AVG Rescue CD Guide
This document contains:
- Acquiring the AVG Rescue CD
- Starting the AVG Rescue CD
- User Interface
- Scanning the computer
- Network settings and update
- Other utilities
The AVG Rescue CD is a standalone set of tools that can be started from CD or USB flash disk. It can be used to recover computers that are not able to boot or are infected in a way that will not allow normal operation. The whole CD or USB flash drive is a live CD with Linux operating system and AVG preinstalled on it.
This document will guide you through basic operations of AVG Rescue CD and its features. You can also get additional information in the Knowledge base section of the AVG web pages.
You can download the AVG Rescue CD from the download section for free. There are two files you can download - ISO file and RAR/ZIP archive. The ISO image can be used to burn a CD or DVD. The archive can be extracted on USB device (flash drive).
Using the ISO to create a bootable CD/DVD
The downloaded ISO file can easily be used to create a CD or DVD with AVG Rescue CD. You will need an application for burning a CD/DVD (e.g. Nero, imgburn, BurnAware Free). Do not use the Windows built-in burning feature, as it will not create a bootable disk.
In the burning application, choose option Burn Image file (ISO file or similar option). Insert the medium in the drive and confirm the burning. No special settings are needed.
Using the RAR/ZIP archive to create a USB bootable device
To create a USB flash drive variant of AVG Rescue CD, you will need to do the following:
- Extract the archive downloaded from AVG web to your preferred location.
- Double-click the extracted setup.exe file. It will guide you through the whole process. You will be able to select a USB drive from a listbox and setup will copy all necessary files to the selected USB drive and it will make the USB drive bootable.
- Please be careful not to run the makeboot.bat file directly from hard drive of the computer! This would overwrite the boot record and make your system un-bootable.
- After this process is finished (message will be displayed) you can close the window.
Preparing the computer
The AVG Rescue CD is now ready. Insert the CD in the drive or plug in the USB drive. You will however need to make sure that the computer you plan to use the CD/USB flash drive on can boot from such a device. There are various methods of setting this behavior on the computer. They depend on the specific maker of the BIOS of the computer. If unsure, consult the technical support of hardware vendor. The most common methods are:
- Pressing ESC during the startup. This may display list of bootable devices to choose from. Choose CD or USB.
- Pressing DELETE or F2 during startup to enter BIOS settings. When in BIOS, locate the option called Boot order, Boot Options or Boot. Here, move the CD or USB flash drive to the first place. Exit the BIOS, saving the changes. Please note, that changing settings in BIOS should only be done by skilled users.
- Pressing any key during startup, if message similar to "Press any key to boot from CD or DVD" appears.
Note: It is recommended to decrypt your hard drive in case it is encrypted before using AVG Rescue CD to ensure its full functionality.
The AVG Rescue CD will firstly display a welcome screen. You can proceed directly by pressing ENTER or waiting 10 seconds. If you need to specify some additional parameter, press F1. This will allow you to choose the screen resolution and will show other boot options. Alternatively, you can use the Memtest86+ option to start RAM memory diagnostic.
During the actual booting, the AVG Rescue CD will automatically mount all hard drives of the computer. This will make them available for scanning and editing. Also, network connection will be automatically set.
In the next step, you will be asked if you want to run an update of AVG. It is recommended to perform it. If you have a working internet connection, perform the online update. This will automatically download the necessary files. If the computer is not connected to the internet, you can update from files you have previously downloaded from the AVG web page and stored on the computer or on a USB flash drive.
See the Network settings and update section of this guide for additional information on setting the network manually and updating AVG.
After the booting procedure is finished, you will be presented with a simple user interface. To navigate between the options, use the arrow keys and Enter to select them.
From this menu, you can access all essential features of AVG Rescue CD. These are:
- Scan - for starting an on-demand scan
- Scan Result - for viewing reports of finished scans
- Update - to start update of AVG
- Vault - to view files stored in Vault of AVG installed on the computer and to restore them. This can be useful if a file was detected by a mistake
- Mount - to start mounting of storage devices. Use this option after inserting a USB device
- Network - to configure the network connection
- USB - to create a bootable USB flash drive containing AVG Rescue CD.
- Utilities - set of useful tools (see Utilities section below)
- Eject - to eject the CD/DVD-ROM disc tray
- Reboot - to restart the computer
- Shutdown - to turn off the computer
- About - to view information about the AVG Rescue CD
You may also choose to Exit the AVG Rescue CD interface. This will return you to the console where you can use commands to start additional Linux programs. To start the AVG Rescue CD interface again, type arl and press Enter.
