The Kaspersky Rescue Disk support tool is one of the best available. When you’re dealing with malware that is particularly deep-rooted in your system and that seems to be difficult to delete, you can rely on free software like the one offered by the well-known Russian manufacturer Kasperksy. This is an emergency disk (it can be stored on a USB stick as well as on a CD; the Kaspersky Rescue Disk ISO file weighs just over 200 MB) which is based on the Linux kernel (in particular, the Gentoo distribution) and which allows you to remove threats on any Windows system by directly accessing its file system and the information contained in the registry. By cleaning before accessing the operating system, you will avoid that any malware present is loaded and that it interacts with the detection and removal procedure.
The working environment proposed by Kaspersky Rescue Disk is excellent: a convenient graphical interface allows not only to start the procedure of updating viral signatures and to scan hard disks but also to “unlock” the access to the system in case the personal computer had been infected, for example, by some ransomware. This is a particular category of malware that generally takes hostage a portion of the system (some types of files, folders or the same master boot record). For more information about this, we suggest you refer to these articles.
The tool that allows you to “free” your system from ransomware is called Windows Unlocker and is present by default in the Kaspersky Rescue Disk package. Unlike the other components of the emergency disk, Windows Unlocker does not have a graphical interface: it is a “ready-to-use” tool that, in a fully automated way, examines the contents of the registry by diagnosing and removing keys related to the actions of the most dangerous malware.
Kaspersky Rescue Disk also integrates a “file manager”, very useful to recover your files in case the system is no longer bootable or to make a backup before proceeding with any disinfection, the browser Mozilla Firefox, the classic window of the Linux terminal, a utility (“Screen”) to save – in the form of an image – what is displayed on the screen (the image file will be stored in C:\Kaspersky Rescue Disk 10.0\Screenshots) and, finally, a utility for configuring the network connection.
In our case, as soon as Kaspersky Rescue Disk was started, the ethernet network connection was immediately enabled and working (also thanks to the activation of the DHCP server on our router). Otherwise, you can connect to your local network using the Configure Network utility.
Prepare boot media with Kaspersky Rescue Disk
The first step is to download the Kaspersky Rescue Disk ISO file with Windows Unlocker.
This ISO file can be burned to a CD even if our advice is to store it, along with your favorite utilities, in a USB stick prepared using a free software such as YUMI. This is a free application that we have presented several times on the pages of IlSoftware.it and that allows you to make any USB stick bootable by inserting all the utilities you consider appropriate: the choice is vast and ranges from Windows recovery CD to software for data recovery, passwords, disk imaging, disk partitioning, for secure erasure of data, for antivirus and anti-malware. YUMI allows you to run any Linux distribution from a USB medium (on the other hand, Kaspersky Rescue Disk itself is based on Gentoo).
Some indications to use YUMI are given in this article or here, where we explain how to insert CloneZilla.
Kaspersky itself has prepared the Rescue2USB software which, once downloaded and started, allows you to automatically insert the Rescue Disk into a USB stick. Simply select the Kaspersky Rescue Disk ISO, the target USB drive, and then click the Start button:
Unlike YUMI, however, you won’t be able to insert any additional utilities into your USB stick.
Starting Kaspersky Rescue Disk at System Boot
If you leave a Kaspersky Rescue Disk USB stick or CD medium inserted in your system, the following screen should appear when you boot your personal computer:
By pressing any key, you will access a menu of choice through which you can select the preferred language (English).
At this point, you can choose Kaspersky Rescue Disk. Graphic mode so that the work environment can be used using a convenient graphical interface.
At the end of the boot, you will have to accept the conditions of use of the product by pressing the “A” key.
As soon as you enter the Kaspersky Rescue Disk workspace, you will be in front of a window like the following one:
At the bottom of the main screen, you will notice a Windows-like “taskbar” on which open windows and utilities will be listed. The button on the left allows you to access a menu of choice that reminds you of the Windows menu.