Warning: Parameter 1 to wp_default_scripts() expected to be a reference, value given in /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php on line 600

Warning: Cannot modify header information - headers already sent by (output started at /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php:600) in /home3/walife/public_html/kennyhart.com/geek/wp-content/plugins/wp-super-cache/wp-cache-phase2.php on line 62

Warning: Parameter 1 to wp_default_scripts() expected to be a reference, value given in /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php on line 600

Warning: Parameter 1 to wp_default_styles() expected to be a reference, value given in /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php on line 600
How to make a bootable thumb drive virus scanner for NTFS: 2009 update - Ask the Geek Ask the Geek

How to make a bootable thumb drive virus scanner for NTFS: 2009 update

14

NOTE! The BLTDVS Toolkit in its original form is now obsolete. The current state of the art has yielded self-contained USB installer tools for most of the popular antivirus rescue CDs.

I have updated this article: Make an Anti Virus Bootable USB Thumb Drive with the latest information and put two versions of popular rescue CD USB installers in the revised BLTDVS Toolkit which is still available for download from the original location when you sign up for my newsletter list.

Once again, in May 2009, I have had to revise this article because Avira’s updates no longer work (thanks, Cindy, for your help in pointing out the problem to me). This new revision supercedes all previous articles I have posted on this subject; specifically, these two:

http://askthegeek.kennyhart.com/2005/12/how-to-make-bootable-thumb-drive-virus.html

http://askthegeek.kennyhart.com/2007/03/update-how-to-make-bootable-thumb-drive_20.html

“How to make a bootable thumb drive virus scanner for NTFS” is the second most popular article on this site, outranked only by “My Computer Won’t Shut Down!” and I thank you for visiting Ask the Geek for advice on these issues. Because of the continuing popularity of the thumb drive virus scanner, I want to make sure you have up to date and relevant information. The two articles listed above are outdated.

The original DOS-based version of the thumb drive virus scanner used F-Prot Antivirus for DOS, one of the best and most popular DOS-based? scanners for nearly 20 years. Unfortunately, F-Secure is no longer updating the virus definitions for that version. In fact, the F-Prot virus signatures are now almost two years old, making them virtually useless. Other vendors are following suit. I’ve had quite a bit of feedback asking me if I could solve this problem and provide an updated method of offline virus scanning.

The good news is that, yes, I’ve solved the problem, thanks to the fact that several vendors offer free bootable rescue CDs for download. Most of these run under some flavor of Linux and after a bit of hacking, I found it’s a simple matter to make a bootable thumb drive from the images.

Note: Avira has changed the ISO image *again* since this article was first posted. I have had comments from some people that the new ISOs just don’t work right on the thumb drive. As of May 2009, the VDF updates cause the old version to fail. I have revised the steps below and updated the BLTDVS toolkit. 

I chose the Kaspersky Rescue CD from Kaspersky Lab for my latest incarnation of the thumb drive virus scanner. Since it runs under Linux, it has native NTFS read/write support making it unnecessary to use any third party tools like NTFS4DOS (which is still available, but no longer supported by Avira).

Here’s how to be up and running with your own copy of my latest tool in just a few minutes. I’ve made it easy by providing everything you need, except the rescue CD image:

  1. I no longer require that you make a donation, but would appreciate it greatly. I’ve worked hard to keep the BLTDVS toolkit up to date and will contintue to do so.
  2. I do require that you sign up on my list. That is the only way to get the download link and password for the BLTDVS toolkit. Once you sign up and confirm your subscription, the welcome email will give you instructions, a link to the new toolkit, and the password.
  3. If you bypassed the fade-in sign-up form when you arrived at this page, you can click here to go to another sign-up page or click on Sign Up! in the toolbar to the right.
  4. Download the BLTDVS toolkit from the link I send you.
  5. Extract the folder to the root of your hard drive.
  6. Download the Kaspersky Rescue CD ISO image
  7. Move the CD ISO image to the BLTDVS_toolkit folder?
  8. Plug in your thumb drive.
  9. Open the BLTDVS_toolkit folder and navigate to the DriveKey folder.
  10. Run HPUSBF.EXE (command line version) or HPUSBW.EXE (windows version) and format your thumb drive using FAT or FAT32. Deselect the “Create a DOS startup disk” option.
  11. Open the BLTDVS_toolkit folder and copy or move its contents to your thumb drive. Don’t move the actual folder.
  12. On your thumb drive, double-click avrescd.bat. This will extract the necessary files from the ISO image to your thumb drive. Be sure you specify the right drive letter for your thumb drive.
  13. Once the files have been extracted, makeboot.bat will be called automatically. See the caution in the next step!
  14. CAUTION! This step is dangerous! Heed the warning message. Please verify the correct flash drive letter is being displayed before proceeding. Do not run this file on your hard drive or your current MBR will be overwritten rendering Windows unbootable. (This isn’t a complete disaster, but it takes some geeky knowledge to fix it.)? NOTE: If you are usingVista, you may see a “failure to update the MBR” error. In this case, right-click the file and specify “Run as administrator.”
  15. Hit any key to exit. You now have bootable Linux thumb drive virus scanner that will handle NTFS drives as well as most other formats.

