HomeBlogsPhrank's blog

Windows Virus Removal with Ubuntu

Mon, 01/04/2010 - 23:09 — Phrank

So my Dad's computer had a few Trojans on it - Such a pain, so much so, that he install Ubuntu!

But He still needs XP, so here's how to remove those nasty viruses with ClamAV

This would work from a Ubuntu liveCD as well, so you could just boot to a CD, and run these commands

Install ClamAV

$ sudo apt-get install clamav

Update Virus definitions

$ sudo freshclam

Find Windows Partition - You want the partition that is NTFS - That's the root windows partition - /dev/sda2 in this case

$ sudo fdisk -l

Disk /dev/sda: 160.0 GB, 160000000000 bytes
255 heads, 63 sectors/track, 19452 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x41ab2316

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1           5       40131   de  Dell Utility
/dev/sda2   *           6       19046   152946832+   7  HPFS/NTFS
/dev/sda3           19047       19452     3261195   db  CP/M / CTOS / ...

Mount the windows Partition

$ sudo mkdir /media/windows
$ sudo mount /dev/sda2 /media/windows

Run Scan - Takes awhile!

$ mkdir /tmp/virus
$ sudo clamscan -v -r --bell --move /tmp/virus --log /tmp/virus.log /media/windows

The switches do the following:
-v: verbose - Print out lots of info
-r: recursive - Check ALL files and directories
--bell: bell - Make a noise when a virus is found
--move: Move the viruses to /tmp/virus/
--log: Save a log of all files to /tmp/virus.log
/media/windows: The directory to scan (The mounted Windows partitoin)

It should move all infected files to your /tmp - You can browse through and see if any should be kept - but you may just want to delete them all!

$ sudo rm -r /tmp/virus

Hopefully this will clear up those annoying ads!

I've attached a script - You can just download it from a livecd session and run it as root - It will install ClamAV, mount the windows partition, and scan all files - It will ask you at the end which files to delete.

AttachmentSize
clamav.tar10 KB

Comments

Wed, 01/06/2010 - 12:00 — Anonymous (not verified)

Hi Phrank, Thanks for that,

Hi Phrank,

Thanks for that, really useful.

Just one point, I used a Ubuntu 9.04 live cd so obviously the /etc/apt/sources are out of date which I think is why the clamAV download is not the latest version (I could be wrong though)
Probably doesn't matter too much though, just a heads up.

Cheers

Ringo.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

More information about formatting options