Overclock.net › Forums › Software, Programming and Coding › Operating Systems › HOW TO: Remove a Virus in Windows using Linux
New Posts  All Forums:Forum Nav:

HOW TO: Remove a Virus in Windows using Linux

post #1 of 24
Thread Starter 
I've heard several people over the years ask how to do this, and/or say it can't be done. And since I'm doing it right now on a friends Windows 7 laptop, I figured I should write a how to. So here goes!

The StupidMonkey aint so smart that you cant do this too, how to guide, of how to remove viruses from a Windows Computer, without being in Windows, using Linux... Guide... yeah:


1st, you need an easy Linux distribution that has lots of automatic stuff... so without argument or anything, download the most loaded-with-software and drivers Linux out there. I'm talking about Ubuntu. Download it from Distrowatch.com. There is a list on the right, a little bit down, that has the top downloaded Linux's. Near the top should be Ubuntu. Once you have the image file (should be a .iso, and be around 600-750MB) burn it to disk using your favorite disk burning software. After its done, label it with the name of what it is, and keep it around, as over time you may want to use it again.

Next, put the disk into your Windows computer and restart. When restarting you should see somewhere on the screen something like "Press F12 for start options" or "F1 for setup" or maybe "F1 BIOS" on the startup splash screen. When you do, press that F key. This will do one of 2 things, 1) bring up startup options which one of them will include CD/DVD DRIVE and thats what you would select, or 2) it would put you into the BIOS of your computer, from here you would use the keyboard only for navigation, and set it to start from CD/DVD removable media, then save, restart.

Here is when it will start the CD of Ubuntu. It will pop up a screen that has 2 buttons on it 1) Try Ubuntu, or 2) install Ubuntu. Obviously here you don't want any changes done to your computer, so hit Try. This starts Ubuntu in LiveCD mode and will not erase or affect anything on your computer.

Once it starts into a funny desktop with a bar at the top, and another at the bottom, the fun begins smile.gif If you need to use wireless, right click on the icon near the top right, located on the top bar, and select the wireless signal you want to connect to. Enter the password, then it should connect. If you don't need wireless, then make sure you are connected to the internet though your LAN cable (thats the one that looks like a large phone line). Once you are connected to the internet, Follow these steps

Click Applications > Ubuntu Software Center
In the search box type "Clamav" and you should see something come up called "Virus Scanner". Click on that. There is now a button that says something like "Allow" click it. Then that button changes to "Install" now click that. After that is done, close the Software Center (The X button is on the upper left, like Mac).

Now Click Applications > Accessories > Terminal
This part probably looks scary to someone who has never used it before, but I promise, its easy if you type what I put in these following boxes marked "code".

In Terminal type the following
Code:
sudo passwd root
Now it should say "Enter new UNIX password"
Type a really simple password, I used "pw", and hit
Enter your password again
Code:
su root

now enter that password you made a minute ago.
Code:
freshclam

Now you need to change to the directory you want to scan, in most cases you would just type
Code:
cd /media

This essentially sets the Antivirus software to "scan everything" mode.
Just to check that your still golden, and to give you a warm/fuzzy, in terminal right now it should say "root@ubuntu:/media#" If it does, your still good! Continue on my good fellow! You are ready to scan!
Code:
clamscan -r -l /var/log/clam
Yes, that has spaces in it, and thats a lowercase L not a 1 or an I.

Now your scanning! This takes some time as it is going to scan EVERYTHING. It should also automatically remove infected files.
When its done, you get a "SCAN SUMMARY" which is pretty d:clock:mn easy to read.

Now, how to get back to windows? Close the Terminal. Click the O/I looking button at the far top right, then click shutdown or restart. "Are you sure?" window pops up. Yes. Then you get a black screen with words you dont need to read. The disk tray opens, remove the disk, close the tray. "Please remove the disc and close the tray (if any) then press ENTER" is on screen, and we should do what it says!

If you changed the BIOS boot order during the start of this, don't forget to change it back.

When starting into Windows it may give you a screen that says it needs to check something. This isnt needed, but again if you need that warm/fuzzy, go right on ahead there buckeroo. But, you can start it normally.

