I wouldn’t have bothered trying out Kaspersky Rescue Disk if it wasn’t for a friend who asked me to help him troubleshoot his Windows machine which got infected by a virus. I was surprised to find that this rescue disk is in fact a Linux image which includes the well-known Kaspersky AntiVirus that can be used for free with no registration of any kind.
What is it
Kaspersky Rescue Disk is a Live CD based on Gentoo Linux i686. It runs kernel 3.0 and a lightweight version of KDE as the desktop environment. If you have a machine that has been infected with malware (viruses, trojans) you can use this image to boot your computer and scan the machine for malicious programs. Depending on the seriousness of the threat the antivirus should be able to either disinfect the machine (clean the files that are infected), delete the files completely or quarantine them.
How does it work
Ones you downloaded the image and burned it to a CD or USB key, use it to boot the infected machine (on most machines the F12 key interrupts a normal boot and offers alternative boot options). The Kaspersky image will run “live” from RAM, there’s no need to install the image. After a successful boot all partitions are automatically detected and a pop up window prompts you to download the latest virus definitions from the official website.
Having updated the virus database you are now ready to scan the machine. Just select the desired paths (there are some defaults, but you can add your own) and click the start button. After the scan finishes desktop notifications will pop up with each individual threat that was detected and the action that was performed on the affected file. A summary is also made available at the end.
Why use it?
Mainly because it’s free, you don’t pay for anything and you get a powerful antivirus solution at no cost. Another advantage is that you don’t have to install anything on your already-infected machine, it is a live Linux image so it runs from RAM.
- Targeted at Windows machines, the live image includes support for Linux partitions and it even mounts them locally, but not all of them show up in the scanning window. I first tried the image on a CentOS 6 VM and while it correctly detected an ext4 and a btrfs partition, only the first one appeared in the device list.
- The CPU load gets quite high during the scan, but that’s reasonable considering it’s a live image.
- the image includes a screenshot tool which doesn’t run unless there is a Windows filesystem mounted