This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Scanning Devices With Rescue Disk

This Article Applies to:

  • Avast Small Business Solutions
  • Avast Small Office Protection

 

If you suspect your device is infected with malware, but all other virus scans (including Boot-Time Scan) were unable to resolve the issue, you can use Rescue Disk, which enables you to scan your PC when your system is not running. This method significantly increases your chances of detecting and removing malware because the malware is unable to counteract.

Rescue Disk is an installable feature within Avast Business Antivirus that allows the creation of a Rescue Disk to be used on a Windows device that is able to boot from USB/ISO/DVD. The feature can be installed on both Windows Desktop (Windows 7 and higher) and Windows Server (2008 R2 and higher).

Creating a Rescue Disk

Before you begin, you will need either an empty USB drive with a capacity of 2 GB or higher or a blank recordable DVD, PC with DVD writer, and burning software that can write from ISO file format (such as the built-in Windows Disc Image Burner).

If booting a VM, the ISO download can be used to "insert" the disk drive.

The USB drive is the preferred method. However, devices manufactured before the year 2000 may not be able to boot from USB and should use the DVD.

 

Once you are set up, go to the Protection > Virus Scans section of the client UI and click the Rescue Disk option on the right side of the screen.

On the Rescue Disk screen, check the Use UEFI boot file for modern PCs box to run Rescue Disk on a modern PC with UEFI (Unified Extensible Firmware Interface). For an older PC with BIOS (Basic Input/Output System), uncheck this box.

The first consumer PCs with UEFI were manufactured after the year 2005. Refer to the manufacturer's support documentation to determine whether the infected PC is using the modern UEFI or older BIOS. If you cannot find out this information, you can create both types (box checked and unchecked).

Then, choose your preferred method for creating a Rescue Disk and follow the respective instructions:

Create ISO File

  1. Click Create ISO file
  2. Select a location to save the Rescue Disk ISO file, then click Save
  1. Wait until Rescue Disk is finished creating the ISO file
  1. Burn the Rescue Disk file onto a blank recordable DVD

Create On USB

  1. Insert an empty USB drive into your device's USB port, then click Create on USB
  2. In the dialog, select your USB drive to start the process, then wait for Rescue Disk to finish loading onto the USB drive

Booting The Disk

Once you have created a Rescue Disk, you will need to boot from the disk, which may involve changing the boot order.

USB Drive

  1. Turn off the infected device and insert the USB drive containing Rescue Disk into the USB port
  2. As your device starts up, press the appropriate key to enter the Boot Menu
    • Because of the wide variety of PC and BIOS manufacturers, there are numerous ways to access the Boot Menu. The commonly used keys are ESC, F12, or F11. Look for the text on the computer's BIOS boot splash screen for the proper key to access the Boot Menu.
  3. When the Boot Menu appears, select your USB device containing Rescue Disk (it may be listed as Removable Devices, USB Flash Drive, USB Storage Device, or something similar)
  1. Press any key to start Rescue Disk

DVD

  1. Insert the DVD containing Rescue Disk into the DVD drive of the infected device, then turn off the device
  2. Turn your device back on
  3. As the device starts up, press the appropriate key to enter the Boot Menu
    • Because of the wide variety of PC and BIOS manufacturers, there are numerous ways to access the Boot Menu. The commonly used keys are Esc, F12, or F11. Look for the text on the computer's BIOS boot splash screen for the proper key to access the Boot Menu.
  4. When the Boot Menu appears, select your CD containing Rescue Disk (it may be listed as CD-ROM Drive, CDROM, CD/DVD/CD-RW, or something similar)
  1. Press any key to start Rescue Disk

Scanning for Viruses

Once Rescue Disk starts on the device, you can begin to scan for malware:

  1. Click the AvastPE Antivirus tile on the main Rescue Disk menu
  1. Choose what to scan:
    • All hard disks: Scans the entire device
    • Selected folders/discs: Scans only folders or discs you specify
  2. If desired, check the Scan all archives box to scan compressed files (RAR, ZIP, etc)
  3. If the device is connected to the internet, click Update VPS to ensure that Rescue Disk still uses the latest database of known virus definitions
  4. Click Next to run the scan (if you chose to scan only specific folders/discs, the scan will start after you have selected them)

Repairing or Deleting Infected Files

After scanning your device, Rescue Disk displays the results. If any threats are found, you can choose to Fix automatically (preferred) or Fix manually.

Fix Automatically

  1. Click the Fix automatically button
  2. Wait while Rescue Disk attempts to remove malicious code from all infected files while keeping the rest of each file intact (if the repair fails, the infected files are automatically deleted)
  3. Click Finish
  1. In the main Rescue Disk menu, select File > Restart

When the device restarts, you can remove the USB drive/DVD containing Rescue Disk.

Fix Manually

  1. Click the Fix manually button
  2. Check the boxes beside the files you want to apply an action to, then select an action:
    • Fix automatically: Removes only the malicious code from the selected files, and deletes threats that cannot be repaired.
    • Repair selected: Removes only the malicious code from the selected files, but threats that cannot be repaired must be manually deleted.
    • Delete selected: Permanently deletes selected files from the device.
  3. When the selected action is completed, click Skip
  1. Click Finish
  1. In the main Rescue Disk menu, select File > Restart

When the device restarts, you can remove the USB drive/DVD containing Rescue Disk.

Other Tools

AvastPE Browser

The AvastPE Browser allows you to browse the web outside of the OS. You will be taken first to the Avast forum as a homepage/starting point (e.g. to help search for your issue).

AvastPE Commander

AvastPE Commander allows you to perform file operations (view/copy/move/delete), and execute external programs. This can be very useful in navigating through the disk to remove some malicious file manually, or to disable/delete drivers/files that are preventing the OS from booting.

Registry Editor

This tool is useful for editing the registry hives outside the OS directly, e.g. in case of some corrupt key or malicious entry that cannot be removed.

Command-line Tool

This tool enables you again to run commands, search for/rename/delete files, whatever may be required.

File Menu

From the File menu item, you can immediately restart or shutdown the system. This is useful when the necessary changes have been made using Rescue Disk.

Tools Menu

From the Tools menu, you can open the previously mentioned registry editor or the Avast Support Tool.

Running the Support Tool outside of Windows helps gather important data, especially when the device is unable to boot to Windows. To learn how to run this diagnostic tool, see the respective section in Creating and Sending Support Packages.

Help Menu

Under Help, you can select About... to view the version of the disk.

FAQ

Essentially, any Windows OS that supports booting from the USB/ISO/DVD: Windows Desktop (Windows 7 and higher) and Windows Server (2008 R2 and higher).

No, the device does not require Avast Business (or other Avast versions) Antivirus.

When the disk is created, the virus definitions are stored. If the device then has internet connection, the definitions from the bootable disk can be updated at that time.

 

Other Articles In This Section:

Scanning Devices

Running Boot-Time Scan in Safe Mode

Related Articles:

Resolving Threats

Configuring Virus Scans