Congratulations! You just did more than what your local Geek Squad has a clue about!
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
post #2 of 24
Nice little guide. +rep
 
HTPC
(6 items)
 
 
CPUMotherboardGraphicsRAM
athlon 64 x2 4200+ Nodusm3 GTS 450 2gb ddr2 Ram 
CaseMouse
Emachines Cell phone 
  hide details  
Reply
 
HTPC
(6 items)
 
 
CPUMotherboardGraphicsRAM
athlon 64 x2 4200+ Nodusm3 GTS 450 2gb ddr2 Ram 
CaseMouse
Emachines Cell phone 
  hide details  
Reply
post #3 of 24
Thread Starter 
This isn't a shameless bump, I tripped and stubbed my toe on this thread, so its more like an involuntary kick.
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
post #4 of 24
Thread Starter 
Just an update on this. I've found some Linux versions, like Ubuntu for example, do not automatically mount the windows partitioned harddrive when live. It will cause errors and 'number of files scanned:0' read out on the terminal. If this happens to you, make sure your drives are all mounted! Then cd /media, clamscan -r -l /var/log/clam, and let 'er fly! EASY STUFF!
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
post #5 of 24
ok. now what happens when removal of virus kills the internet.
post #6 of 24
Quote:
Originally Posted by Weedvender View Post

ok. now what happens when removal of virus kills the internet.

You use your Linux partition to download the latest network drivers for your board, I assume tongue.gif
Desktop
(18 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600K Asus P8P67 Pro Asus Radeon HD 5850 Corsair Vengeance 8GB DDR3 
Hard DriveCoolingOSMonitor
Samsung Spinpoint F3 1TB Corsair H70 Windows 7 Professional x64 Acer AL2216Wbd 22" 
MonitorMonitorKeyboardPower
Acer V223Wbd 22" Acer V223Wbd 22" Das Ultimate Blank Corsair CMPSU-750TX v2 
CaseMouseAudioOther
LIAN LI Lancool PC-K56 Razer Lachesis X-Fi Titanium Fata1ity Professional Logitech z-5500 
CPUMotherboardGraphicsRAM
Intel Core i7-4770 Haswell 3.4GHz LGA 1150 84W ... GIGABYTE GA-Z87X-UD3H LGA 1150 Intel Z87 HDMI S... MSI Gaming N770 TF 2GD5/OC GeForce GTX 770 2GB ... G.SKILL Trident X Series 16GB (2 x 8GB) 240-Pin... 
Hard DriveCoolingPowerCase
SAMSUNG 840 Pro Series MZ-7PD128BW 2.5" 128GB ...  CORSAIR Hydro Series H100i Water Cooler  CORSAIR GS800 800W ATX12V v2.3 SLI Ready Cross...  Corsair Obsidian Series 800D CC800DW Black Alu... 
  hide details  
Reply
Desktop
(18 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600K Asus P8P67 Pro Asus Radeon HD 5850 Corsair Vengeance 8GB DDR3 
Hard DriveCoolingOSMonitor
Samsung Spinpoint F3 1TB Corsair H70 Windows 7 Professional x64 Acer AL2216Wbd 22" 
MonitorMonitorKeyboardPower
Acer V223Wbd 22" Acer V223Wbd 22" Das Ultimate Blank Corsair CMPSU-750TX v2 
CaseMouseAudioOther
LIAN LI Lancool PC-K56 Razer Lachesis X-Fi Titanium Fata1ity Professional Logitech z-5500 
CPUMotherboardGraphicsRAM
Intel Core i7-4770 Haswell 3.4GHz LGA 1150 84W ... GIGABYTE GA-Z87X-UD3H LGA 1150 Intel Z87 HDMI S... MSI Gaming N770 TF 2GD5/OC GeForce GTX 770 2GB ... G.SKILL Trident X Series 16GB (2 x 8GB) 240-Pin... 
Hard DriveCoolingPowerCase
SAMSUNG 840 Pro Series MZ-7PD128BW 2.5" 128GB ...  CORSAIR Hydro Series H100i Water Cooler  CORSAIR GS800 800W ATX12V v2.3 SLI Ready Cross...  Corsair Obsidian Series 800D CC800DW Black Alu... 
  hide details  
Reply
post #7 of 24
Does the virus scanner really need to run as root?

