Creating a Custom DVD or CD for Troubleshooting and Eliminating Viruses


Ever have a friend ask you to help them repair their computer only to find that its so bloated with malware that you think they should just nuke the site from orbit? Some recent malware can be quite difficult to remove. In these sorts of situations you might try an alternative approach: boot from a CD-ROM or DVD and run the repair tools while the virus-laden operating system (OS) is offline. There are other recovery tasks most easily performed while the OS is offline, but I spend more time helping people with malware than doing anything else for them.

How to create a bootable disc? You could do it with Linux, but then you’d have to learn another OS, I prefer to stick with Windows. Besides, there are a lot of useful tools already available for Windows. You may have heard of the Windows Preinstallation Environment (Windows PE or simply PE) that has been available to computer vendors for years. Microsoft made it available to everyone a few years ago, and I’ve found it to be extremely useful. There are several ways to create a customized Windows PE disc, the simplest approach is to use the Microsoft Deployment Toolkit (MDT) that some colleagues of mine in the Solutions Accelerators Team (SAT) at Microsoft created. You’ll need several gigs of storage space to download and use everything described below, make sure you have enough room before you start!

  1. Download and install MDT 2010, you can use the default values for the installation.
  2. Download Windows Automated Installation Kit (AIK) for Windows 7 and burn the disc image to a DVD. Run StartCD.exe from the DVD to install the AIK on your computer. Once again, you can use the default values for the installation. This is a big file, if you have an MSDN subscription I suggest that you download it from there because the MSDN downloader can resume interrupted downloads from where they left off.
  3. Download malware scanning tools and other utilities designed for offline use. There are a lot of free antimalware tools available, but for this troubleshooting disc you need those that will work in offline mode, I’ve been able to use Microsoft’s Malicious Software Removal Tool, Alwil Software’s avast! Virus Cleaner, and McAfee AVERT Stinger with ease.
  4. To create a Deployment Share in MDT
    1. Open Deployment Workbench from the Start Menu.
    2. In the console tree expand Deployment Workbench and right-click Deployment Shares.
    3. Select New Deployment Shares and specify a location for the deployment share such as C:\Deploymentshare.
    4. Accept the default values for the rest of the options and complete the wizard.
  5. You’re ready to create the troubleshooting disc, to do so
    1. In the console tree expand Deployment Workbench and right-click Deployment Shares.
    2. Right-click the deployment share you created in the details pane and select Properties.
    3. Select the Windows PE x86 Settings tab and click Generate a Generic Windows PE WIM File.
    4. Enter an Image Description such as Offline Troubleshooting.
    5. Select Generate a generic bootable ISO image.
    6. Enter an ISO file name such as Troubleshooting_Disc.iso.
    7. Next to Extra Directory to Add enter the path to the folder where you saved the malware and troubleshooting tools in task 3.
    8. Set the scratch space size to: 128.
    9. Click on OK.
    10. Right click on the Deployment Share and choose Update Deployment Share.
    11. Click on Next two times, and then click Finish.
    12. Burn the iso image file to a CD-ROM or DVD, it will be located in a directory called Boot folder in the deployment share folder, e.g. c:\Deploymentshare\Boot folder\Troubleshooting_Disc.iso.

Your troubleshooting disc is ready to go, when you boot the stricken system the system drive is X:, and you’ll find your troubleshooting tools in the root of that drive.

This brief article has only brushed the surface of what’s available in MDT, if you have to manage more than a few PCs or if you have to install Windows frequently then you should look at what else it has to offer. MDT greatly simplifies the tasks involved in creating and maintaining installation images and deploying those images to different computers.

Kurt Dillard

kurtdillard.com

Facebook LinkedIn

2 Responses to “Creating a Custom DVD or CD for Troubleshooting and Eliminating Viruses”

  1. John Dangerbrooks says:

    Now, don’t let my Grammar professor catch you, or he’ll be lecturing you on Coherence and Cohesion in style of writing!

    Anyways, there is a considerably better version of this tutorial from available from Microsoft: Malware Removal Starter Kit.

    http://www.microsoft.com/downloads/details.aspx?familyid=6cd853ce-f349-4a18-a14f-c99b64adfbea&displaylang=en

  2. Kurt Dillard says:

    John,
    I agree that the MSRK is valuable, but there are major differences between the current version of the MRSK and what I wrote in this brief article:

    1. This is based on WAIK 3.0 and Windows 7, the current MRSK uses WAIK 1.0 and Windows XP.
    2. This uses MDT 2010 which simplifies creating and maintaining the bootable image file, for example, you don’t have to manually load and edit the registry.
    3. Using MDT 2010 means that you can update the malware utilities in the image, in the current MSRK you have to restart from scratch in order to update the utilities.
    4. Using MDT 2010 means that you can easily add custom hardware drivers to the image, or use PXE to boot the infected computers from the network rather than a disc.

    Nevertheless, the current version of the MSRK has a lot of useful information and its worth a read.