Thứ Ba, 26 tháng 11, 2013

Download and Run Kaspersky Rescue Disk (Antivirus Scan)



Section 0. Background Information
  1. Kaspersky Rescue CD 
  2. Lab Notes
    • In this lab we will do the following:
      1. Download the Kaspersky iso
      2. Boot Windows 7 VM into the Kaspersky Rescue Environment
      3. Update Kaspersky
      4. Download a Virus Signature sample file called MALWARE-TESTFILE.exe (Note: This is not a virus, just a one-line signature)
      5. Run Kaspersky Antivirus Scan
  3. Prerequisites
    • Instructions:
      1. Windows 7: Lesson 1: Installing Windows 7

Section 1. Download Kaspersky
  1. Open A Firefox Browser
    • Notes
      • Login to the machine that has VM Player Installed.
    • Instructions
      1. Click on the Windows Start Button
      2. Type firefox in the search box
      3. Click on Mozilla Firefox
  2. Open A Firefox Browser
  3. Navigate and Save
    • Instructions
      1. Navigate to your external USB hard drive.
      2. Create a directory call Anti-Virus Live CD on your
      3. Click Save

Section 2. Start your Windows 7 VM
  1. Edit Virtual Machine Settings
    • Instructions
      1. Click on Windows 7
      2. Click on Edit virtual machine
  2. Configure CD/DVD (IDE)
    • Instructions
      1. Configure CD/DVD (IDE)
      2. Click the radio button "Use ISO image file:"
      3. Click the Browse button and Navigate to the location of the kav_rescue_10.iso
      4. Click the Okay button
  3. Start Windows 7
    • Instructions
      1. Click on Windows 7
      2. Click on Play virtual machine
  4. Access the Boot Menu
    • Instructions
      1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the <Esc> key.
  5. Boot from CD-ROM Drive
    • Instructions
      1. Arrow Down to where CD-ROM Drive is highlighted
      2. Press <Enter>

Section 3. Using Kaspersky Rescue CD
  1. Press any key to enter the menu
    • Instructions
      1. Press <Enter>
  2. Select Language
    • Instructions
      1. Select Language of Choice, English is default.
  3. Accept Agreement
    • Instructions
      1. Press "1"
  4. Select Rescue Type
    • Instructions
      1. Select "Kaspersky Rescue Disk.  Graphic Mode"
      2. Press <Enter>
  5. Open a Terminal
    • Instructions
      1. Select KDE Start Button
      2. Select Terminal
  6. Get IP Address
    • Instructions
      1. ifconfig -a
    • Notes (FYI)
      • If you do not have an IP Address, do the following:
        1. /etc/init.d/network restart
          OR
        2. dhclient eth0
  7. Update Kaspersky
    • Instructions
      1. Click the "My Update Center" tab
      2. Click Start update

Section 4. Download MALWARE-TESTFILE.exe
  1. Open A Konqueror Web Browser
    • Instructions
      1. Click the KDE Start Button
      2. Click the Web Browser
  2. Download MALWARE-TESTFILE.exe
    • Note(FYI):
      • The file MALWARE-TESTFILE.exe is not a virus. 
      • It contains only the below one-line virus signature that we will use to test Kaspersky.
      • X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
    • Instructions:
      1. In the Konqueror Address Bar, place the following web address
        • http://www.computersecuritystudent.com/WINDOWS/W7/lesson6/MALWARE-TESTFILE.exe
      2. Click the Save As... Button
  3. Navigate to C: Drive
    • Instructions
      1. Click on the C Drive Picture
  4. Save MALWARE-TESTFILE.exe
    • Instructions
      1. Click Save
  5. Start Objects Scan
    • Instructions
      1. Click on All Three Check Boxes
      2. Click on Start Objects Scan
  6. Rescue Disk Alarm
    • Notes (FYI):
      • Kaspersky detected the c:/MALWARE-TESTFILE.exe
    • Instructions
      1. Click on Delete
  7. Open Report
    • Instructions
      1. Click the Report Link
  8. View Detailed Results
    • Instructions:
      1. Click Report
      2. Click Detailed Report
  9. View Last Object Scan
    • Instructions
      1. Click On the Last Object Scan
      2. View the Detected Viruses
Section 5. Proof of Lab
  1. Open A Terminal
    • Instructions
      1. Click on the KDE Start Button
      2. Click on Terminal
     
  2. Proof of Lab Instructions
    • Instructions:
      1. find /mnt/* -name "*.exe" | grep MALWARE | wc -l
        • This command returns a "0" because the sample virus was deleted.
      2. date
      3. Press <Enter>
      4. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
      5. Do a PrtScn
      6. Paste into a word document
      7. Upload to website www.antoanthongtin.edu.vn
  3. Edit Virtual Machine Settings
    • Instructions
      1. From the VM Player Menu Bar do the following:
      2. Select Virtual Machine
      3. Select Virtual Machine Settings...
  4. Edit CD/DVD (IDE)
    • Instructions
      1. Select CD/DVD (IDE)
      2. Select the Connection radio button: Use physical drive, with Auto detect selected.
      3. Click the OK Button
  5. Windows 7 - VMware Player CD-ROW Disconnect Message
    • Instructions
      1. Select Yes
  6. Power Off
    • Instructions
      1. Virtual Machine --> Power --> Power Off
  7. VMware Player Message
    • Instructions
      1. Select Yes

Không có nhận xét nào:

Đăng nhận xét