To start a scan of the computer, select the Scan option from the user interface. You will then be able to set options for the scan. When confirmed, you can choose between two options - scan the volume or scan directory. The first option will scan all files on a selected drive. The second option will let you choose the specific directory to be scanned (to choose it, use arrow keys and the SPACEBAR. In the last step, you only need to confirm the start of the scan.
The progress of the running scan will be displayed. You can stop it at any time by pressing CTRL+C. Once finished, a scan report menu will be displayed. From there you can choose the following options:
- Report file - this will display summary of the detected files
- Delete all - all detected files will be removed from the computer. Be careful, as some files can be crucial for the Windows system and deleting them can make it inoperative.
- Rename all - detected files will be renamed. This will make any infection harmless, as the renamed file cannot be used to spread infection or harm the computer. The files are renamed by adding suffix _infected.arl
- Select - you will be able to choose actions for groups of files
- Individual - you will choose what to do for individual files
Generally, it is recommended to rename the files. This way you can always restore them if needed. Also, choosing the Select menu option is usually the best way to select actions for files (it is quicker than deciding the action for each file and you can make sure, that important files are not deleted). You can always access previous reports using the Scan Result option in the main menu.
The AVG Rescue CD attempts to configure the network connection during the boot. However, this only works for DHCP assigned IP addresses. If you need to use static IP address, use the Network option from the menu.
This will give you two options - DHCP or Static IP addresss. Select Static to enter manual settings. You will need to know the IP address that the computer should be using, subnet mask etc..
You can also change proxy settings in Network >> Proxy. You can set if proxy is enabled or disabled, type of autetnication (basic, NTLM, or any, that will automatically choose the type), proxy server IP address and port and user login and password.The update can be performed both online and offline. After selecting the Update option from the menu, you will have three options:
- Perform update online
- Download files
- Used local update files
The first one uses the network connection (if working) and automatically performs the update. The option to download the update files, allows you choose the folder on the computer where the files should be stored (and you will be also asked if you want to use them straightaway). The last option allows you to use previously downloaded files.
When the update is started, you can select which updates you want to download (priority). The lowest priority is virus database update, higher is program update and the highest contains optional files (help files etc.). If you choose a higher priority, all lower priority updates will be also downloaded.
Please note that you can also download the files beforehand from the AVG web page and access them from the USB flash drive. If this drive is plugged in after starting the AVG Rescue CD, use the Mount option in the menu, to make it accessible.
There are four utilities available directly from the user interface after selecting the Utilities option:
- Midnight Commander
- Windows Registry editor
While Ping is a simple tool, that can be used for basic network diagnostic (searching for IP address or computer name), other options are more advanced.
Midnight Commander is a two panel file browser. It can be used to go through files stored on the hard drives of the computer. Navigation through folders is relatively easy - use arrow keys to move and the ENTER key to select folder. You can switch to the other panel by pressing the TAB key. The most used functions are assigned shortcuts which are listed at the bottom side of the screen (e.g. F5 for copying). To access the top menu, press F9. Note that the MC will display the Linux files system on which the AVG Rescue CD is running. To find the hard drives and USB drives of the computer, move to the folder mnt. There, you will see all drives attached to the computer. The system disk of the PC should be the first one (e.g. sda1).
Windows Registry editor is a powerful tool to access and alter the Windows registries. It is only recommended for advanced users. Upon starting, you will need to select the Windows installation. Then you will be able to navigate through the registry keys as if they were folders. To edit them, use the listed keyboard shortcuts.
TestDisk allows multiple operations with the hard drives of computer (including recovery of deleted files, lost partitions, MBR record, etc.). As with the registry editor, it should be only used by advanced user as it can destroy all data on the drive. For more information on its use, please see the web page of the vendor of this application: http://www.cgsecurity.org/wiki/TestDisk_Step_By_Step
PhotoRec can be used to recover (undelete) removed files from the computer but also from connected devices – digital cameras, mp3 players or generally any flash disk memory. Note that you should not save other files if you want to recover some file. The newly saved files may overwrite the physical space on disk, where the file you want to recover is. For this reason, you should also save the recovered file to different partition or other disk. For more information on its use, please see the web page of the vendor of this application: http://www.cgsecurity.org/wiki/PhotoRec_Step_By_Step
Links is a text web browser similar to Lynx. It displays only text of visited pages and basic positioning on page. Some pages may not be readable from this reason (pages done mostly with pictures, in Adobe Flash or generally requiring some plugin to be displayed.)