Step-by-Step How-to

Trinity Rescue Kit CD

Step-by-Step How-to 

Prevent Re-infection 

Help Others - Pay It Forward 

Home

Download the "ISO" file. 

Here is one place to download it:

trinity-rescue-kit.3.3-build-310.iso

Advanced users with BitTorrent, use this link:
TRK torrent 3.3 build 310 (no torrent yet for build 306)
 
( Many other options for downloading can be found on the
TrinityHome.org website TRK download page. )


Requirements: a CD burner and ISO image burning software

You will need a CD burner and software to burn the ISO file to a blank CD. After the ISO file above has finished downloading, if it has an icon for a program, then you may be able to burn it by double clicking the ISO file. If not, here is a link to download software that will burn the ISO image file to a CD: ImgBurn



TIP: Please do not click on advertisements or agree to install other software, or buy any anti-spyware programs while you are in the process of getting these programs installed and the TRK cd burned. If you are infected - and you buy something online while you are infected - chances are you may be passing your credit card info on to criminals. So clean first.




Set your computer up to boot from CD:


Put the TRK cd into your cd drive and start up your computer. If your computer boots into Windows, you will need to change the CMOS aka BIOS configuration to force it to boot from the CD drive first.

Reboot / restart your computer again and this time begin tapping these keys one at a time about every half second:

DEL

F2

F1

These are the most common keys to cause your computer to go into CMOS SETUP or BIOS SETTINGS as it is starting up. This is a special land where only geeky people usually tread. Don't change anything in this area except the Boot order (priority etc.), studying the instructions on the screen like you were Agatha Christie or Sherlock Holmes for the clues of what key to press to get your CDROM drive moved up to the top of the boot list.

Your mouse will not work - just use arrow keys, PGUP, PGDN, TAB, ENTER, ESC, F4/F5 etc as instructed on the screen. Usually an F10 is needed after you get the settings corrected, but read the screen carefully and choose to SAVE AND EXIT or SAVE AND REBOOT.

If you cannot figure out what key will get you into BIOS / CMOS settings, study this page for your computer brand.


Starting virusscan manually at the command prompt

As your computer boots from the CD, you will see many things flying past on the screen, mostly white letters on a black background. This is normal.

After several minutes, movement will stop and the very bottom of the screen will say:

Welcome to Trinity Rescue Kit

[root@trk]:(~)#

Your mouse will not work. When you type, it will appear after that root@trk prompt.

Type

virusscan -a avg

then press the ENTER key.

You may be asked to agree to a license or various technical questions. Follow the instructions to accept the license, and just press ENTER anytime a technical question is asked. Pressing ENTER will use the default value as the answer, ie correct for most circumstances.

Again much white text on black background will fly by. This could take a long time as it scans all the files in your system it can find. You may wish to go out to eat, sleep, learn to speak a new language or do yoga during this phase.

Sometimes you will think the computer is "hung" or crashed because nothing is moving, yet there is no root@trk prompt at the bottom. Please *wait longer* because you have some HUGE files on your computer that can take a l-o-n-g time to scan.

Finally the root@trk prompt will return at the bottom. You might read the lines immediately above it, which may mention various infections that were found. You cannot print this info and it is unlikely you will be able to save it anywhere. Taking a picture of it with a digital camera would be good, or writing it down by hand is ok as well.
 
Type 
 
virusscan -a va

Then press the ENTER key.

and

virusscan -a fprot

Then press the ENTER key.
 
You are now scanning with a second brand of scanner. You need to do them all because there is no scanner that will catch everything, but by using 5 different ones you will get much more than just using one.
 
Wait around after starting it with fprot because you will need to type in your name and email address to get the fprot download, although no confirmation to the email is needed at this time.
 
After that scan has finished, type

virusscan -a bde

then press the ENTER key.

After that finishes, and you review the results, noting anything of interest, continue with the next scanner:

Type

virusscan -c -a clam

then press the ENTER key.


Again note the results of interest.


You can also cause multiple engines to run one after the other by typing:

virusscan -a va,fprot,bde,avg

Then press the ENTER key.
 
There may be no advantage to running these four from one command, since the process will stop during several of the scanners anyway, waiting for you to say yes or agree to license agreements - so it will not run them all during the night as you sleep one after another anyway. 



