Now it is time to release the new Rescue CD for which we put out the beta some time ago. We decided to update the version number to 3.11 since we added a couple of useful utilities to the CD image. Otherwise this is the same version as is available on our Internet Security 2010 installation CD.

The new utilities on the CD are:

* PhotoRec is a tool that can be used to recover data that has been accidentally deleted or lost due to a corrupted file system on a disk.
* TestDisk is another data recovery tool that can be used to recover a lost partition, for example.
* smartmontools contain utilities that can be used to inspect S.M.A.R.T. values of hard disks. By analyzing these numbers you may get a hint if your hard disk is starting to show signs of breaking down. Check the Documentation page for more information and tutorials on how to use the tools.

Note: F-Secure does not provide any support for using the above mentioned utilities and the best resource for help on using them can probably be found from their Wiki pages.

Have a look at the release notes and then download the product package here:

f-secure-rescue-cd-3.11.23804.zip
f-secure-rescue-cd-3.11.23804.zip.md5sum
f-secure-rescue-cd-3.11.23804.zip.sha1sum

We noticed that lately our posts about Rescue CD have been quite technical and focusing on details. So, here’s a brief overview for the people who aren’t that familiar with the tool yet.

What is Rescue CD?
Rescue CD is a free tool you can use to fix a computer that no longer starts because the operating system has been corrupted by malware. For more advanced users, Rescue CD enables other kinds of repair and data recovery operations as well.

When should I use it?
There are two main situations when you should use the Rescue CD:

• The computer no longer starts, as the operating system has been corrupted by malware. In this case you can use the Rescue CD to scan the computer and quarantine the malware. This may allow the operating system to start properly again.
• If you suspect that your security software has been compromised by malware. You can use the Rescue CD to check this, as it is independent of the operating system.

How does it work?
Rescue CD contains a Knoppix (a kind of Linux) operating system which allows using your Windows PC and getting access to the hard disks.

How do I use it?
Rescue CD is included on our Internet Security CD. If you don’t have it, or need to have the newest version, you can download it from here in the blog or on the F-Secure website, and burn it on a CD yourself.

Also, prepare to provide our latest malware definition databases to the tool. This is done either by simply having a network connection or using a USB stick. Instructions for the latter option can be found here (under Using USB stick to store malware definitions).

After getting rescued, remember to make sure that you have an up-to-date security solution to keep you from trouble in the future.

For more information and basic instructions for using the Rescue CD, please check the Rescue CD User’s Guide. And if you still have questions, comments or problems regarding the tool, drop us a line! Ideas and feature requests are also welcome.

For a while now we have been doing incremental work to push out new RescueCD with new features.

So what new do we have?
Here is a Quick Changelog

• New Security Platform
• New Knoppix
• USB stick improvements
  • Ability to speed up the process by storing malware definitions on USB stick if scan is done often
  • Ability to automate scanning or enable malware definition download behind a proxy
  • Ability to run personalized automated script for the system as part of the process
  • Ability to convert RescueCD into bootable USB stick

New Knoppix

We have taken the Knoppix 6.0.1 as the new base for the RescueCD. It has been stripped down somewhat to make download a bit smaller and initialization process is slightly altered to make it fairly simple to use. If you think some crucial tool is missing from the image please let us know and we consider including it later. Both emacs and vi are removed on purpose :)

New Security Platform

Security Platform has been updated to version 2.50. It should be faster now.

Extended usability of USB stick with the product

Using USB stick to store malware definitions

To use USB stick as malware definition storage initialize USB stick by creating directory fsecure on the stick and under that subdirectory rescuecd. Now when you boot the machine with RescueCD and USB stick is inserted into machine it will automatically use the stick to store definitions into. (there must be ~256MB of free space on the stick)

To automate the scan process with help of USB stick

Act as above and after you have booted up you can have a look at the config file /mnt/usbstick/fsecure/rescuecd/config. This file explains different options that can be useful to automate the process or enable virus definition downloads by setting a proxy.

If you wish to automate the scanning process just set the TIMEOUT=5 and every dialog will show only for 5 seconds and after that proceed to next step. Process will halt to last screen that shows scan result.

If you are behind a proxy you can set the http_proxy in the config file according explained specifications.

Running personalized script as part of the process

If you have initialized the USB stick you can create file /mnt/usbstick/fsecure/rescuecd/custom_script.sh

This script can contain your own customised actions that are taken before scan process. This is basically same thing as repair_script.sh used to be, but just renamed to have more generic meaning. You can for example use this script to backup all pictures or documents from your machine to the stick (if it is large enough) or have rsync backup files to remote machine over network.

Converting RescueCD into bootable USB stick (for advanced users)

One of the nice features that we managed to push to the CD is transmogrify script. This script can be used to change normal USB stick into bootable RescueCD stick. Word of warning thou the script will delete everything from target device. So be very careful as you use it to create your bootable USB stick.

To create a USB stick version of the RescueCD, please run the following command in ‘Alt-F2′ after booting the CD:
/opt/f-secure/transmogrify_cd_into_stick.sh [cdrom device] [usb stick device]

[cdrom device] usually is one of the following /dev/hda /dev/hdc /dev/sr0. You can verify the device by changing to different virtual console with ‘Alt-F2′ and typing df. The device on the very first line with /mnt-system is the device you wish to use as first argument to the script.

[usb stick device] is bit harder to figure out. If you have just booted the computer without any stick and have the one that you wish to use in your hand insert it in and check dmesg | grep -A2 usb-storage. Command should print out something like

usb-storage: waiting for device to settle before scanning
scsi 126:0:0:0: Direct-Access USB 2.0 USB Flash Drive 0.00 PQ: 0 ANSI: 2
sd 126:0:0:0: [sdd] 3948544 512-byte hardware sectors (2022 MB)

so in this case destination device would be /dev/sdd
Note: if you create USB stick after databases have been downloaded you will have the fresh virus description databases already on your next boot.

The package can be downloaded here.
Please have a look at the release notes before using the product. They are also available inside the zip package.

checksums for f-secure-rescue-cd-beta-3.10.22900.zip:
md5sum: bbef00aa8e0be2c6398cd1cdfba71470
sha1sum: 12a339b755323c170eb2b1c0e2ddcc88b1b0f0cb

And as before comments and suggestions are welcome trough email address displayed at the bottom of the page.

Many thanks to KNOPPIX team NTFS-3G developers and people in OSS scene.