How to make a bootable thumb drive virus scanner for NTFS: 2008 update

This article supercedes all previous articles I have posted on this subject; specifically, these two:

http://askthegeek.kennyhart.com/2005/12/how-to-make-bootable-thumb-drive-virus.html 

http://askthegeek.kennyhart.com/2007/03/update-how-to-make-bootable-thumb-drive_20.html

"How to make a bootable thumb drive virus scanner for NTFS" is the second most popular article on this site, outranked only by "My Computer Won't Shut Down!" and I thank you for visiting Ask the Geek for advice on these issues. Because of the continuing popularity of the thumb drive virus scanner, I want to make sure you have up to date and relevant information. The two articles listed above are outdated.

The DOS-based version of the thumb drive virus scanner uses F-Prot Antivirus for DOS, one of the best and most popular DOS-based  scanners for nearly 20 years. Unfortunately, F-Secure is no longer updating the virus definitions for that version. In fact, the F-Prot virus signatures are now more than a year old, making them virtually useless against newer threats. Other vendors are following suit. I've had quite a bit of feedback asking me if I could solve this problem and provide an updated method of offline virus scanning.

The good news is that, yes, I've solved the problem, thanks to the fact that several vendors offer free bootable rescue CDs for download. Most of these run under some flavor of Linux and after a bit of hacking, I found it's a simple matter to make a bootable thumb drive from the images.

I chose the AntiVir Rescue CD from Avira for my latest incarnation of the thumb drive virus scanner. Since it runs under Linux, it has native NTFS read/write support making it unnecessary to use any third party tools like NTFS4DOS. Here's how to be up and running with your own copy of my latest tool in just a few minutes (I've made it easy by providing everything you need except the rescue CD image):

1. Download BLTDVS_toolkit.zip from my site.
2. Extract the folder to the root of your hard drive. The passphrase is AskTheG33k. Download the latest version of the AntiVir Rescue CD ISO image (approx. 60 MB), saving it or moving it into the BLTDVS_toolkit folder.
3. Plug in your thumb drive.
4. Open the BLTDVS_toolkit folder and navigate to the DriveKey folder.
5. Run HPUSBF.EXE (command line version) or HPUSBW.EXE (windows version) and format your thumb drive using FAT or FAT32. Deselect the "Create a DOS startup disk" option.
6. Open the BLTDVS_toolkit folder and copy or move its contents to your thumb drive. Don't move the actual folder.
7. On your thumb drive, double-click avrescd.bat. This will extract the necessary files from the ISO image to your thumb drive. Be sure you specify the right drive letter for your thumb drive.
8. Once the files have been extracted, makeboot.bat will be called automatically. See the caution in the next step!
9. CAUTION! This step is dangerous! Heed the warning message. Please verify the correct flash drive letter is being displayed before proceeding. Do not run this file on your hard drive or your current MBR will be overwritten rendering Windows unbootable. (This isn't a complete disaster, but it takes some geeky knowledge to fix it.)  NOTE: If you are usingVista, you may see a "failure to update the MBR" error. In this case, right-click the file and specify "Run as administrator."
10. Hit any key to exit. You now have bootable Linux thumb drive virus scanner that will handle NTFS drives as well as most other formats.

Updating to the latest version of the rescue CD is simple: Just download the latest ISO image and run steps 7 through 10 again.

(Thanks to PDLA ©2007 http://pendrivelinux.com and Lance ©2008  http://pendrivelinux.com. Syslinux is ©1994-2006 H. Peter Anvin http://syslinux.zytor.com for the files used in this tool.)

Cheers!
The Geek

Technorati tags: bootable linux thumb drive virus scanner for ntfs, virus scanner, ntfs, linux, utilities, USB drive, security toolkit, ask the geek, security corner, security tools, antivirus