NOTE! The BLTDVS Toolkit in its original form is now obsolete. The current state of the art has yielded self-contained USB installer tools for most of the popular antivirus rescue CDs.
I have updated this article: Make an Anti Virus Bootable USB Thumb Drive with the latest information and put two versions of popular rescue CD USB installers in the revised BLTDVS Toolkit which is still available for download from the original location when you sign up for my newsletter list.
Once again, in May 2009, I have had to revise this article because Avira’s updates no longer work (thanks, Cindy, for your help in pointing out the problem to me). This new revision supercedes all previous articles I have posted on this subject; specifically, these two:
“How to make a bootable thumb drive virus scanner for NTFS” is the second most popular article on this site, outranked only by “My Computer Won’t Shut Down!” and I thank you for visiting Ask the Geek for advice on these issues. Because of the continuing popularity of the thumb drive virus scanner, I want to make sure you have up to date and relevant information. The two articles listed above are outdated.
The original DOS-based version of the thumb drive virus scanner used F-Prot Antivirus for DOS, one of the best and most popular DOS-based? scanners for nearly 20 years. Unfortunately, F-Secure is no longer updating the virus definitions for that version. In fact, the F-Prot virus signatures are now almost two years old, making them virtually useless. Other vendors are following suit. I’ve had quite a bit of feedback asking me if I could solve this problem and provide an updated method of offline virus scanning.
The good news is that, yes, I’ve solved the problem, thanks to the fact that several vendors offer free bootable rescue CDs for download. Most of these run under some flavor of Linux and after a bit of hacking, I found it’s a simple matter to make a bootable thumb drive from the images.
Note: Avira has changed the ISO image *again* since this article was first posted. I have had comments from some people that the new ISOs just don’t work right on the thumb drive. As of May 2009, the VDF updates cause the old version to fail. I have revised the steps below and updated the BLTDVS toolkit.
I chose the Kaspersky Rescue CD from Kaspersky Lab for my latest incarnation of the thumb drive virus scanner. Since it runs under Linux, it has native NTFS read/write support making it unnecessary to use any third party tools like NTFS4DOS (which is still available, but no longer supported by Avira).
Here’s how to be up and running with your own copy of my latest tool in just a few minutes. I’ve made it easy by providing everything you need, except the rescue CD image:
- I no longer require that you make a donation, but would appreciate it greatly. I’ve worked hard to keep the BLTDVS toolkit up to date and will contintue to do so.
- I do require that you sign up on my list. That is the only way to get the download link and password for the BLTDVS toolkit. Once you sign up and confirm your subscription, the welcome email will give you instructions, a link to the new toolkit, and the password.
- If you bypassed the fade-in sign-up form when you arrived at this page, you can click here to go to another sign-up page or click on Sign Up! in the toolbar to the right.
- Download the BLTDVS toolkit from the link I send you.
- Extract the folder to the root of your hard drive.
- Download the Kaspersky Rescue CD ISO image
- Move the CD ISO image to the BLTDVS_toolkit folder?
- Plug in your thumb drive.
- Open the BLTDVS_toolkit folder and navigate to the DriveKey folder.
- Run HPUSBF.EXE (command line version) or HPUSBW.EXE (windows version) and format your thumb drive using FAT or FAT32. Deselect the “Create a DOS startup disk” option.
- Open the BLTDVS_toolkit folder and copy or move its contents to your thumb drive. Don’t move the actual folder.
- On your thumb drive, double-click avrescd.bat. This will extract the necessary files from the ISO image to your thumb drive. Be sure you specify the right drive letter for your thumb drive.
- Once the files have been extracted, makeboot.bat will be called automatically. See the caution in the next step!
- CAUTION! This step is dangerous! Heed the warning message. Please verify the correct flash drive letter is being displayed before proceeding. Do not run this file on your hard drive or your current MBR will be overwritten rendering Windows unbootable. (This isn’t a complete disaster, but it takes some geeky knowledge to fix it.)? NOTE: If you are usingVista, you may see a “failure to update the MBR” error. In this case, right-click the file and specify “Run as administrator.”
- Hit any key to exit. You now have bootable Linux thumb drive virus scanner that will handle NTFS drives as well as most other formats.
One really cool feature of the Kaspersky program is that it will allow you to update it over the Internet as long as you’re plugged into your network. It doesn’t work well with a wireless connection (which both of my laptops have), but I haven’t had a bit of trouble getting an address and updating when I’m plugged in.
Another great feature of the program is that it has a built in file manager, so you can also use it to recover files from an infected hard drive without having to boot into the native OS.
As always, feedback is welcome. I want to know how this tool is working for you.