Sunday, 17 August 2014

Add Desinfect+Persistent Virus Updates to your Easy2Boot USB drive

Here are the steps to add the Desinfect 2014 (and 2015/2016/2017) ISO to you E2B USB drive and have persistent virus definition updates too ...

As well as your E2B USB drive, you will need a spare 4GB or larger USB Flash drive that can be wiped - otherwise you will need a previously-made desinfect bootable Flash drive. This spare drive is not needed once the E2B installation has been completed.

I also had an internet connection (via Ethernet) connected to the system so that I could get the latest updates.

Direct link to .mnu file for persistent updates here and also the .mnu file is in the E2B's \_ISO\docs\Sample mnu Files folder.

If you are new to Easy2Boot, the instructions here may help too.
You can, of course, add 100's of different  linux LiveCD ISO files or Windows Installer ISOs or 100's of other files to the E2B drive as well as Desinfect! See here for a list of tested payload files.

Tip: Before you begin, I suggest you just first use a spare USB Flash drive to install Desinfect onto. You will need this anyway, so it is best to create one now and check it works!

If you have more than one Desinfect (e.g. 2016 and 2017) on the same E2B USB drive, you will need to change the name of the \desinfect-rw file in one of the .mnu files (e.g. use \desinf2016-rw for the 2016 .mnu file and create a new \desinf2017-rw ext2 file using RMPrepUSB).


On your E2B USB drive...

1. Make an ext2 file -  the Volume Name of the ext2 file must be desinfSIGS - create a 1000-2000 MB ext2 file using RMPrepUSB - Create Ext2 FS as follows:

File Name       = desinfect-rw  (must match the filename specified in the .mnu file)
Volume Name = desinfSIGS    (do not change!)
Size                 = 2000 MB        (1000MB minimum but I suggest larger to allow for more updates)

Note: ext3 is less prone to file corruption than ext2. You may wish to use ext3 instead of ext2 (untested).

2. Add the .ISO to your E2B drive (name must be ct_desinfect_2014.iso) as well as the .mnu file - e.g. you should now have added to your E2B USB drive:
  • \desinfect-rw
  • \_ISO\MAINMENU\MNU\ct_desinfect_2014.iso
  • \_ISO\MAINMENU\MNU\Desinfect_2014_with_Updates.mnu (find it in the \_ISO\docs\Sample mnu Files folder)
Or for Desinfect 2015:
  • \desinfect-rw
  • \_ISO\MAINMENU\MNU\desinfect-2015.iso  (extracted from original ISO file)
  • \_ISO\MAINMENU\MNU\Desinfect_2015_with_Updates.mnu (download from the E2B Alternate Download Area if not in the \_ISO\docs\Sample mnu Files folder)
Don't forget to run WinContig (RMPrepUSB - Ctrl+F2) to make all files contiguous! You can use any of the \_ISO\XXX\MNU folders depending on what menu you want desinfect to be listed in.

3. Boot from the E2B drive to desinfect - this must be done on a real system, NOT a VM.

4. We now need to copy the signature files from a Desinfect bootable USB Flash drive that has been made by the Desinfect 'Create USB' utility. If you don't already have one, then make one now...

Insert a spare 4GB or larger USB Flash drive into the system and click on the Desktop icon to 'Create bootable USB drive with desinfect' - follow the prompts to create a Bootable USB drive - untick the  'Kompatibilitat' box or else your will get a GPT disk!

After the USB drive has been made, you should be asked if you want to copy the latest updates - I chose Yes at this point. If you choose No then there will be no new updates and you will have to update the E2B ext2 partition later anyway. The update download can take quite a while (e.g. 40 minutes to 2 hours!). If you just want to get the E2B USB drive working without waiting an hour or more then choose No.

5. Shutdown desinfect.

6. Remove the spare USB Flash drive (important!) and reboot from the E2B drive to desinfect again (English or default German language).

7. Insert the spare USB Flash drive again - Ubuntu should now mount all the 3 partitions on that drive including the desinfSIGS partition that is on the spare USB Flash drive and which contains the virus signatures.

Note: if you have both a desinfSIGS and desinfSIGS_ volume - you did not correctly follow these instructions! One will be the E2B ext2 volume and the other will be the spare Flash drive volume you just created! Shutdown and try again from step 6 or step 1!

