USB key fails booting

[littlebigman]

Hello,

I followed the following two articles to create a bootable USB key that will run the Kaspersky Rescue Disk, but both methods fail, using two different USB keys:

• UNetbootin - Create Bootable Live USB Disks For A Variety Of Linux Distributions From Windows Or Linux : "Determining root device: Could not find the root block device in ."
• Creating Bootable Kaspersky Rescue USB Disk : "Could not find kernel image linux"

Kaspersky only provides support for when trying to boot from a CD. Does someone know what I could try to get this to work as shown in the articles?

Thank you for any hint.

[Rubberman]

What steps are you taking (in detail) to make a bootable USB thumb drive via Unetbootin?

[littlebigman]

I just downloaded the Kaspersky Rescue Disk ISO file that works fine when burning a CD, and then ran the UNetBootIn utility to have it use the ISO to build a bootable USB key:

UNetbootin - Create Bootable Live USB Disks For A Variety Of Linux Distributions From Windows Or Linux | Megaleecher.Net

Maybe the ISO image is OK for CD's but a different version is required for a USB key?

[Rubberman]

It's possible that the Kaspersky ISO is in a format that unetbootin can't handle. I haven't run into this problem personally. I tested unetbootin with at least 20 different distributions when preparing to give a talk at an IEEE meeting last year about using bootable Linux thumb drives for data recovery and system forensics use.

[littlebigman]

Thanks for the feedback. I don't have the time nor the technicale knowledge to investigate, so I'll just keep an eye on what the Kaspersky people are doing about their live CD, and whether they make it available for USB.

I'd rather use Kaspersky because it has the best UI I saw when testing the main commercial offerings, and I read ClamAV isn't as good as these guys.

[Rubberman]

Linux gets pretty much ignored by the normal virus/botnet crowd since it's a lot harder to infect than Windows. Corporate systems and web servers, however, are the active targets of malware writers so good security practices are required. There are a number of tools that can help lock down your web-facing servers including such tools as inotify (will tell you when a file or directory tree is modified), etc. AV tools are mostly useful on Linux systems (IMHO) for:

1. Scanning email attachments
2. Scanning downloaded files that might be uploaded to Windows systems
3. Scanning Windows system discs for viruses and cleaning them when too infected for Windows-based tools to work.

Besides ClamAV, there are a number of proprietary (free and paid) AV tools for linux. Myself, I have installed ClamAV, F-Prot, AVG, and McAfee for Linux. I use one or more of them when scanning Windows discs for virus infections. My experience is that all of them will find something the others will miss. Each has different capabilities and tuning abilities (heuristics) that increase or decrease the tool's sensitivity. The only one I paid a license for (after a thorough evaluation of the free version) is F-Prot from Frisk Software International. It does a really thorough job on finding nasties and they have both 32 and 64-bit linux versions.

[littlebigman]

Thanks. I'm looking for a live CD to check a Windows host for viruses, and repair the files in case the AV finds anything. Ideally, the live CD + AV should be able to copy any Windows system file from the CD/DVD so as to avoid reinstalling the whole thing just for a few infected files, but I'm not sure any AV offers this feature.

[Rubberman]

No AV that I am aware of has a "fix-in-place" capability. However, if you use the AV tool to scan the disc for infections and have the appropriate system files available on the CD/DVD/USB drive you booted from, then you can copy them yourself. If it's only a few files, then it's not a major problem. If a LOT of files are infected, then it's a major PITA and a system wipe/restore may be the appropriate solution. Sometimes, you just have to shoot the horse!

[littlebigman]

Right, but I'm surprised AV solutions don't provide this option built-in. Reinstalling a whole computer, with the applications and data is a major PITA.

[Rubberman]

Unfortunately, with OS updates occuring on an increasingly frequent basis, this is a moving target that would be prohibitively expensive to hit. Only the OS vendor/provider might have a chance to do that if they are also providing the AV tools. I think that MS is heading in that direction, but as usual they are a day late and a dollar short of the target.