Kaspersky – Rescue CD – Stuck at “Creating Swap file”

Background

Having a slow PC day on one of the servers in our LAB.  Unfortunately, it is a left over MS Windows 2003 Server.

And, so I am thinking it could honestly be anything; including viruses.

Kaspersky Rescue-CD

Brought out my old and very reliable Kaspersky Rescue CD.

Boot Into

Rebooted the computer, as it is a Dell, clicked F-12 to access the “Boot into” menu.

Chose CD Room.

Clicked on a few other options to ensure that I will actually boot into the Rescue CD.

Stuck

But, as happens, more so lately, I am stuck again..

Textual

Creating Swap file

Image

CreatingSwapFile

Clear Storage

Linus – X File Manager

Via the Linux File Manager, X File Manager, that comes with the Rescue Cd, accessed each MS Windows Drive and removed obvious clutter.

Btw, the underlying MS Windows folders are under the root\discs and are labelled C:, D:, E: based on the drives.

XFileExplorer

Microsoft – MS Windows – File Explorer

Shutdown the Rescue CD, booted into Windows, and cleared more file clutter.

Same Error

Same error “Creating Swap file“.

I love Lionel, but I am not rich.

And, so time is money.

What is running?

GUI

The bottom right panel of the screen has an indicator that shows high CPU Usage.

From that gauge, accessed the “Process Status” application.

2015-08-04_17.24.45

Quick Explanation:

  • We can see that the application responsible for creating the swap file is beating up our machine
  • The name of the application is ntfs-3g

Terminal Mode

Note that we can also get tabulate the most expensive applications via accessing the Terminal mode, and running top.

Abruptly Terminate “Swap File Creator” process

Launched a terminal window.

Noted that the process ID for the process that is creating the swapfile is 16201.

And, so issued:

Syntax:


   kill [process-id]

Sample:


    kill 16201

On to the Next One

The next step, post Swap file creation, kicks in.

That next step is the Network Configuration.

KillProcess

The Network Configuration is very important.

  1. It gets you back online
    • You really do need to be online to download latest security updates.  Please make sure you download these updates before running a virus check
    • You also have access to Google, blogs, and emails
  2. Unfortunately, the browser that is bundled is a bit dated and all the major email providers will complain.  Thankfully, Google will allow you access to a leaner HTML email reader

OS – Microsoft – Windows – Rescue CD

OS – Microsoft – Windows – Rescue CD

Anyone in IT hears that call all too often.

My PC is dead.  Please help!

What options does one have …

  • Drive cross country
  • Drive a couple of hours

All good options.  But, another option is to make a rescue CD, snail mail it, and hopefully it helps.

Here is a good, easy to read and understand write-up on what a Rescue-CD is:

http://www.pctools.com/aoss/

Once a system is infected with malware it becomes difficult to remove that malware as it is already embedded in the system and has control over many components which are key to the system’s operations. Malware, like rootkits, use system components to hide themselves and prevent other software from detecting or removing them. This is often the case of who gets there first; if the malware is able to get control of the system earlier on then it also has control over any software that may be run later. Besides just hiding, malware can also block the execution of other security applications. If you cannot install or run a security application in the first place then you cannot scan and detect the malware. The best time to remove this malware is when it is not running, but malware often starts with the Operating System, so we would have to stop the Operating System to stop the malware. On a shutdown OS nothing is running and malware like rootkits cannot hide themselves and so it would be easy to find and remove them.

Here are some Vendors \ Products.

To use this Rescue-CD the general steps are:

  1. Visit the Vendor’s web site
  2. Download the file.  It will usually be bundled as an ISO file.  Thus ensuring that one can smoothly burn it unto a CD and boot from it
  3. Burn the ISO file using a tool such as ISOBurn (http://www.imgburn.com/), Free ISO Burner (http://www.freeisoburner.com/), ISO Recorder (http://alexfeinman.com/isorecorder.htm)
  4. Once you have a Rescue-CD, reboot your machine
  5. During the Boot Sequence, choose your CD/DVD as your boot media
  6. Once booted, follow the offered screen sequence

My personal take and experience:

  • As the tools mentioned here are trying to identify and address problems with MS Windows based install, they are apt to load and run within a foreign OS such as Linux.  The Linux variant might not have a nice graphical, touched up interface such as Ubuntu.  And, so if you ‘re thinking of sending it to Aunt Sally or Aunt Suzie, she might not take well to the general obtuse interface and rather live with the infection.
  • I could not get MS Windows Defender to run.  I downloaded a copy on 10/10/2012 and tried running it on 3 PCs, but no help
  • The “PC Tools – Alternate Operating System Scanner” package was last updated on Dec 9, 2010.  As time passes and the  bundled Virus Signature ages, it might not be as effective against more recent viruses.
  • Along the same lines per efficacy of the PC Tools’ Alternate Operating System Scanner Tool, it failed to run on a couple of machines.
  • On the other hand, the Kaspersky tool quickly proved to be approachable and useful.  Upon booting up a computer with the Kaspersky Rescue CD, you will quickly see a very appealing desktop based on Gentoo Linux.  The subsequents menus are easy to understand and follow.  It is easy enough to choose which partitions you want to Scan.  And, when you come to the critical junction of choosing which if any of infected files you want to heal, remove, or leave as is your choices could not be any easier.

References