|
Looking for information on the subject, I came across this excellent post translated into Spanish and published in El Rincón de Tux. I have included some personal observations and clarifications, but it is essentially the same article. Here is explained how to install ClamAV antivirus and scan and disinfect your Windows partition using any Linux distro. I share it with you because it really is recommended reading. I also remind you that F-Secure offers a live-cd specially designed to remove viruses and malware that have infected your Windows partition. |
Disinfecting a Windows system infected by a virus or malware is very easy thanks to ClamAV Antivirus, a powerful and versatile free anti-virus for Linux and other flavors of Unix.
Here are the steps for its installation and use:
1.- Install ClamAV, either with YUM or APT-GET (depending on the distro you have installed)
- sudo apt-get install clamav
- yum install clamav
2.- Once clamav is installed, we update the Virus definition list:
- freshclam
3.- If we do not have the partition mounted and we do not know how to locate it, we look for it with the command:
- fdisk -l
It will display a list similar to this where we will see our partitions:
Disk / dev / sda: 160.0 GB, 160000000000 bytes
255 heads, 63 sectors / track, 19452 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0 × 41ab2316
Device Boot Start End Blocks Id System
/ dev / sda1 1 5 40131 from Dell Utility
/ dev / sda2 * 6 19046 152946832+ 7 HPFS / NTFS
/ dev / sda3 19047 19452 3261195 db CP / M / CTOS /…
4.- In this example it is easy to detect the Windows partition since it is the partition NTFS. Before you can scan it and remove the viruses / malware that plague it, you must mount it.
4.1.- Create a directory where you will mount the partition:
- mkdir / media / windows
4.2.- We mount this partition (in our example, / dev / sda2) with the command:
- mount / dev / sda2 / media / windows
5.- Now run the scan as follows (this will take a while, depending on the capacity of your hard drive and the space occupied)
- mkdir / tmp / virus
- clamscan -v -r –bell –move / tmp / virus –log /tmp/virus.log / media / windows
The clamav instructions mentioned above are for the following:
- -v: verbose - Print scan details
- -r: recursive - Check all files and directories
- –Bell: bell - Makes a noise when a virus is detected
- –Move: Move viruses to the / tmp / virus / directory. To remove them directly use the parameter –remove = yes
- –Log: Keep a log of all files in /tmp/virus.log
- / media / windows: This is the directory to scan where we will have our mounted windows partition
- It is not included in the example, but using the –exclude parameter you can exclude certain types of files. Example: –exclude = .avi
6.- Lastly, delete the directory where the infected files were moved. But, before doing that, it is advisable to check which files were detected as infected:
- cd / tmp / virus
- ls
In case you want to delete them ...
- rm -rf / tmp / virus
If you don't have a Linux distro installed and you want to disinfect your Win by following this little How-To, download a LiveCD and execute the steps mentioned above; you can do it too using a Live USB. Of course, it would be best if you get rid of Windows for good and finally adopt the Linux philosophy. 🙂 Forget about viruses and find out why Linux is more secure than Windows.
Phrank's Ubuntu Blog
Via | The Corner of Tux
Isn't it easier to do it graphically? with any distro you can
Here's what I promised Be careful, the partition to be scanned must be unmounted, since in the process the amount with write permissions to be able to perform the "move" I do this for those who do not automatically mount the ntfs partitions in this way their distro. you can modify it to your liking 😀 this is the complete script, give it execution permissions: "chmod + x name_of_script"
the mount line goes together, but here I divided it into several lines by space, but it goes together from mount to utf ~ 8. Now yes, the script:
#! / Bin / bash
# Script to disinfect equipment using ClamAV
# @Tello Bautista
# tellobautista.blogspot.com
CPARTICION = »/ tmp / partition»
CVIRUS = »/ tmp / virus»
LOGVIRUS = »/ tmp / virus / virus.log»
function request_data {
#The device to be mounted is passed
made in"
made in"
read -p "Partition path: (/ dev / sdXy)" device
}
function create_folders
{
#the first folder is where the partition will be mounted, the second to send the detected viruses to it
mkdir / tmp / partition
mkdir / tmp / virus
}
clear
tput cup 1 18; echo -n "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
tput cup 2 18; echo -n »Disinfecting your computer with ClamAV;)»
tput cup 3 18; echo -n "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
#Before doing anything, check that the script is running
#as super user and it is done through the root id which is 0
# if not, you exit the program
if ["` id -u` "! = 0]; then
made in"
echo -e «Only superuser can use this scrpit ... Bye>. <"
exit 1
fi
#I call the function request_data
request_data
I create the folders
create_folders
#mounting the partition with write permissions. IMPORTANT to be able to move the files
mount -t ntfs $ device $ CPARTITION -O users, gid = users, fmask = 133, dmask = 022, umask = 0, locale = es_ES.UTF-8
#now yes, to disinfect 😉
set -o verbose
clamscan -v -r –bell –move $ CVIRUS –log $ LOGVIRUS $ CPARTICION
set + or verbose
Hello Tello Bautista. Although I'm seeing your comment 3 years later hehe - Thanks for the input!
