I have reviewed several free antivirus rescue CD’s.  Most of the time the antivirus company simply provides the download but very little documentation.  AVG’s Rescue CD is different.  The company provides in depth guide with screenshots highlighting on how to use antivirus engine and many of the extra included tools.  One could also say that the AVG Rescue CD is also a full system recovery disk given the attention on getting ones unbootable system working.

• Download the AVG Rescue CD
  
• Download the AVG Rescue CD for USB drives

USB functionality –

    The AVG Rescue CD is one of the only antivirus rescue disks that provides separate executables to be installed on a USB flash drive.  This is perfect for a netbook or laptop without a CD ROM drive.  One disadvantage is that one needs to completely delete all of their data from the flash disk before installing the AVG Rescue CD.  Of course, the AVG Rescue CD can be burned onto a disk at any time.

Effective Antivirus and Antispyware –

    The AVG Rescue CD includes both an antivirus and an antispyware engine which is identical to the retail and free versions.  This means that the AVG Rescue CD will probably end up rescuing the infected computer.  In addition, to great virus protection, the AVG Rescue CD includes a built in update functionality which will be necessary because the install files haven’t been updated since April 29, 2010.  One problem with the update feature is that it runs in the boot menu (linux) rather than Windows.  This means that it may have difficulty locating a driver to use for networking (one also needs to setup an ip address or have dhcp enabled). I recommend having wireless turned off an using the Ethernet for networking. The AVG Rescue disk also has a functionality where one can initially download the virus update and install it via the Repair menu.  However, there isn’t documentation about where to find the update file.

Additional Tools –

    AVG Rescue CD really shines in that if offers a lot more than just antivirus protection.  I just compiled a quick list of some of the functionality.

• Vault mode – if AVG free deleted an important file an quarantined it, the file can be restored through the AVG Rescue Disk.
• Memory Testing Capability
• File recovery and hard drive viewing application
• Text Web browser
• Registry Editor
• ScanDisk or ChkDsk functionality
• And more…
  

    As one can see the AVG Rescue CD is more than just a recovery antivirus and rather a whole system recovery tool.  The CD performed excellent on the test system.  I will definitely add it to my personal toolkit.

 

    Sophos Shortcut Exploit Protection Tool is to my knowledge one of the first free security tools provided by Sophos.  The company has previously only offered trial versions on very rare circumstances.  While simple, the Sophos Shortcut Exploit Protection Tool should not be ignored because it offers very important protection capability. 

    Update 8/2: Microsoft has release a KB update KB2286198 for Windows 7 to solve the shortcut problem. Download it here

• Download Sophos Shortcut Exploit Protection Tool from Free Antivirus Help
  

    The vulnerability, Microsoft Security Advisory 2286198, affects all Windows Operating Systems including Windows XP SP3, Vista, Windows 2003 server, Windows 2008 and Windows 7 including 32 bit and 64 bit editions.  The vulnerability affects all shortcuts on a Windows system.  And guess what, the shortcut doesn’t even have to be clicked.  All that needs to happen is the user simply needs to view the shortcut image (for example just “looking at ones desktop”).  As one can deduce this is a huge vulnerability because one doesn’t even need to click on anything.  Even worse practically every Windows system is vulnerable and there has already been active malware using this vulnerability.   In fact,  the Stuxnet worm specifically targeted US SCADA systems (the command and control systems for nuclear power plants and utilities; comforting huh?)

    As of today, there has been no official patch by Microsoft to fix this vulnerability.  There have been some attempts to fix the shortcut vulnerability by blanking out all of the .LNK shortcut files meaning all icons look the same (not really a practical fix for users).    However, Sophos has released the Shortcut Exploit Protection Tool which does not require all the icons to be blanked out.  Why Sophos released a fix before Microsoft is beyond me.

