You are not logged in.

Wednesday, July 23rd 2014, 9:51pm

Dear visitor, welcome to Avira Support Forum. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

Loca

Community member

  • "Loca" started this thread

Date of registration:
Oct 8th 2007

Operating System:
Win XP Home SP3

  • Send private message

1

Thursday, July 16th 2009, 2:05am

Booting the Avira AntiVir Rescue System from USB flash drives or SD(HC) memory cards [version 3.6.9 with internet update function]

If you want to start the Avira AntiVir Rescue System from a USB flash drive or from a flash memory card, instead of a CD-ROM, you will need the following programs:

HP USB Disk Storage Format Tool
Avira AntiVir Rescue System as an ISO file (direct download as *.iso file, about 53 MB)
UNetbootin for Windows (direct download as an *exe file, about 4 MB)

What's more, your computer or notebook must support booting from USB flash drives or memory cards. As the case may be, you will have to adjust the boot order in the BIOS or call a boot manager during the start-up of your PC (mind the notices on the screen).

First, please install and run the "HP USB Disk Storage Format Tool" (the formatting function of Windows is *not* sufficient). Now you have to connect a flash drive or memory card to the computer that you plan to install the Rescue CD on.
Caution: The flash drive or memory card will get formatted, hence all data stored on it will get lost past recovery! Do not do this if you do not consent! Now select the drive/card under "Device", set the "File System" to FAT32 and check "Quick Format". Please do *not* check any other options, then click "Start":



You are warned again that all data on the drive or card will be deleted. If you are aware, confirm with "Yes":



When the formatting has been finished successfully, you will be shown a summary. Acknowledge it with "OK". Now you can exit the program:



Next, you need the Avira AntiVir Rescue System as an ISO image. You can download it either directly via the aforementioned link...

Avira AntiVir Rescue System as an ISO file (direct download as *.iso file, about 53 MB)

...or obtain it via the Avira website in the downloads section...

http://www.avira.de/en/support/support_downloads.html

...please make sure to download the Rescue System as an ISO image, not as an EXE file:



In order to write the ISO image of the Rescue System in a bootable way onto your flash drive or memory card, you still need the tool "UNetbootin". You can download it directly...

UNetbootin for Windows (direct download as an *exe file, about 4MB)

...or obtain it from the following website:

http://unetbootin.sourceforge.net/



Quoted

Important intermediate step:

Before running the downloaded "unetbootin-windows-***.exe", go to "My Computer" and recheck which drive letter is currently assigned to the USB flash drive or memory card that you want to install the Avira Rescue System on.


Now start UNetbootin, by the way this program does not have to be installed but can be run immediately. There you select "Diskimage" combined with "ISO" and specify the path to the downloaded ISO file of the Avira Rescue System. Under "Type", select "USB drive" (applies to memory cards, too), and under "Drive", select the drive letter of the USB flash drive or flash memory card that the Avira AntiVir Rescue System is to be written to. Caution: please be careful not to make any mistake at that point. This might result in serious booting problems for your computer. Finally, confirm it all with "OK".



Now the Avira AntiVir Rescue System is being written to the USB flash drive or the flash memory card in a bootable way:



Finally you are asked to restart the PC, which is only necessary if you want to have a go at your Avira AntiVir Rescue System straight away:



By the way, the new Avira AntiVir Rescue System version 3.6.9 and higher has got an integrated internet updating funtion. Please note that the DHCP Server function has to be activated in your router so you can use it (otherwise please refer to the following posting):




By the way, you can find a short guide on the USB flash drive or memory card:



_____________________
by Sebastian Lienau
(translated by Loca)

This post has been edited 4 times, last edit by "Michael_Mann" (Mar 31st 2010, 12:30am)


Loca

Community member

  • "Loca" started this thread

Date of registration:
Oct 8th 2007

Operating System:
Win XP Home SP3

  • Send private message

2

Thursday, July 16th 2009, 2:07am

Internet update without an activated DHCP Server

To use the internet update function of the Avira AntiVir Rescue System, it is very convenient to have an activated DHCP Server in one's router, but you can as well do without.
However, the Avira AntiVir Rescue System has to be informed about three things:

1: the local IP adress, that the Avira AntiVir Rescue System uses in the network
2: the "gateway" that establishes the connection between the network and the "outer world" and
3: the DNS Server that is responsible for resolving domain names into IP addresses

2 and 3 is normally accomplished by the router.