8. The spare flash drive 'signatures' volume should be mounted at /media/desinfSIGS - we now need to copy the contents to our ext2 filesystem as follows:

For 2015: the signatures are at /media/desinfect/desinfSIGS
For 2017: try copying using rsync -avHP /media/desinfect/signatures/   /<your destination>/

Open a command console window and type the blue text below:

df                          (find the E2B ext2 partition - e.g. /dev/sdb3)

sudo fdisk -l           (looks at all disks - see screenshot below)

ls /media/desinfSIGS/ (2014 only)
ls /media/desinfect/desinfSIGS/  (2015 - check you have the desinfect-signatures persistent  lost+found logs config folders and several other files present)

mkdir ss

sudo mount /dev/sdb3 ss     (assumes sdb3 is your E2B ext2 partitition made from desinfect-rw)

ls ss -la                       (should list lost+found only)

sudo cp -pur /media/desinfSIGS/.   ss   (many files will be copied - note the /. is important do NOT use /* - for 2015 use /media/desinfect/desinfSIGS/.)
                                   instead of the cp command you can try   rsync -avHP (source) (target)

ls ss -la                (check all files/folders have been copied)
   Note: For Desinfect 2015, the empty, hidden file .desinfect2015 MUST be present)

sudo umount ss

Example of sudo fdisk -l  command:
In this example sda3 is the correct device (sda4 is the ISO).

For the 2015 version, make sure  .desinfect2015 is present (for 2015 version)!

9. Shutdown Desinfect - and now remove the spare USB Flash drive - we won't need this again.

10. Now boot to Desinfect from the E2B drive and click on the 'Viren-Signaturen aktualisieren' shortcut - it should report that you have all the latest updates.

in RAM = did not work!                       on USB = it worked!

Desinfect shows the signatures in RAM or they are now on the USB drive

Tip: Make a backup of the \desinfect-rw file, zip it up and keep it in a safe place. If you ever need to reformat your E2B drive or if the ext2 file on the E2B drive gets corrupted, you can easily restore it!

UEFI booting with persistence

Once you have normal MBR booting working as detailed above, you can convert the image to UEFI-boot as follows:

1. Drag-and-Drop the ct_Desinfect_2014.iso file onto the MPI ToolKit  MPI_FAT32  MakePartImage Desktop shortcut on your Windows Desktop to make a ct_Desinfect_2014.imgPTN file. See here for details.

2. Copy the ct_Desinfect_2014.imgPTN file to the \_ISO\MAINMENU folder

3. Move the \desinfect-rw file to the \_ISO\MAINMENU folder

Note: If you wish, you can put both files in a different menu folder - e.g. \_ISO\ANTIVIRUS.

4. Rename the desinfect-rw file to \_ISO\MAINMENU\ct_Desinfect_2014   (i.e. the file name must be identical to the .imgPTN file name but have no file extension)

e.g. we now have:
\_ISO\MAINMENU\ct_Desinfect_2014                  - was desinfect-rw
\_ISO\MAINMENU\ct_Desinfect_2014.imgPTN   - image partition file

5. The ct_Desinfect_2014.iso file and .mnu file in \_ISO\MAINMENU\MNU are no longer required and can be deleted.

6. (optional) - create a \_ISO\MAINMENU\ct_Desinfect_2014.txt file with whatever menu title you require - e.g.

title Desinfect with Signature updates (MBR+UEFI)\n Normal BIOS MBR mode or UEFI mode

7. Finally, don't forget to run WinContig on the E2B USB drive (RMPrepUSB - Ctrl+F2)

You can now select the ct_Desinfect_2014.imgPTN menu entry and it will switch in the new FAT32 partition and display the CSM boot menu.

Tip: E2B v.1.60+ supports the .imgPTNauto file extension to go straight to the CSM menu without a user prompt to switch partitions. So when it is all working, just rename the .imgPTN file to .imgPTNauto.

From the CSM menu you can boot in UEFI-mode using Clover (64-bit systems only) or boot in normal MBR-mode. You can also reboot the computer and then boot from the E2B USB drive in UEFI-mode by selecting the BIOS UEFI USB boot option.

Note: Desinfect does not support 32-bit UEFI booting.

If you want to UEFI-boot from a system that does not support CSM/MBR booting, you can run RMPrepUSB - QEMU or  VirtualBox+VMUB or MobaLiveCD or the QEMU Test boot.cmd file in the root of the E2B USB drive or \_ISO\SWITCH_E2B.exe, to boot from the E2B USB drive first under Windows - then you can select the .imgPTN menu entry to switch to the CSM menu before you connect the E2B USB drive to the target UEFI system.

Please tick 'funny' 'interesting' or 'cool' or add a comment to let me know which posts you most enjoy.