Installation:

    The Sophos Shortcut Exploit Protection Tool arrives in an .MSI install package and is 2.4 megabytes in size.  The .MSI installer means that the Protection Tool can be easily distributed quickly across an organization domain.  The installation was a breeze simply click next twice and the install finishes.  Two complaints are that there isn’t any pop-up or acknowledgement that the protection is active and there isn’t any protection for .PIF shortcuts.  Sophos has also assured users that the Shortcut Exploit Protection Tool is compatible with free antivirus programs and won’t cause any conflicts

    The Emsisoft Emergency Toolkit is kind of a designed as a swiss army knife for virus repair.  It includes the Emergency Kit Scanner, a command line scanner, HijackFREE (an improvement on hijackthis), and Blitzbank (a lock file removal tool).

• Download the Emsisoft Emergency Toolkit Anti Malware for Free
  

Installation:  

    The download was kind of large at 105 megabytes.  The installation is as easy as unzipping the programs into a folder.  Once the files are unzipped, a fancy menu opens up highlighting all of the antivirus tools included with the Emergency Toolkit.

    Emergency Kit Scanner Free Antivirus -  Upon launching the antivirus, the user is immediately prompted to update the antivirus definitions.  The antivirus resembles the Emisoft A-squared free but is more streamlined.  There is a deepscan, custom scan, and standard scan.  The scanner immediately found 4 viruses that Norton Security Scan had missed.  After the scan was done,  which took about 2 hours, the files were moved to the quarantine.  Most freeware emergency scanners like Escan’s malware toolkit do not include quarantine capability meaning false positives cannot be restored.  I have run into a situation where an automatically deleted false positive ruined my registry (happened yesterday).  Therefore, Emsisoft’s Emergency Toolkit is superior in this way.  A user can also customize a scan to shutdown afterwards, report viruses only, or quarantine objects .

    Emergency Kit Commandline Scanner – is another useful utility that mirrors the emergency kit scanner review above, however it runs in the command line.  Why is this useful?  Well if Windows can’t be booted then this scanner can be run and can delete all viruses that may be preventing Windows from being booted properly.  The commandline scanner can be run from safe mode and even a Windows PE installation.  In addition, all of the functions can be controlled via 26 parameters or DOS switches and there is even a built-in update utility.

    HIjackFREE -   Emisoft HijackFREE is a HijackThis clone but offers more extensive reporting.  HijackFREE displays all active process and ports that are currently in use and also as new entries are added.   However, the best feature is the autorun section which probably includes every possible place that an application could autorun.  I particularly like the trick startup area (hard to find startups) which includes the Winlogin, Active Setup, Static VxD, Shell Open Command, 16-bit Versions, AppInit DLL, and other hidden registry areas.  There is also a Schedule option (goes way above and beyond the standard Windows Task Scheduler) in which I found a lot of deleted programs that left their schedules in tack.  There is also an “Others” section.  The “Others” includes explorer add-ons, lsp protocols, hosts, and active programs.  I couldn’t believe that there were thousands of active entries.  Finally, there is a quarantine section where any entry that deleted is  quarantined and can be restored if a conflict occurs.

    BlitzBank – BlitzBank is a locked file, folder, registry key, registry value, driver, etc. delete on system reboot.  In addition, one can also have a file executed on reboot.   A user can upload or create a script that has a series of executing or deleting options upon reboot.  Users can also post their scripts to the web and BlitzBank can download the scripts.

    Norman Antivirus is based out of Norway and was founded in 1984.  The company offers a wide range of virus scanners that are ICSA labs certified.  In addition, the company’s technologies are used by Symantec, eEye digital security, and many other famous security firms.

• Download Norman Malware Cleaner for Free
  

    The companies freeware offering is Norman Malware Cleaner.  The software is pretty hefty for a scanner coming in at a 71 megabyte download.  The interface is also pretty basic but don’t let this fool a user into thinking that the software is limited.  The Norman Malware Cleaner uses the same scanning technology as the companies retail products and it goes above and beyond other companies free alternatives.  The first strength is the ability to scan and remove rootkits.  Keep in mind that Rootkit removal technology is only offered by a handful of paid antivirus.   The next feature is the ability to scan the Windows Firewall configuration for Trojan and Worm entries and effectively delete them.  The ability to scan the Windows firewall is to my knowledge, unique to Norman Malware Cleaner. 

