1. Field of the Invention
The present invention relates generally to computer virus detection and removal, and more particularly but not exclusively to a portable antivirus rescue device.
2. Description of the Background Art
The threat posed by computer viruses and worms to computer systems is well documented. A computer virus comprises malicious code that may be buried or hidden in another program and may attach itself to other programs in the system. A computer virus code can corrupt or delete important files, send e-mails without user authorization, render a computer inoperable, or cause other types of damage to a computer. Computer worms are destructive programs that replicate themselves and use up computer resources, eventually causing the computer system to crash. Hereinafter, for simplicity, the term “virus” refers to computer viruses, worms, and other malicious programs.
From the old Disk Operating System (DOS) battlefield to the current Windows 32-bit (Win32) arena, the evolving virus technology has taken the battle between virus writers and antivirus experts to greater heights. A virus may be designed to corrupt one of the bootstrap files of an operating system, which may prevent the computer from booting properly. For example, the DOS™ operating system may include bootstrap files, such as IO.SYS, MSDOS.SYS and COMMAND.COM, which may be loaded into a computer main memory (RAM) during the booting process. If one or more of these files are infected by a virus, the computer may not boot properly, and as a consequence, the user cannot start any application program. Another example may be the WINDOWS™ operating system that may have the “safe mode” as a booting option. Safe mode is a maintenance mode where only the bare minimum of files is loaded. As in the case of DOS™ operating system, WINDOWS™ operating system would not boot properly if one or more of the minimum files are infected by a virus.
One solution for scanning for viruses may be getting help over the Internet, such as downloading an available antivirus program. However, this solution may not be an option for a computer that has an infected booting and/or operating system. This is because infected booting and/or operating system may prevent the computer from booting up in the first place or prevent the computer from connecting to the Internet to get an antivirus program. Also, the user may not be able to install an antivirus program since the computer may have problems in running drivers required for installing any program. Even experienced and sophisticated computer users may have difficulty scanning for such viruses since, in addition to the complexity of viruses, new types of viruses not recognized by existing antivirus programs are continuously generated by clever virus coders.
In addition, existing antivirus mechanisms may be hard to use and may not be able to scan fast evolving viruses in an efficient and user-friendly manner. A frustrated user may choose to reinstall the entire operating system instead of scanning for viruses. However, in that case, the user may lose all of the valuable information and contents stored in the infected system during the reinstallation process, which translates to lost time, money and effort.