 
Deleting infected files that could not be cleaned
 
This information is intended for users who have a full backup of any critical files.
 
Some of the scanners will indicate files that could not be disinfected. If you decide to delete these files, here's how:
 
 Type
 
grep -i found /tmp/*.log
 
You will see a list from the scanner logs of possibly infected files. It can be a bit tricky to delete the files due to some Windows folders that have spaces in the name of the folder.
 
Here's an example. Line from the log file looks like:
  
/hda1/Documents and Settings/MV/Desktop/Downloads/CursorManiaSetup2.2.60.9.ZCfox000.exe: Adware.Mywebsearch-5 FOUND
 
To delete the infected file, type:
 
 rm
 
and then the path to the infected file, using a TAB each time you encounter a space in the path or wish to use auto-complete. The finished line will look like this, but with no line breaks: 
 
rm /hda1/Documents\ and\ Settings/MV/Desktop/Downloads/CursorManiaSetup2.2.60.9.ZCfox000.exe 
 
Press the ENTER key, and then confirm with yes and ENTER to delete the file.


Errors and Troubleshooting
 
Some computers such as an Acer laptop I tried TRK on, would not finish booting with the default option. The solution was to select a "Alternate boot option" from the TRK menu that appears briefly during start up.
 
Try a different boot option from the TRK menu
 
As you are rebooting the computer and the screen goes black, just tap the down arrow about once per second and watch the screen. The reason for this is that a menu of choices will be on the screen for a short time, but if you are tapping the down arrow, you will have the chance to pick one of the menu choices.

You should see a screen that says Trinity Rescue Kit and a list of numbered choices. 
 
Automatically scan all mountable drives with ClamAV 
 
If you cannot get an Internet connection to the computer that needs scanning, you can at least scan it with ClamAV built into the CD. 
 
Choice number 6 is the one to choose if you wish to have your computer automatically scanned. Beware that all this will do is scan with just one virus scanner (ClamAV) that TRK says doesn't detect as much malware as the others. It also takes more time to scan than the others. So go back to the instructions for "Starting virusscan manually at the command prompt" if you would like to use all scanners.

Your mouse will not work. Just use the up and down arrow keys, then press the ENTER key.

As your computer boots from the CD, you will see many things flying past on the screen, mostly white letters on a black background. This is normal. You may also see warnings such as "DON'T PANIC!" and "This version is out of date!" etc. This is normal. TRK automatically downloads and installs the latest updates.

This could take a long time as it scans all the files in your system it can find. You may wish to go out to eat, sleep, learn to speak a new language or do yoga during this phase.

Sometimes you will think the computer is "hung" or crashed because nothing is moving, yet there is no root@trk prompt at the bottom. Please *wait longer* because you have some HUGE files on your computer that can take a l-o-n-g time to scan.

Scanning every file on your hard drive four times is hard work for your computer, and it may overheat. If possible, point a fan at your computer directly, or have your air conditioning on. If you have a laptop, set it on a hard surface, not a bed, pillow or couch. Don't block any of the sides of the laptop. You can feel around the edges to learn where the heat is coming out of. If possible, point a fan directly at the laptop or place it next to an air conditioner.
 
If you get an error during any of these runs, try rebooting the computer and do the scan just for the one that caused the error alone. If you still get an error, reboot again and move on to the next scanner, skipping the one that caused the error.

The TRK cd will work for most computers, but not all computers. If you can get to the TRK menu, you can try each of the options in case one of them works for you, or visit the TrinityHome.org website and forums for help. Another option is to have a computer savvy person whose computer can boot the TRK cd - put your hard drive into their computer or mount it externally as a USB drive to do the scanning.

For the adventurous or advanced, here are details of using the updatetrk command.

For everyone else, feel free to type updatetrk at the command prompt, and if it doesn't magically find the default conditions it needs, it won't help you but also won't hurt.

Click here for the full, printable documentation for TRK from their website TrinityHome.com.



No Internet Access in Windows?

If you have no Internet access after booting back into Windows, use a friend's computer to download the WinSockFix and transfer it to your computer via USB memory stick or CD.

Do not pay for anything, or click on an ad, or agree to get a download helper, during this process.