As a family admin, life is sometimes not easy: When the phone rang early in the evening and my mother said something was wrong with her laptop, I already suspected something bad. “There were reports that some Trojan horse or something had been found. I didn’t understand that and just clicked the windows away. But now weird windows with advertisements for adults pop up everywhere. Can you fix that?”
After a Facepalm I take a deep breath and say: “Yes, I can. But the next time such warning messages appear, please take them seriously and read them carefully before you click them away too quickly. Now leave Windows off and start the Desinfec’t stick as I once explained to you. ” A few minutes later I take control of the problem PC via the remote maintenance software Teamviewer and it feels like I am fulfilling my role as family admin for the hundredth time.
Disinfec’t can do that
Do you already know Desinfec’t? Then don’t waste any time and jump straight to the article explaining how to use the system for beginners and professionals. Desinfec’t 2021 is aimed at Windows users and can rid computers of Trojans. The c’t editorial team’s tried and tested security tool comes with four virus scanners from Avast, Eset, F-Secure and Sophos. So that the scanners are also prepared for the latest malware, there are free signature updates for one year. For professionals, it also brings the open threat scanner and – new in the 2021 version – the threat-hunting tool Thor-Scanner to examine computers even more in-depth.
The great thing about Desinfec’t is that it is not an application that runs under Windows. It comes with its own live operating system based on Linux, which you can start directly from a USB stick instead of Windows. The great advantage of this is that you do not have to start a potentially infected Windows in order to examine it. This is important because a Trojan can no longer cause any further damage in an inactive Windows. With the emergency system, you can, so to speak, look at the potentially contaminated system from a safe distance. When searching for viruses, you don’t have to worry about a new Trojan infection: Since Desinfec’t is based on Linux, Windows viruses cannot harm the system.
Virus hunting for everyone
Live system? Linux? I only understand train station. Don’t worry: the surface of the security tool is based on Windows and, thanks to understandably labeled icons, even non-computer users should be able to start a scan. We have deliberately thrown out or hidden many setting options and Linux functions so that nothing distracts from the actual purpose of Desinfec’t.
If you are still overwhelmed, simply start the easy-scan mode. Here the surface has broken down even further and the system automatically starts hunting trojans. The Avast scanner looks around on the Windows hard drive.
But there is also help in the full-blown Desinfec’t. For example, the family admin can use the integrated remote maintenance software Teamviewer software to look over the Internet on problem PCs and start a scan.
To install Desinfec’t on a USB stick, you need a copy with at least 16 GB of storage space. For example, you can create a stick directly under Windows with our installer. You then only have to select the stick as the start medium in the boot options of your computer. The security tool also runs from a DVD. For this you burn the ISO image with a drive on a dual-layer DVD blank. However, this operating mode is not recommended for several reasons: The system runs much slower and more often it stalls. In addition, it does not remember any data. For example, you have to update the virus signatures every time you restart and you cannot bring any data from PCs that have an accident back to safety. Started from a USB stick, it remembers the signatures and copied files.
In order for the system to run, your computer needs at least 8 GB of RAM. In the article explaining how to use the system, you will find tips and tricks if Desinfec’t does not start. The c’t editorial team has successfully tested the system on many older, but also on current computers. However, we cannot guarantee that it will work with all possible hardware configurations. So it may not start at all on some computers.
If you suspect that Windows is infected, it is sufficient for an initial overview to only let the pre-selected Avast scanner off the leash. If necessary, you can also send all scanners on the hunt in the scan wizard. By default, the scanners scan the entire Windows hard drive. Depending on the amount of data and the performance of your hardware, this can take a whole night or longer.
Before the scan starts, Desinfec’t automatically updates the virus signatures with an active Internet connection. You can establish contact with the Internet via WLAN or cable. Despite regular updates, it can happen that malware is so new that there are no signatures at all. So there is no such thing as one hundred percent security. Avast, Eset, F-Secure and Sophos offer free signature updates through June 2022.
After the scan, the system automatically opens a list of results in the integrated Firefox browser. There you will find more information about the finds. You can remove pests directly from the list. But the world doesn’t always end when a scanner sounds the alarm. Sometimes legitimate and harmless files have similar signatures to Trojans and are mistakenly recognized as such. With various on-board tools from Desinfec’t, you can effectively limit false alarms. In this way, you can upload potentially dangerous files to the Virustotal analysis platform with just a few clicks. There more than 60 online scanners look at the file and give an assessment.
It is very unlikely that Desinfec’t will break something in Windows: By default, the system only has read access and cannot change anything on the Windows hard disk. For example, if you want to neutralize a Trojan, you must explicitly allow write access.
In addition to the virus hunt, you can use Desinfec’t as an emergency system if Windows no longer starts. For example, it is possible to keep important files such as résumés or private photos in a safe place. To do this, simply copy the files to the USB stick from which the system is running.
Food for PC experts
Anyone who is familiar with computers or Linux can get even more out of Desinfec’t. The open threat scanner is a good way to dig deeper for malware. The Thor APT scanner is brand new. Equipped with this, PC professionals go deep into the Trojan search. This is a particularly good way of tracking down highly developed pests of the Emotet caliber. But one thing shouldn’t be forgotten: Desinfec’t can make Trojans harmless, but if malware has already struck, many system settings are often manipulated. The system cannot bend this straight. In many cases, the only way to get systems clean is to completely delete Windows and reinstall it.
The security tool can do even more: With integrated expert tools, you can rescue data that you thought was lost. For example, if you accidentally deleted photos from a USB stick. It is also possible to make copies of entire hard drives.
If the emergency system does not start or you have other problems with the system, please first read our instructions on how to install the system on a USB stick and start it from there. There are also notes on startup problems. Many problems can usually be solved with relatively little effort. The official Desinfec’t forum is another point of contact for solving problems. In addition to users, the c’t editorial team and the Desinfec’t developer are also active there. If you don’t know what to do next, you can contact the editorial team by email. We take care of errors in the system in the form of updates. These install themselves automatically as soon as the security tool is connected to the Internet.
Incidentally, I found several Trojans on my mother’s PC and therefore opted for the safest alternative in the form of a complete reinstallation. I saved the most important data beforehand on a Disinfec’t stick.
In c’t 12/2021 we are dedicated to the brand new Disinfec’t 2021 with four virus scanners including one year of free signature updates. We explore exciting smartphone apps for forays into nature and have tested boards for Core i-1000, external SSDs for data transport, video lights for the home office and smart displays for Alexa & Co. You will find issue 12/2021 from May 21st in Heise shop and at the well-stocked newspaper kiosk.