Section 0. Background Information |
- Avira AntiVir Rescue System
- The Avira AntiVir Rescue System allows access to computers that cannot be booted. This makes it possible to repair a damaged system, to rescue data or to scan for virus infections.
- The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.
- http://www.avira.com/en/download/product/avira-antivir-rescue-system
- Lab Notes
- In this lab we will do the following:
- Download the Avira iso
- Boot Windows 7 VM into the Avira Rescue Environment
- Update Avira
- Download a Virus Signature sample file called MALWARE-TESTFILE.exe (Note: This is not a virus, just a one-line signature)
- Run Avira Antivirus Scan
- In this lab we will do the following:
- Prerequisites
- Instructions:
- Windows 7: Lesson 1: Installing Windows 7
- Instructions:
Section 1. Download Avira |
- Open A Firefox Browser
- Notes:
- Login to the machine that has VM Player Installed.
- Instructions:
- Click on the Windows Start Button
- Type firefox in the search box
- Click on Mozilla Firefox
- Notes:
- Open A Firefox Browser
- Instructions:
- Place the following address in the Firefox Browser
- Click OK to download
- Instructions:
- Navigate and Save
- Instructions:
- Navigate to your external USB hard drive.
- Create a directory call Anti-Virus Live CD on your
- Click Save
- Instructions:
Section 2. Start your Windows 7 VM |
- Edit Virtual Machine Settings
- Instructions:
- Click on Windows 7
- Click on Edit virtual machine
- Instructions:
- Configure CD/DVD (IDE)
- Instructions
- Configure CD/DVD (IDE)
- Click the radio button "Use ISO image file:"
- Click the Browse button and Navigate to the location of the rescue_system-common-en.iso
- Click the Okay button
- Instructions
- Start Windows 7
- Instructions:
- Click on Windows 7
- Click on Play virtual machine
- Instructions:
- Access the Boot Menu
- Instructions
- Once you see the below vmware screen, (1) Left Click in the screen and (2) press the <Esc> key.
- Instructions
- Boot from CD-ROM Drive
- Instructions
- Arrow Down to where CD-ROM Drive is highlighted
- Press <Enter>
- Instructions
Section 3. Using Avira Rescue CD |
- Press any key to enter the menu
- Instructions
- Type "1" after the boot prompt.
- Press <Enter>
- Instructions
- Loading Avira AntiVir Rescue System
- Note(FYI)
- Avira will not load its' rescue system.
- Continue to next step.
- Note(FYI)
- Open a Terminal
- Instructions
- Click on the Miscellaneous Tab
- Select Command line
- When you are prompted with the Rescue System Message, Select Yes.
- Instructions
- View IP Address
- Instructions
- ifconfig -a
- My IP Address is 192.168.1.106.
- ifconfig -a
- Notes (FYI)
- If you do not have an IP Address, do the following:
- dhclient eth0
- If you do not have an IP Address, do the following:
- Instructions
- Download MALWARE-TESTFILE.exe
- Note(FYI):
- The file MALWARE-TESTFILE.exe is not a virus.
- It contains only the below one-line virus signature that we will use to test Avira.
- X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
- Instructions:
- df -k
- /media/Devices/hdc - This file system contains the Avira Utilities
- /media/Devices/sda1 - This file system contains the actual C: Drive.
- cd /media/Devices/sda1
- Now you are in the actual C: Drive
- wget http://www.computersecuritystudent.com/WINDOWS/W7/lesson7/MALWARE-TESTFILE.exe
- This is the actual Virus Signature Test File.
- ls -l MALWARE*
- This verifies we have downloaded the test file.
- Press <Alt>-F7
- This will put you back into the Avira GUI.
- df -k
- Note(FYI):
- Update Avira
- Instructions
- Click the "Update" tab
- Click the Yes Button
- Instructions
- Update Results
- Instructions
- Once update is complete, you will see a successfully completed message.
- Continue to Next Section
- Instructions
Section 4. Configure the Avira Scanner |
- Open A Konqueror Web Browser
- Instructions
- Click the Configuration Tab
- Scan method: Select All Files
- Action when malware found:
- Select Repair infected files
- Select Rename file if repair is not possible
- Extended thread categories
- Select Dialiers
- Select Backdoor client
- Select Adware/Spyware
- Instructions
Section 4. Run the Avira Scanner |
- Start Virus scanner
- Instructions
- Click on the Virus scanner tab.
- Click on Start scanner button.
- Instructions
- Avira Summary Results
- Notes (FYI):
- After the scan finishes, Avira will list summary of the results.
- Notes (FYI):
- View MALWARE-TESTFILE.exe Alert
- Instructions
- Scroll all the way up in the log window
- Notice the Alert Entry
- Click the Save Button
- Instructions
- Save Ariva Log File
- Instructions:
- Navigate to /media/Devices/sda1
- Click the Save Button
- Instructions:
Section 5. Proof of Lab |
- Open a Terminal
- Instructions
- Click on the Miscellaneous Tab
- Select Command line
- When you are prompted with the Rescue System Message, Select Yes.
- Instructions
- Proof of Lab Instructions
- Instructions:
- cd /media/Devices/sda1/
- ls -l MALWARE*
- grep -i alert rescue-system_scan.log
- This shows you all the alerts in the Avira log.
- date
- Press <Enter>
- echo "Your Name"
- Replace the string "Your Name" with your actual name.
- e.g., echo "John Gray"
- Do a PrtScn
- Paste into a word document
- Upload to Moodle
- Instructions:
Section 6. Post Lab Instructions |
- Edit Virtual Machine Settings
- Instructions:
- From the VM Player Menu Bar do the following:
- Select Virtual Machine
- Select Virtual Machine Settings...
- Instructions:
- Edit CD/DVD (IDE)
- Instructions:
- Select CD/DVD (IDE)
- Select the Connection radio button: Use physical drive, with Auto detect selected.
- Click the OK Button
- Instructions:
- Windows 7 - VMware Player CD-ROW Disconnect Message
- Instructions:
- Select Yes
- Instructions:
- Power Off
- Instructions:
- Virtual Machine --> Power --> Power Off
- Instructions:
- VMware Player Message
- Instructions:
- Select Yes
- Instructions:
Không có nhận xét nào:
Đăng nhận xét