USB MultiBoot Toolkit
May 1, 2011 1 Comment
I don’t know about you, but i have carried out my fair share of onsite virus removal or diagnosis. In previous employments, it was fairly straightforward to visit site, and then if needed take the machine away for further work.
Currently i am quite mobile in my work, and use public transport for 99% of any site visit i need to undertake. This makes taking a PC away, a bit tricky. More so if i needed to visit 2 or 3 customers… (i guess you could ask questions of their anti virus software, or of me if i am regularly visiting clients and taking their pc’s away – this is not the case i am just trying to set the scene!)
So anyway one such day was upon me, and i needed to visit a site with 2 infected machines. I had researched the virus’s as best i could online before visiting, and built myself a USB Pen drive of all the latest scanners, but, i kept thinking, there has to be an easier way… indeed some years ago i investigated the Microsoft Anti Malware Removal Kit, which was really good but a very manual process to build and maintain.
Of course the major downside to any scanner, is that it has to run from within Windows, therefore even if the OS is running in safe mode, it is quite likely, and even more so lately, that part of the malware is still running so potentially negating all your hard work.
The traditional solution to this would of course be to take the HD out and put it into another machine and scan it from there. Fine, if you have that other machine with you, what if you don’t? The ability to boot into an OS from a pen drive and scan the fixed physical drives in that system is a great solution..
With USB Drives of high capacity becoming very cheap, we don’t even have to limit ourselves to an anti virus scanner, indeed we can more or less take all of our tools with us…
To build a USB MultiBoot Toolkit you will need…
A USB Pen Drive, recommend at least 2GB (this will be formatted during the process)
The YUMI USB Multiboot program
ISO’s of your tools. (You can download these through the YUMI tool, links to my tools below)
So Firstly we need to download the program and then run it.. I’ll assume you have downloaded it already.
When running the program you will receive a UAC warning.. which you will need to acknowledge with a Yes.
The first page is the license agreement page, review and if you agree click on ‘I Agree’
You need to select your USB Drive letter from the drop down menu, if you cannot see your drive listed, try clicking on the ‘show all drives’ check box, but please do exercise caution when using this option.
Once you have your drive selected, under Step 2, you have a long list of all the available tools/ISO’s that are tested to work with this program. You can try untested ISO’s and i will show you one of those later on. The option to format your drive as part of the creation is also made available after you select your drive letter.
Let’s choose an Anti Virus program to start with, scroll down to find the ‘Acronis Rescue CD’ you will see that under step 3, you are asked to browse to your ISO file. If you haven’t already downloaded the ISO you can use the check box to the right hand side to launch a link to it.
Once the ISO is downloaded, you can browse to the file, and select it. You will notice the path to the ISO is now green, and the ‘Create’ button is also now live. Click on Create to start building your drive.
I am choosing to format my drive as part of the process.
When you are ready you can click on Create, you will be shown a summary of what will happen to your drive, and you have the option to accept (Yes) or cancel (No)..
When the process has finished, you are only left with the option to click on Next. When you do you are asked if you would like to add any more ISO’s to the pen drive at this time. Since i also want to add some other Anti Virus tools, i am clicking on Yes.
When you select yes, you will be taken back to the start of the program. You will need to choose the drive letter again, and then choose the ISO you want from the list. This time i am using the Kaspersky Rescue CD.
When you scroll down, you will notice that any ISO you have already added will no longer show up.
Browse to your ISO and then click on Create, to add the ISO to your USB drive.
Your new ISO will be added, and then you will need to click next then you can choose to add another ISO, or not. I want to show you how to add an unlisted/untested ISO, so click Yes.
The ISO i am going to add is Acronis True Image Home 2011, you need to have purchased the product in order to create the bootable media ISO, which i am not going to cover, so i will assume you already have it.
So let’s scroll down, and choose the option ‘Try and Unlisted ISO’ then click Browse to find your ISO.
Again you can see the path to the ISO is now shown in green, click on Create to add this ISO to your USB pen drive.
When the ISO has been copied and added to your toolkit, you can click on Next to complete the process.
We don’t want to add anymore ISO’s at this point, so click No when you are prompted, and then you can click Finish to close the application.
Your bootable USB Tool Kit is now ready to be tested. On the device we have 2 Anti Virus programs and a Disk Imaging tool.
Lets now try to boot up the USB Pen Drive and see what happens…
Remember you may need to set your BIOS to boot from USB first, or use the Boot Menu option (usually F12) to boot your USB device
The first screen we see is our menu..
We have 3 options, the first (the default) will boot the first drive in the system if you leave the countdown at the bottom of the screen to get to zero..
The second option will launch a sub-menu, use your arrow keys to select the option, then press enter to select.
Here you can see the two anti virus tools we added to the pen drive, again using your arrow keys and the enter key you can select which tool to boot.
I’m going to choose the Kaspersky tool, and when i select it i am prompted to choose from three options..
I am going to just choose the first option here to run the ‘Kaspersky Rescue Disk from this USB’.
Please be patient! It can take some time for the System to boot, patience is a virtue!
You will now see a text based output on the screen as the tool is loaded, and eventually you will be prompted to review and accept the license agreement.
If you Press ‘A’ to accept the agreement, if you do agree that is, the tool will continue to load and eventually you will be able to use the tool to scan the hard drives of the system the tool is running on.
Now, the thing that i thought was really cool about this, and what was a drawback from the Microsoft Malware Removal Kit, was that a lot of the Anti Virus vendors that have rescue disks, can actually be updated live. Assuming you have a live internet connection with supported network hardware/drivers (so far all the systems i have tested on have worked with an Ethernet cable, however not with Wireless network cards)
As you can see below, when i check the status of my definitions from Kaspersky they are outdated – but i should now be able to click the start update button, and downloaded the very latest definitions…
(apologies for the awful quality VT – blame the iPhone and a shaky hand..)
The process did take about 15 minutes on my test system, but of course your results will vary depending on your own internet connection.
So that is the Kaspersky Rescue Disk, if we Reboot we can choose to run either of the other tools.
There are a huge amount of tools that can be added to your USB Toolkit, and really you are only limited by the size of the drive.
Currently i am running my toolkit on an 8gb Kingston Data Traveller, and i have the following tools…
Avira AntiVir Rescue CD
AVG Rescue CD
Kaspersky Rescue Disk
BitDefender Rescue CD
OphCrack XP (Local admin password reset)
OphCrack Vista (Local admin password reset)
Offline NT Password & Registry Editor
PING – Partimage Is Not Ghost
GParted (Partition Tools)
Parted Magic (Partition Tools)
Trinity Rescue Kit
Windows 7 Professional
Acronis True Image Home 2011