avira will not load its' rescue system.
      2. Continue to next step.


  3. Open a Terminal
    • Instructions
      1. Click on the Miscellaneous Tab
      2. Select Command line
      3. When you are prompted with the Rescue System Message, Select Yes.


  4. View IP Address
    • Instructions
      1. ifconfig -a
        • My IP Address is
    • Notes (FYI)
      • If you do not have an IP Address, do the following:
        1. dhclient eth0


  5.  Download MALWARE-TESTFILE.exe
    • Note(FYI):
      • The file MALWARE-TESTFILE.exe is not a virus. 
      • It contains only the below one-line virus signature that we will use to test Avira.
    • Instructions:
      1. df -k
        • /media/Devices/hdc - This file system contains the Avira Utilities
        • /media/Devices/sda1 - This file system contains the actual C: Drive.
      2. cd /media/Devices/sda1
        • Now you are in the actual C: Drive
      3. wget
        • This is the actual Virus Signature Test File.
      4. ls -l MALWARE*
        • This verifies we have downloaded the test file.
      5. Press <Alt>-F7
        • This will put you back into the Avira GUI.


  6. Update Avira
    • Instructions
      1. Click the "Update" tab
      2. Click the Yes Button


  7. Update Results
    • Instructions
      1. Once update is complete, you will see a successfully completed message.
      2. Continue to Next Section


Section 4. Configure the Avira Scanner
  1. Open A Konqueror Web Browser
    • Instructions
      1. Click the Configuration Tab
      2. Scan method: Select All Files
      3. Action when malware found:
        • Select Repair infected files
        • Select Rename file if repair is not possible
      4. Extended thread categories
        • Select Dialiers
        • Select Backdoor client
        • Select Adware/Spyware


Section 4. Run the Avira Scanner
  1. Start Virus scanner
    • Instructions
      1. Click on the Virus scanner tab.
      2. Click on Start scanner button.


  2. Avira Summary Results
    • Notes (FYI):
      • After the scan finishes, Avira will list summary of the results. 


  3. View MALWARE-TESTFILE.exe Alert
    • Instructions
      1. Scroll all the way up in the log window
      2. Notice the Alert Entry
      3. Click the Save Button


  4. Save Ariva Log File
    • Instructions:
      1. Navigate to /media/Devices/sda1
      2. Click the Save Button


Section 5. Proof of Lab
  1. Open a Terminal
    • Instructions
      1. Click on the Miscellaneous Tab
      2. Select Command line
      3. When you are prompted with the Rescue System Message, Select Yes.
  2. Proof of Lab Instructions
    • Instructions:
      1. cd /media/Devices/sda1/
      2. ls -l MALWARE*
      3. grep -i alert rescue-system_scan.log
        • This shows you all the alerts in the Avira log.
      4. date
      5. Press <Enter>
      6. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
      7. Do a PrtScn
      8. Paste into a word document
      9. Upload to Moodle


Section 6. Post Lab Instructions
  1. Edit Virtual Machine Settings
    • Instructions
      1. From the VM Player Menu Bar do the following:
      2. Select Virtual Machine
      3. Select Virtual Machine Settings...


  2. Edit CD/DVD (IDE)
    • Instructions
      1. Select CD/DVD (IDE)
      2. Select the Connection radio button: Use physical drive, with Auto detect selected.
      3. Click the OK Button


  3. Windows 7 - VMware Player CD-ROW Disconnect Message
    • Instructions
      1. Select Yes


  4. Power Off
    • Instructions
      1. Virtual Machine --> Power --> Power Off


  5. VMware Player Message
    • Instructions
      1. Select Yes

Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth