Friday, 3 June 2016

Add Anvi Rescue Disk, Sophos Bootable AV, Trend Micro AV and Panda AV to your E2B drive

Note: None of the AV utilities below contain EFI boot files.

Anvi Rescue Disk 11

This is a free 100MB download from AnviSoft here. It supports several languages (see screenshot below).

It includes a FireFox web browser amd LeafPad text editor, as well as TestDisk (for data recovery from corrupted volumes) and gparted + other utilities. It has a 'Flash Scan' option for a quick pass, or a slower, more thorough, scan option.

Just copy the ISO file to E2B (e.g. \_ISO\ANTIVIRUS folder) and boot.

Sophos Bootable AntiVirus (SBAV)

Instructions for making the ISO can be found here.

However, on my Windows 10 TH2 x64 system, I could not make the ISO file using the  'sbavc.exe sb.iso' command suggested because I got a mkisofs.exe error (after a few minutes) and a 0-byte ISO file! I found an unofficial direct ISO file download here however which is updated daily (AFAIK).

This software runs a text-based scan. There is no Desktop GUI interface.

Trend Micro Rescue Disk

The Trend Micro Rescue Disk does not come as an ISO, the utility provided will directly write to a writable-CD\DVD or a USB drive.

To get this onto E2B, you need to make either a CD\DVD or bootable Flash drive using their utility and then drag-and-drop the whole drive letter of the CD\DVD\USB drive onto the MPI_FAT32 Desktop shortcut (you need to install the MPI Tool Kit first).

Then simply choose the default suggested size and create a Trend_Micro_Rescue_Disk.imgPTN file and copy it to your E2B USB drive and boot to it in the usual way(s).

Panda Cloud Cleaner

I also tried the Panda Cloud Cleaner ISO. This a rather different, in that when you boot to the ISO, it injects some start-up files onto the Windows partition so that it runs Panda AV software when you next boot to Windows.

I tried this on an XP system and on a Virtual Machine installation of Windows 10 x64. In both cases, when I rebooted to the OS, Panda Cloud Cleaner did not run. I have also seen reports that when it does run, it can damage the boot files of an OS and render it unbootable!

Note: There is also a Panda Safe CD here (screenshots below) which did run OK.

The signature file is downloaded and then the scan starts...

Both versions support English and Spanish.

If you are looking for more AV Rescue CDs, there is a useful list here.
Most (if not all) of these will run from an E2B drive and many with persistence too. Check the blog tutorial list and the List of tested Payloads page.