Here is an another free rescue disk offered by Trend Micro which i recently came to know about. Rescue Disk is the last method used to clean an infected machine when it is way too difficult to remove in Windows itself when the infected system files are loaded into memory.  You might remember that our CD – Kamal`s Multiboot CD also contain various tools to bring your system back to normal state.

Trend Micro Rescue Disk is a portable solution that uses a CD or USB drive to examine your computer without launching Microsoft Windows. It finds and removes persistent or difficult-to-clean security threats that can lurk deep within your operating system.

Trend Micro Rescue Disk works differently if compared than other rescue disk because it only scan hidden files, system drivers, and the Master Boot Record (MBR) of your computer’s hard drive without disturbing the operating system while others allows you to scan every single file on the computer that may take hours to complete. It is a linux based live CD that doesn’t have much or in fact any options for you to select.

The Trend Micro Rescue Disk creator is a 63.5MB executable file where upon launching you will be asked to create either a USB or CD/DVD rescue disk. Both devices will need to be empty so make sure you’ve backup the files on your USB drive or else the rescue disk will wipe the drive. I have no problems using USB or CD-RW to create the Trend Micro Rescue Disk but when I tried a DVD-RW, it kept on telling me to enter a blank CD or DVD when Windows 7 is able to detect it as an empty drive.

I infected my virtual computer with a TDSS level 4 (aka TDS4 and Alureon) sample to see if Trend Micro Rescue Disk is able to detect and clean the rootkit. Then I booted up the virtual computer with the CD based Trend Micro Rescue Disk and I see the following screen with only 2 options, Remove Threats or Rollback Last Threat Removal.



Trend Micro Rescue Disk starts to scan for any infection. The whole scanning process takes only a few minutes.

When the scanning was completed, Trend Micro informs me that it has found and removed 1 threats which was the TDS4 rootkit that I have installed. Press the ENTER key to restart the machine.

If for some weird reason your computer cannot be started after scanning and cleaning with Trend Micro Rescue Disk, you can boot up your computer again with the Rescue Disk and select the second option “Rollback Last Threat Removal” which will undo any changes made. There is no auto update option on this rescue disk. The official page also doesn’t tell when was it last updated. If you would like to know when was this rescue disk last updated, you need to check the HTTP header of the file. Paste the link of the rescue disk to web-sniffer.net and check the Last-Modified value.

I believe that this free Trend Micro Rescue Disk emphasizes more on removal of persistent or difficult-to-clean rootkits and bootkits rather than millions of virus listed in antivirus definitions.

Download Trend Micro Rescue Disk ]