One really cool feature of the Kaspersky program is that it will allow you to update it over the Internet as long as you’re plugged into your network. It doesn’t work well with a wireless connection (which both of my laptops have), but I haven’t had a bit of trouble getting an address and updating when I’m plugged in.

Another great feature of the program is that it has a built in file manager, so you can also use it to recover files from an infected hard drive without having to boot into the native OS.

As always, feedback is welcome. I want to know how this tool is working for you.

(Thanks to PDLA ©2007 http://pendrivelinux.com and Lance ©2008? http://pendrivelinux.com. Syslinux is ©1994-2006 H. Peter Anvin http://syslinux.zytor.com for the files used in this tool.)

Cheers!
The Geek

14 Responses

  1. Jana says:

    I can’t seem to sign up to get the file. Can you help me?

  2. I don’t recommend many things, but this came just at the right time. It cleared my PC and it now runs faster. I have reviewed 4 Registry Tools in http://www.registryfixtools.com and you can see the results.
    Regards

  3. Bob says:

    Looks like as of 8/21/09 the link to the Kapersky rescue CD doesn’t work. Have you thought about using ClamAV for this project, it might be more accessible than these proprietary projects. There is a live CD solution for ClamAV.

  4. Gudge69 says:

    HI, thankyou for all your hard work. The instructions worked a treat. However i have a problem, i am plugged into my network and i can not update the virus definitions. i dont seem to be able to use my network while in this linux environment. Is there a more uptodate image that i can use? or even a file that kaspersky can update from locally?

    Thank you again.

  5. Hey Geek, As with the other commenters, thank you so much for this guide and utility. It could potentially be a life saver.

    I do however have a few questions:

    1) I am guessing the networking side of things works via dhcp, i have looked through the files, but am no linux expert so wondered if there is a way of setting a static ip?

    2) Where are the virus deffinition updates saved to? I ran the update on my laptop (dhcp) then plugged the usb drive to a machine with no dhcp and it said the deffinitions were out of date, I would have hope it updated them on the usb key?

    If you could drop me an answer to these I would
    greatly appreciate it.

    thanks again

    Darren aka Techmonkey

  6. The Geek says:

    To those having trouble with the network, here is some info for you. Mind you, this is Geeky stuff, so be prepared to learn something about Linux.

    1. The update procedure works via DHCP. In most cases, you won’t have to mess with this. If you have trouble, you may be able to set a static ip address by using the procedure below. You’ll want to get into the Linux command console (terminal). I believe the rescue disk UI has a link for that. You can then assign a static ip address:

    ifconfig eth0 up netmask 255.255.255.0
    route add default gw
    ifconfig eth0 down
    ifconfig eth0 up
    route add default gw

    You can verify the ip address by typing ifconfig with no parameters. It should show the address you set for eth0.

    2. The updates are saved to memory, so they go bye-bye when you reboot. It’s better to update every time you use it anyway, so you always have the current definitions. I’ll investigate the ../etc/conf file and see if I can resolve this.

  7. gregg z. says:

    trying to make the bootable usb AV. keep getting a “not a removeable device” during the makeboot.bat process. I tried running from the CMD prompt using the -f switch. any help would be appreciated. thx.

  8. gregg z. says:

    i found the answer after many google searchs. I had to modofy the makeboot.bat file that was on the thumb drive. I had to add the -d switch into the makeboot.bat file. I was trying to run makeboot.bat -d from the command line. here is the updated line in my makeboot.bat>>> syslinux\win32\syslinux.exe -maf -d %~d0

  9. i am only using free virus scanners like avast and avira but they seem to be great tools though’*~

  10. Kaspersky and Avast are both great antiviruses and anti-malware'”;

  11. Kaspersky will definitely get two thumbs up from me when it comes to killing all those pesky viruses and spywares’`”

  12. Kaspersky and Avast have much better heuristic detection capability compared to Trend Micro antivirus _

  13. i use both Avast and AVG virus scanner because they are very good ,.’

  14. tom says:

    Using the posted directions and the avg iso, the thumb drive does not find a bootable kernal. The linux is missing for some reason.

    Does anyone know of currently available bootable thumb drive for virus scanning, malware bootable utility?

Leave a Reply

© 2017 Ask the Geek. All rights reserved.