Let us assume you are using a Fritz Box with the IP 192.168.178.1 and your PC is to use the IP 192.168.178.200. First, go to the commandline of the Avira AntiVir Rescue System via "Miscellaneous | Commandline":



In the opened commandline, enter the following bold commands and confirm each separately with the "enter" key:

1. ifconfig eth0 192.168.178.200 netmask 255.255.255.0 determines the local IP address of the Rescue System and the subnet mask. Therewith, the Avira AntiVir Rescue System can access all devices in the local area network.
2. route add default gw 192.168.178.1 determines the gateway address. Normally, this is the IP of the router. Now the Avira AntiVir Rescue System can send packets out of the local network, too, addressing them to the router, that then deals with forwarding them.
3. echo "nameserver 192.168.178.1" > /etc/resolv.conf produces a configuration file for DNS (/etc/resolv.conf), which in turn points to the router as the name server.

The result looks like this:



Afterwards, a command like ping -c 4 dl1.avgate.net should work - it shows if the update servers of the Avira AntiVir Rescue System can be contacted:



Please note: The IP address, the gateway and the DNS Server may vary in different routers. The manual of your router will inform you.

Now you can exit the commandline by hitting the key combination Alt+F7 and perform an update, and then work with the Avira AntiVir Rescue System as usual.


_____________________________
by NiteHawk
(translated by Loca)

This post has been edited 3 times, last edit by "Michael_Mann" (Mar 31st 2010, 12:34am)


Loca

Community member

  • "Loca" started this thread

Date of registration:
Oct 8th 2007

Operating System:
Win XP Home SP3

  • Send private message

3

Friday, July 17th 2009, 2:13am

Short guide for the Avira AntiVir Rescue System

The following short guide on the functionality and handling of the Avira AntiVir Rescue System can also be found on the Avira AntiVir Rescue System CD (flash drive/ memory card), under:
{drive letter}:\html\index_en.html
You can find some illustrative screenshots there, too. All you need to display it is a browser.

Quoted

Avira AntiVir Rescue System

This is the Avira AntiVir Rescue System. The Avira AntiVir Rescue System is designed to boot from CD/DVD. In this manner it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. The Avira AntiVir Rescue System is updated several times a day. At Avira homepage you can download the most recent security updates or a current version of the Avira AntiVir Rescue System.

Usage

To start Avira AntiVir Rescue System insert the CD/DVD in your CD/DVD-ROM device and reboot the computer. Avira AntiVir Rescue System is starting the bootmanager now. If the Avira AntiVir Rescue System does not start automatically, see section 'Setting up your BIOS' below.
After Booting, you see the bootmanager-menu. You then can choose either booting from local hard disc or booting the Avira AntiVir Rescue System from CD/DVD-ROM. Press key '2' to choose "boot into AntiVir Rescue System" and confirm with 'enter'. Now the Avira AntiVir Rescue System is starting.

Setting up your BIOS

Avira AntiVir Rescue System is designed to boot from CD/DVD-ROM. To boot from CD/DVD-ROM the boot priority in BIOS has to be reorganized. For editing BIOS preferences the computer has to be restarted. After restart a key has to be pressed to enter BIOS. Usually the BIOS is printing the used key on the screen. On most systems it is 'del' or 'F1'. Press that key on booting to enter BIOS.
When you have entered the BIOS you have to set the first boot device to CD/DVD-ROM. This option is usually located in the index card 'boot options'. After confirming by 'save and exit' the computer is restarting again. Make sure that the Avira AntiVir Rescue System CD/DVD-ROM is in the CD/DVD-ROM drive. On some system booting from CD/DVD-ROM has to be confirmed on boot process by pressing any key. The computer is starting the Avira AntiVir Rescue System bootmanager now.


Booting the Rescue System

You will then see the graphical interface of Rescue CD loading modules and mounting devices. The default language is German, but you can change it to English anytime by clicking on the English flag on the lower-left side of the screen.

If you want to run a scan of all recognized drives, through all files, that will only record detected files, without changing them in any way, you can press Start Scanner after Rescue CD finished loading. If you need to specify other options, click on the Configuration button on the left side.

Configuration

Once you are in the Configuration screen, you can choose from the following options:

Scan mode
This section allows you to select what AntiVir will scan from the selected path.
  • Scan all files
    If this option is enabled, all files are scanned for viruses or unwanted programs, irrespective of their content and file extension. The filter is not used.
  • Smart scan
    If this option is enabled, the selection of the files scanned for viruses or unwanted programs is automatically chosen by AntiVir. This means that AntiVir decides respective of their content, whether the files are scanned or not.
  • Scan boot sectors only
    If this option is enabled, AntiVir only scans the boot sectors of the recognized partitions.


