• Choose a category
• All
• Classic-Fiction

Search and Destroy Once you’ve isolated the infected computer (or computers), you need to get to a safe boot environment and run your antivirus software. You can try Windows Safe Mode first, because it doesn’t require anything but a reboot. If that doesn’t work, or you suspect a boot sector virus, you need to turn to an external bootable source, such as a bootable CD or flash memory drive.

Get into the habit of keeping around an antivirus CD-R—a bootable CD-R disc with a copy of an antivirus program. If you suspect a virus, use the disc, even if your antivirus program claims to have eliminated the virus. Turn off the PC and reboot it from the antivirus disc. (You might have to change CMOS settings to boot to an optical disc.) This will put you in a clean boot environment that you know is free from any boot-sector viruses. If you only support fairly recent computers, most have an option to boot to a USB flash drive, so you can put a boot environment on a thumb drive for even faster start-up speeds.

You have several options for creating the bootable CD-R or flash drive. First, some antivirus software comes in a bootable version, such as the avast! Virus Cleaner Tool (Figure 26-22).

Second, you can download a copy of Linux that offers a LiveCD option such as Ubuntu. With a LiveCD, you boot to the CD and install a complete working copy of the operating system into RAM, never touching or accessing the hard drive, to give you full Internet-ready access to many online antivirus sites. (You’ll obviously need Internet access for those tools.) Kaspersky Labs provides a nice option at www.kaspersky.com.

You can download and burn a copy of the Ultimate Boot CD. It comes stocked with several antivirus programs, so you wouldn’t need any other tool. Find it at www.ultimatebootcd.com. The only down side is that the antivirus engines will be out of date, as will their virus encyclopedias.

For those who like to create custom tools, you can make your own boot environment and stock it with the latest antivirus software of your choice. Use one of two preinstalled environment (PE) tools, BartPE and Windows PE.

BartPE is a third-party tool written by Bart Lagerweij that enables you to create a graphical bootable version of Windows XP, complete with software. You need a legitimate copy of Windows XP (Home or Professional) to create the bootable media, as BartPE pulls from the Windows setup files. You can then add various plug-ins to get antivirus support. Find it here: www.nu2.nu/pebuilder.

Figure 26-22 avast! Virus Cleaner Tool

Microsoft made available Windows PE 2.0 (Windows PE 3.0 for Windows 7 should be available by the time you read this) for Windows Vista for installation assistance on multiple computers. The boot environment created also enables you to run some software, though it’s not as easy as in BartPE. Download Windows PE from Microsoft.

* * *

EXAM TIP You won’t get asked about how to create a custom boot environment. You should know that you can, however, and that a bootable CD-R disc or thumb drive with antivirus tools is a must for any technician’s toolkit.

Once you get to a boot environment, run your antivirus program’s most comprehensive virus scan. Then check all removable media that were exposed to the system, as well as any other machine that might have received data from it or that is networked to the cleaned machine. Remember to turn off System Restore so that Windows doesn’t accidentally keep a copy of the virus in it’s backup files.

E-mail is still a common source of viruses, and opening infected e-mails is a common way to get infected. Viewing an e-mail in a preview window opens the e-mail message and exposes your computer to some viruses. Download files only from sites you know to be safe, and of course the less reputable corners of the Internet are the most likely places to pick up computer infections.

Remediate Virus infections can do a lot of damage to a system, especially to sensitive files needed to load Windows, so you might