This month, Microsoft released the Malware Removal Starter Kit. And let me begin by saying how funny it is when things come around full circle.
Up until the mid-1990s, I always kept an antivirus disk in my car. The disk was simply a bootable, write-protected floppy, with a simple but effective antivirus program on it. The idea was that if a system became infected, I could use the disk to boot from a clean operating system, and then use the antivirus software to cleanse the infected machine. Although this technique worked very well, it eventually became obsolete. PCs no longer have floppy drives, antivirus programs are too large to fit on a floppy and DOS has gone the way of the dodo.
The basic idea is that you can create a bootable CD that boots using a Windows PE operating system (OS). Windows PE is a watered down version of Windows that was originally designed as an OS for running the graphical portion of Windows Setup. Even so, there are a few antivirus applications that will run in a Windows PE environment (the Malware Removal Starter Kit gives you a full list).
While the Microsoft Malware Removal Kit itself is nothing more than a text file that you can download, that text file tells you how you can create a modernized version of the boot disk that I described earlier.
There are some obvious advantages to creating a CD for the purpose of removing malware from an infected system. One drawback, however, to this technique is that Windows PE does not support network connectivity, so you will not be able to download updated antivirus signatures. One way of getting around this problem is to place an updated copy of your antivirus software on to a USB flash drive. You can run the software directly from the USB flash drive, rathe
To continue reading for free, register below or login
To read more you must become a member of SearchEnterpriseDesktop.com
r than using the version on the CD.
Creating a malware removal disk requires you to download and install the Windows Automated Installation Kit. You can run the Windows AIK on Windows XP (SP2 or higher), Windows Server 2003 (SP1 or higher) and on Windows Vista. The instructions that I am about to give you are for Windows XP and Windows Vista.
Creating the CD
The first step in creating a bootable Windows PE CD is to create a Windows PE build that you can place on the CD. To do so, follow these steps:
Now that you have configured the Windows PE environment, you must prepare the antivirus software. There are a number of antivirus products that can be used, but for the purposes of this article, I am going to use Microsoft's Malicious Software Removal Tool. If you want to use something else, then I recommend consulting the Microsoft Malware Removal Starter Kit documentation to see if your particular product can be used.
Enter the following command to create a folder named Tools beneath the C:\WinPE\mount folder:
Doing that will create a 200 MB ISO file. Use CD burning software to create a bootable CD from this ISO file. When you boot the CD, the Malicious Software Removal Tool will not run automatically. You can find the Malicious Software Removal Tool in the CD's \Tools folder.
About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.