Also, what's the virus definitions and heuristics like for Clamav? it's all very good and well booting into a known a safe environment to perform your system scan, but if it's effectiveness at spotting viruses is less than it's Windows rivals, then you're better off just running Avast / whatever in Windows safe mode.
post #8 of 24
Quote:
Originally Posted by E-Peen View Post

You use your Linux partition to download the latest network drivers for your board, I assume tongue.gif

Some of the particularly nasty viruses disable the device so even the windows o.s. with drivers can't see it.
Rep given to OP.
post #9 of 24
Quote:
Originally Posted by Plan9 View Post

Does the virus scanner really need to run as root?
Also, what's the virus definitions and heuristics like for Clamav? it's all very good and well booting into a known a safe environment to perform your system scan, but if it's effectiveness at spotting viruses is less than it's Windows rivals, then you're better off just running Avast / whatever in Windows safe mode.

Clam's generally pretty good.

Also, +rep to OP
Main Rig.
(14 items)
 
Battlefield 2 review.
Battlefield 2 PC Game EA
 
CPUMotherboardGraphicsRAM
Bulldozer FX4100 Gigabyte GA-M68MT-S2 MSI 7770 Kingston Hyper X | 2 x 2 GB 
Hard DriveOptical DriveCoolingOS
WD 2 TB  LiteON DVD/CD R-W Drive AMD Standard cooler Windows 7 Ultimate 
MonitorKeyboardPowerCase
32' Luxor Full HD TV Microsoft comfort curce Antec 450 Watt OcUK Value case 
MouseAudio
Microsoft wireless mouse Logitech speakers & Bass 
  hide details  
Reply
Main Rig.
(14 items)
 
Battlefield 2 review.
Battlefield 2 PC Game EA
 
CPUMotherboardGraphicsRAM
Bulldozer FX4100 Gigabyte GA-M68MT-S2 MSI 7770 Kingston Hyper X | 2 x 2 GB 
Hard DriveOptical DriveCoolingOS
WD 2 TB  LiteON DVD/CD R-W Drive AMD Standard cooler Windows 7 Ultimate 
MonitorKeyboardPowerCase
32' Luxor Full HD TV Microsoft comfort curce Antec 450 Watt OcUK Value case 
MouseAudio
Microsoft wireless mouse Logitech speakers & Bass 
  hide details  
Reply
post #10 of 24
Three steps:

1. Remove drive from infected computer
2. Put in second computer that you don't care about.
3. Scan on second computer.

Or you can do it this way too... tongue.gif
Might be using this in the future... thanks!
Ol' Sandy
(30 items)
 
"Zeus"
(13 items)
 
Debian Zen
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5 2500K (4.5ghz @ 1.320v) Gigabyte Z68X-UD3R-B3 MSI R7970 Lightning Corsair 16GB (4x4GB) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Westone W3 IEMs RE-272 IEMs Shure SE-215 IEMs Schiit Bifrost DAC 
AudioAudio
Schiit Asgard 2 amp HiVi Swan M50W 2.1 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1320 v3 Super Micro X10SAE GeForce 6200 32GB 1333MHz 
Hard DriveOptical DriveOSPower
4x WD RE4 1TB on-host (Adaptec 6805E RAID 10) 4x WD Red 1TB on-host (Adaptec 6805E RAID 10) Windows Server 2012 R2 x64 SeaSonic SS-400FL2 
Case
Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel® Core™ i5 2557M Processor ASUS Zenbook UX31E Integrated Intel® HD Graphics 3000  4GB DDR3 1333 MHz SDRAM 
Hard DriveOS
128GB SSD Debian "Jessie" 
  hide details  
Reply
Ol' Sandy
(30 items)
 
"Zeus"
(13 items)
 
Debian Zen
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5 2500K (4.5ghz @ 1.320v) Gigabyte Z68X-UD3R-B3 MSI R7970 Lightning Corsair 16GB (4x4GB) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Westone W3 IEMs RE-272 IEMs Shure SE-215 IEMs Schiit Bifrost DAC 
AudioAudio
Schiit Asgard 2 amp HiVi Swan M50W 2.1 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1320 v3 Super Micro X10SAE GeForce 6200 32GB 1333MHz 
Hard DriveOptical DriveOSPower
4x WD RE4 1TB on-host (Adaptec 6805E RAID 10) 4x WD Red 1TB on-host (Adaptec 6805E RAID 10) Windows Server 2012 R2 x64 SeaSonic SS-400FL2 
Case
Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel® Core™ i5 2557M Processor ASUS Zenbook UX31E Integrated Intel® HD Graphics 3000  4GB DDR3 1333 MHz SDRAM 
Hard DriveOS
128GB SSD Debian "Jessie" 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Operating Systems
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › HOW TO: Remove a Virus in Windows using Linux