Action at malware discovery
This section allows you to choose what AntiVir will do when it detects a virus or other unwanted software.
  • Protocol malware records only
    If this option is enabled, detections are recorded in the log file, but the detected files remain unchanged.
  • Try to repair infected files
    If this option is enabled, AntiVir repairs detected files automatically, if it is possible to repair them.
  • Rename files, if they cannot be removed?
    If this option is enabled, the Scanner renames detected files that cannot be repaired. Direct access to these files (e.g. with double-click) is therefore no longer possible. Files can later be repaired and given their original names again.


Extended threat categories
This section allows you to choose what AntiVir will do when it detects a virus or other unwanted software.
  • Scan for dialers
    If you select this option, AntiVir will detect applications that dial to paid services without the user's consent.
  • Scan for joke programs (Jokes)
    If you select this option, AntiVir will detect applications that are designed to give someone a fright or provide general amusement (without causing harm or reproducing).
  • Scan for games
    If you select this option, AntiVir will detect computer games.
  • Scan for spyware (SPR)
    If you select this option, AntiVir will detect software that maybe is able to compromise the security of your system, initiate unwanted program activities, damage your privacy or spy out your user behavior.


Directory
This option allows you to choose what directory you want AntiVir to scan. This includes subdirectories. The default is /media/ which contains all your partitions recognized by AntiVir Rescue CD.

Information

If you click on Information on the left side, you can view the Readme file and the Log-File.
The Readme file provides you with general information about AntiVir Rescue CD.
The Log-File provides you with information from the last scan, like the version of AntiVir, the target directory, the number of scanned files, etc.

Miscellaneous

In the Miscellaneous section on the left side, you can open a console, update the scanner backend or shut down the computer.

The Shutdown button will close Rescue CD and power off your computer, and will also automatically eject the CD from the CD-ROM drive.
The Update button provides the possibility to update the scanner by internet, if an internet connection is available. You can start the update by clicking Start update Button.

The Commandline button will open a console, which will let you perform a scan with AntiVir using the command-line. This provides you with more options, for example, to rename infected files directly, without trying to repair them. For example, to run a scan of all the files in the recognized partitions, to include detection for all the extended threat categories, to scan in archives and to automatically rename detected files, you need to type the following command: antivir --allfiles --alltypes -z -ren /media/

You can type antivir --help for the complete list of options.

In the command line, you can also run various Linux commands, for example cp to copy a file. To be able to handle files stored on your hard disk, you need to know that they are automatically mounted in a directory under /mnt. Usually it's something like /mnt/hda1 or /mnt/sda1. You can type the mount command to see the list of mounted drives.

License

Avira AntiVir Rescue System is based on multiple components:

For searching malware Avira AntiVir is used, which is released under Avira GmbH End-user License Agreement (EULA)[1].

The linux kernel is released under General public license version 2 [2]. The kernel source code can be downloaded from www.kernel.org.

As bootmanager isolinux is used. It is an open source program, which is published under General public license version 2. The source code is available from www.kernel.org.

The commandline interface references busyboxes which are available under General public license version 2. The source code can be downloaded from www.busybox.net/downloads.

To provide support for NTFS file systems NTFS-3G is used. The driver is published under General public license version 2. The source code is available from http://www.ntfs-3g.org/index.html#download.

For backups the midnight commander can be used, which is published unter the General Public License version 2. The source code is available at http://www.midnight-commander.org/ for download.

For all parts of the Avira AntiVir Rescue System, which are published under General public license, the source code is also available by Avira GmbH. Please contact support@avira.com.

[1]Please refer to {drive letter}:\licences\EULA.txt
[2] Please refer to {drive letter}:\licenses\gpl-2.txt

Loca

Community member

  • "Loca" started this thread

Date of registration:
Oct 8th 2007

Operating System:
Win XP Home SP3

  • Send private message

4

Friday, July 17th 2009, 2:26am

Command line parameters and attributes for the Avira AntiVir Rescue System

The "Commandline" button opens a text based command prompt:


With the help of this terminal, you can start a scan where all options that the Avira AntiVir virus scanner offers are at your disposal.
For example, you can scan all recognized devices with the command antivir --allfiles --alltypes -z -ren /media/. This scan also includes archives and regards all extended threat categories. Infected files are renamed automatically.