And with that similar script and all the complications that Linux has, do you advise leaving Windows ??? They must be delirious !!! Haha!! Linux is to deny all the time, the programs they have are very poor, getting a driver is a labor! I have used Ubuntu from Ubunto 8 to 12 and I prefer Windows 95 over that mess! The day they hit the heels of a Windows 7 start talking but they are light years away from achieving it. Do not discredit those that you cannot match, keep calm denying a backward OS, complicated, difficult to configure and with terrible applications, while we enjoy the FUTURE.
(I know that many with their hands on their hearts and in silence, will say: «this guacho is right !!»)
Miguel Yesio - Former Linux user tired of reneging and being on the back of technology.
Simply saying that the fish dies through its mouth, one more coward.
It is much easier than formatting, and there is also an interface
Hello friend, let's use linux, it is true for me too, linux is better, but there are things, native electronic devices for windows, for example electronic sw that does not become like the ones made for win, then a dual boot is necessary in the pcs, remember that Windows is in more than 90% of the PCs in the world, so we will always be dealing with viruses ..., but what better way to use our Linux distro to erase viruses 🙂
When asked about this matter, a friend used to say that the best way to eliminate the virus is to replace it with Linux ...
.
As always excellent entry.
I have a live usb with ubuntu to disinfect the PCs of friends and family, from now on I will integrate your advice to my way of disinfection.
Thank you.
Too complicated, it would be better to use puppy with some antivirus installed and scan or use a live CD. My puppy linux is doing well and has self-mounting of disks. I use it to backup PC repairs. On my page there is an article on how to use puppy to save windows files.
Very true. Puppy Linux is much friendlier but the post is not bad at all.
Tello Bautista you're a fucking ARTISTAAA Often piece of script. THANKSSS
very good, I think I will make a script to facilitate the task, as soon as I do I share it with you although it would not be complicated at all. As for how long it takes, I think it's normal, it takes what any good antivirus would take to perform a good virus search. I'm using openSUSE right now but it's great when they bring me infected machines with windows or pen drives (=
Great! Thank you very much Tello!
We are waiting for your script.
A hug! Paul.
Cosmic keg .. genius!
Pablo.
My old man, I tried it! Excellent, although it took 12 hours to analyze 2 gb ... I still detected 1 infected file in C: The funny thing was that when I opened the tmp / virus folder, I did an ls and there was nothing inside. Then he removed the folder… that was it. I am still calm, because 3 months ago I moved everything to my ubuntu lucid, hehehe ... although I continue with xp in dual boot by corel and phshp 🙁
I congratulate you old man! A hug! Paul.
seriously, what is that virus?
Can someone explain to me ?????
heh joke, I can't believe windows is still used with ubuntu existing, by the way
I use sabayon.
greetings.
Excellent old man ……
Very good contribution to the tuxero world.
Very good this guide, thanks.
Haha yes. That would be the best solution. 🙂
Excellent tutorial.
If it were a USB Memory (Fat32), what would be the changes to make?
Example:
/ dev / sda2 * 6 19046 152946832+ 7 HPFS / Fat
I am new to Linux and I am slowly trying to grasp commands etc.
about the script could you use it to analyze a USB, how should you run or save it ?.
Thank you very much.
Thank you.
Is it necessary to unmount the partition later? now my windows partition appears full
In fact, these complications are the fault of Windows and not Linux.
There are detractors of Linux, well I accept it, but ALL servers use Linux, will they be unintelligent ?, [{(jaa-jaa-jaa)}]