    Norman Malware Cleaner also supports Windows server operating systems.  These include Windows 2000, 2003, and even 2008.  This is a stand out feature because 99% of free antivirus are specifically limited to consumer (xp, vista, 7) and won’t even install on server O/S’s.  In addition, Norman Malware Cleaner works comfortably on all other consumer versions of Windows. 

    Norman Malware Cleaner also scans for an deletes specific browser infections including BHO’s, Active X, and even malicious Windows Host File entries.  If Norman Malware Cleaner locates a locked virus process, the scanner can restart the system and delete the file before Windows is loaded. 

    My favorite feature of Norman Malware Cleaner and a sure winner for system administrators, is the ability to run via the command line.  Some options include a stealth mode in which the Program is never shown to the user, the ability to automatically scan on reboot, and automatically delete detected viruses etc.  This makes Norman Malware Cleaner perfect for cleaning up systems that are already infected.  
I also liked how Norman Malware Cleaner gives the user the option to easily view the virus database.  The database is so large that it took almost a minute to completely display.  A larger virus database means a greater chance of detecting something malicious.

Cons:

    There are some downsides to Norman Malware Cleaner.  The first is the interface is pretty dated and really lags behind the competitor’s free offerings.  The next, is that there is no update functionality.  If a user wants to update the Malware Cleaner they will have to re download the next build the next day.  To Norman’s credit, they really do update the build daily.  Norman Malware Cleaner also suffers from slow scanning.  The speed is compounded by the problem in that there isn’t a scanning status indicator.

    Panda Security is one of the best know antivirus software suites around.  In fact, Panda Security’s software is recommended on our main homepage because they produce the effective cloud antivirus.  Few users know that Panda provides many other free useful utilities.  I think one of the best is Panda USB Vaccine.  

• Download Panda USB Vaccine for Free
  

    Panda USB Vaccine is a small 800k antivirus companion that disables the autorun feature for all usb interfaces.  The concept is that when someone plugs in a usb flash drive to a computer there is an auto launching capability that is initiated by the autorun.inf.  A normal use for the autorun.inf file will be to launch a usb flash helper like the sandisk u3 tray icon.  However, there are many other nefarious uses such as automatically loading viruses and trojans.  In fact, this form of virus transmission is one of the most prevalent way to inadvertently and stealthy spread viruses.

    USB viruses also affect me personally. Ironically, even though I write antivirus reviews on this site I do not run a real time free antivirus.  I don’t because I want to run the leanest system possible (not recommended). Therefore, USB viruses are basically the only way I can get a virus.   Just imagine this situation, one is in class and a group member comes over with a powerpoint loaded on their usb flash drive.  I hate to say it, but it looks weird to deny a firend/group member from putting the flash drive into one’s laptop because it might contain a viruses. And before one can even react, a virus is automatically and stealthy loaded onto computer while the antivirus program misses it. 

    Another situation may arise at a business.  Forget about the traditional way of hacking (i.e. going through the firewall and NAT) a hacker just walks right in the door and sticks a usb flash drive on the back of a desktop.   The hacker doesn’t even need to touch the keyboard as the virus will be automatically launched on the next reboot.  Some businesses have even glued their usb ports to prevent this (also not recommended).  

    Panda USB Vaccine has an autorun capability in that it installs itself as a service and constantly monitors any new presence of a usb drive and blocks the autorun.info from loading.  In addition, Panda USB Vaccine can vaccinate any removable drive and also supports NTFS drives (very few usb security programs do).  Panda USB Vaccine uses only 700 kilobytes in memory and has autoupdate capability.  Finally, Panda USB Vaccine also protects against CD/DVD ROMs and hard drives.