The command antivir --help brings up a complete list of all available options:

Quoted

Usage is: antivir [options] [path[\*.ext]] [*.ext]
where options are:
--help .......... display this help text (abbreviation: -h or -?)
--scan-mode=<mode> applies "extlist", "smart" or "all" scan methods:
extlist scans files according to their filename extension,
smart detects which files to scan from their name/content,
all scans all files regardless of their name or content
--allfiles ...... synonymous for --scan-mode=all
--version ....... show version information
--info .......... show list of recognized forms
--update ........ update antivir
--check ......... used with --update to check for updates
--temp=<dir> .... specify the directory for temporary files
--pid-dir=<dir> . specify the directory for PID files
--home-dir=<dir> location of executable, VDF and key files
-C <filename> ... name of configuration file
-s .............. scan subdirectories
--scan-in-archive files in archives will be extracted and scanned
-z .............. synonymous for --scan-in-archive (scan in archives, too)
--archive-max-size=N, --archive-max-recursion=N, --archive-max-ratio=N
anti DoS feature: do not scan archive content which would
exceed the given file size, nesting level or compression
factor limits on extraction (0 means unlimited)
--archive-max-count=N anti DoS feature: do not scan archive content which
has more than N files in a recursion level
--scan-in-mbox .. scan mailbox folders, too (might be time consuming!)
--heur-macro .... enable macro heuristics
--heur-nomacro .. disable macro heuristics
--heur-level=N .. setup heuristics level: 0=off, 1-3=low-high
-nolnk .......... do not follow symbolic links
-onefs .......... do not cross file systems while following links
-noboot ......... do not check any boot records
-nombr .......... do not check any master boot records
-nobreak ........ disable Ctl-C and Ctrl-Break
-nodef ......... do only check the given file types (eg. *.DOC)
-cf<filename> ... activate CRC check and name the database
-cv ............. calculate CRC over the whole file length (default 16k)
-cn ............. insert new files into the database
-cu ............. recalculate CRC values and update the database
-v .............. scan files completely (slower with possible false alerts)
-nopack ......... do not scan inside packed files
-e [-del | -ren] repair concerning files if possible
[-del] non-repairable files will be deleted
[-ren] non-repairable files will be renamed
-ren ............ rename concerning files (*.COM->*.XXX,...)
-del ............ delete concerning files
--moveto=<dir> .. quarantine concerning files
-dmdel .......... delete documents containing suspicious macros
-dmdas .......... delete all macros if one appears to be suspicious
-dmse ........... set exit code to 101 if any macro was found
-r1 ............. just log infections and warnings
-r2 ............. log all scanned paths in addition
-r3 ............. log all scanned files
-r4 ............. select verbose log mode
-rs ............. select single-line alert messages
-rf<filename> ... name of log file
%d = day, %m = month, %y = year (two digits each)
-ra ............. append new log data to existing file
-ro ............. overwrite existing log file
-q .............. quiet mode
-lang[:|=]DE .... use German texts
-lang[:|=]EN .... use English texts
-once ........... run only once a day
-if<dateiname> .. antivir uses the given ini file
--with-<type> ... detect other (non-virus but unwanted) software, too;
type may be e.g. "dial", "joke", "game", etc,
there is a --with-alltypes shortcut
--without-<type> like --with-<type>, but disables this type
--alltypes ...... synonymous for --with-alltypes (obsolete)
--alert-urls=<yes|no> print URL for more detailed information on alerts
--warnings-as-alerts exit with a return code as if a concerning file
had been found when warnings have been issued
--exclude=<file> exclude files or directories from scan
--log-email=<addr> send out scan report by email, too
@<rspfile> ...... read parameters from the file <rspfile>
with each option in a separate line

list of return codes:
0: Normal program termination, nothing found, no error
1: Found concerning file or boot sector
2: An alert was found in memory
3: Suspicious file found
100: antivir only has displayed this help text
101: A macro was found in a document file
102: The option -once was given and antivir already ran today
200: Program aborted, not enough memory available
201: The given response file could not be found
202: Within a response file another @<rsp> directive was found
203: Invalid option
204: Invalid (non-existent) directory given at command line
205: The log file could not be created
210: antivir could not find a necessary dll file
211: Programm aborted, because the self check failed
212: The file antivir.vdf could not be read
213: An error occured during initialization
214: License key not found

This post has been edited 4 times, last edit by "Michael_Mann" (Mar 31st 2010, 12:36am)