How do I integrate the latest database into Rescue CD on USB drive?

Hello!

 

How can I integrate the latest database with the latest definitions into F-Secure Rescue CD on a USB drive? I noticed that there is some mention about this in the most current guide (see link below).

 

Guide (PDF): http://download.f-secure.com/estore/rescue_cd_user_guide.20120606.pdf

 

"You can download the Rescue CD updates to a USB drive using a healthy
computer that has an Internet access. This USB drive must be more than 512
MB and less than 16 GB in size for the Rescue CD to recognize it. In addition,
the USB drive must have at least 400 MB of free space. You can use this USB
drive to fix a computer that cannot connect to the Internet and so cannot
download the Rescue CD updates."

 

From what I can tell, this means that even if the infected computer does not have Internet access, I can still scan it using the latest database. Correct?

 

Then the guide goes on to explain how to do this.

 

"Recommended method:
1. Create a new directory called fsecure to the USB drive.
2. Go to the fsecure directory and create a directory called rescuecd under the
fsecure directory.
3. Start the Rescue CD while the USB drive is still connected to the computer.
When the Rescue CD starts, it finds the USB drive you have configured for
it.
4. Select Next when the Rescue CD notifies you that the memory stick has
been found.
5. The Rescue CD starts to download the latest databases.
The Rescue CD has finished downloading databases when the end-user
license agreement appears.
6. The memory stick is ready and you can remove the CD and the memory
stick.
7. Insert the memory stick to the computer you want to fix and use the Rescue
CD to boot the computer."

 

I don't understand this part. At all! Why would I want to create a folder named fsecure on the USB flash drive? My guess is that this applies only to computers that are able to boot into normal Windows mode and that they have F-Secure Internet Security installed already. Where you would actually create the Rescue CD from within Internet Security. This is a way for F-Secure Internet Security to recognize the USB flash drive to which you want to install Rescue CD.

 

In my case however, I am not able to boot into normal Windows mode. Windows keeps telling me that it has detected a critical error or a problem and that the computer will be rebooted in 1 minute. This is why I can't use normal mode. It also happens when I'm in safe mode. So I can't really use Windows at all.

 

The guide mentiones an alternative way to use the latest database.

 

Alternative method:
1. On a healthy computer with Internet access, Insert an empty USB drive.
2. Open http://download.f-secure.com/latest/fsdbupdate9-packed.run with
your web browser.
Your web browser asks you what you want to do with the file in the web site.
3. Choose to save the file to your computer.
4. After the web browser has finished downloading the file, go to the directory
where you downloaded the fsdbupdate9-packed.run file and copy it to the
USB drive.
5. Insert this USB drive in the computer on which you want to use the Rescue
CD.
6. Follow the instructions in Using the Rescue CD.

 

I have downloaded the mentioned file - fsdbupdate9-packed.run - but I'm not sure what to do with it. Just copy it over to an empty USB flash drive? But how will I make it bootable?

 

What I have done is I have Rescue CD ISO - rescue-cd-3.16-52606.iso - and UNetbootin (unetbootin-windows-578.exe). I used the UNetbootin to install the ISO onto the USB flash drive and make it bootable. Then I have copied the database file in the root of the USB flash drive. But this is not the correct proceedure, right?

 

I am currently running the Rescue CD from the USB flash drive using a database dating back to June (2012-06-26_02). It's 21% into the scan now, it's been running for almost 2 hours now, it's taking very long time even though the system disk of 500 GB is conencted (it's not scanning my storage drives because they are disconnected).

 

Would this process be faster if I run it from a CD instead of a USB flash drive?

 

Since it is taking so long time, I don't know if I would care to do it all over again with the latest database... it's a pain to wait so long for it to do its thing.

 

But anyway, how can I get it to work with the latest database?

 

The reason why I would like to carry the database on the USB flash drive is because there is no Internet connection on the infected computer. This is because I connect to the router wirelessly. And I don't have a cable long enough to connect with Ethernet cable. And my D-Link DWA-160 is not even blinking, and it's known to have issues in Linux environments.

 

Any help would be appreciated. Thanks!

Comments

  • SamirSamir Posts: 4

    The scan is complete! It took 5 hours and 29 minutes to complete a full system scan of about 400000 files across a 2 volume 500 GB disk drive.

     

    And what did it find? Nothing! It only found 1 malware, and this one might as well be a false positive, judging by its location. I can tell you that the F-Secure Rescue CD is absolutely worthless! I wouldn't trust its results.

     

    I did a quick scan with Windows Defender Offline yesterday and it immediately found 2 major voulnerabilities, one of them affecting a DLL file and another affecting the services.exe which is most likely the reason why I have not been able to use an anti-vrius software from within normal Windows mode. And it took only like 20 minutes!

     

    I did a full system scan today with Windows Defender Offline. The scan was completed within about 3 hours, which is much faster when compared to F-Secure Rescue CD. It scanned over 2 million objects. It found 7 new vulnerabilities (9 in total if you count the previous 2 from the quick scan).

     

    Why is the Windows Defender Offline so much more effective than F-Secure Rescue CD?

     

    Oh by the way, Windows Defender Offline has a much smarter way of dealing with virus definitions. You basically download an offline installer called mssstool64.exe and it asks you what kind of media you will be using (cd, dvd, or usb), and then it downloads the latest files and virus definitions from the Internet using a healthy computer and places them on the media. This is much better, and less complicated.

  • MJ-perCompMJ-perComp Posts: 1,098

    Hi,

    the Rescue CD has a totally different intention and is not meant for what you used it for.

    It's purpose is to enable you to scan files that are needed for system start or might be used during system start, thus it does NOT search for  Macros inside a word-document.

     

    The scanned number of items is no usable value as each vendor uses it's own way to count. e.g.  one zip-file or 295 Files insinde a zip...

     

    I hope you had the system connected to the Internet, so that the Rescue CD was able to update the databases.

    F-Secure also allows to provide the DBs on an external stick which you can update on a different system.

     

    I have no complete list of what it scans and what it does not scan, but after running it you should be able to start your system and do a full scan using the Online-Scanner which gives you additional detection using F-Secure's reputation sercvices.

     

    Finally please check the latest Tests done by AV-Comparatives.org and AV-Test.de both confirm F-Secure's excelent speed and detection rates esp. in proactive detection., while microsoft is speedy, but ... detection is somewhat poor.

     

    If you post MS's scan report we might find out what it found and if F-Secure did miss something important.

     

    HTH

  • Hi there. Where can I find the MS scan report? Thanks. image

This discussion has been closed.