Overclock.net › Forums › Software, Programming and Coding › Operating Systems › HOW TO: Remove a Virus in Windows using Linux
New Posts  All Forums:Forum Nav:

HOW TO: Remove a Virus in Windows using Linux - Page 2

post #11 of 24
Thread Starter 
Quote:
Originally Posted by Plan9 View Post

Does the virus scanner really need to run as root?
Also, what's the virus definitions and heuristics like for Clamav? it's all very good and well booting into a known a safe environment to perform your system scan, but if it's effectiveness at spotting viruses is less than it's Windows rivals, then you're better off just running Avast / whatever in Windows safe mode.

Yes, ROOT is required. That being said, in most liveCDs you are already ROOT, but have no root password. The standard in Linux is when you are root, or need to install something as root but not in root, SUDO for example, you would need a password. Yes there are other ways to do this, but I wrote this based upon what is the easiest for everyone, even for those who have never even seen anything Linux and know nothing about it. Most people I talk to mention Linux as some really hard OS that you have to know code in order to use it, which is completely false. So, writing this in the simplest format seemed to be best. Also, as others have said, CLAMAV is pretty good, and keeps up with updates.
Quote:
Originally Posted by E-Peen View Post

You use your Linux partition to download the latest network drivers for your board, I assume tongue.gif

You wouldn't even need to use a Linux partition. You can do the same thing without a partition at all, and just use a liveCD, mount the windows partitioned drive, and drop your downloaded drivers there.
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
post #12 of 24
Thread Starter 
Quote:
Originally Posted by Weedvender View Post

ok. now what happens when removal of virus kills the internet.

Sounds like you were pretty screwed to begin with! Easy enough though... Use the Linux LiveCD to access the internet, download the latest drivers for your network card, and also your browser of choice to be safe, and put them somewhere on your windows partitioned harddrive that you can readily access them when back on windows. Boot into windows and reinstall both. Most web browsers are good enough these days to even save all your bookmarks when reinstalling them. All of this is of course assuming you removed the original virus using linux thumb.gif
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
post #13 of 24
Quote:
Originally Posted by Weedvender View Post

Quote:
Originally Posted by E-Peen View Post

You use your Linux partition to download the latest network drivers for your board, I assume tongue.gif

Some of the particularly nasty viruses disable the device so even the windows o.s. with drivers can't see it.
Rep given to OP.

Yeah I had that happen to me once when we got a couple bad viruses but I scanned it from my old laptop using ubuntu.
 
Project Sophos
(23 items)
 
Server
(11 items)
 
CPUMotherboardGraphicsGraphics
Intel 3930k Asus P9X79 Deluxe  EVGA GTX 670 2GB 2670-KR EVGA GTX 670 2GB 2670-KR 
RAMHard DriveCoolingCooling
G.Skill Sniper 16GB  Western Digital Caviar Black 1Tb EK Supreme LTX CPU Plexi/Nickel waterblock EK GTX 670 Plexi/Copper waterblock  
CoolingCoolingCoolingOS
EK GTX 670 Plexi/Copper waterblock  Dual Swiftech 655-B Pumps with Bitspower Top Two XSPC RX480 Radiators Windows 7-64 bit 
MonitorPowerCaseMouse
3 Dell S2340L 23" Cooler Master 1000w Silent Pro Custom Oak Desk Logitech G700 
CPUMotherboardGraphicsGraphics
AMD 1100T 3.3Ghz @ 4.012Ghz Asus Sabertooth 990FX Sparkle GTX 560TI EVGA Geforce GTX 460 Fermi 
RAMHard DriveHard DriveOptical Drive
Patriot G2 Western Digital Caviar Blue Western Digital Caviar Blue none - their ancient 
CoolingCoolingCoolingCooling
EK-Supreme LTX CPU Water Block - Acetal EK-VGA Supreme HF High Performance GPU Water Bl... Tejava glass bottle Swiftech MCP-655B 
CoolingOSOSMonitor
Masterkleer 1/2" ID 3/4" OD tubing Ubuntu 10.10 64-bit Windows 7 64-bit I-inc 22" 
MonitorKeyboardPowerCase
I-inc 22" Logitech k-300 Gaming Keyboard Thermaltake Toughpower 775 Watt Power Supply Corsair 800D 
MouseMouse PadOther
Logitech G700 Eh they're useless Scythe Kaze Master Pro 
CPUCPUMotherboardGraphics
Intel Xeon E5-2670  Intel Xeon E5-2670  Intel S2600CP2 Headless 
RAMHard DriveHard DriveHard Drive
Samsung ECC 2Rx4 PC3 10600R E1-P1 Western Digital Black Western Digital Blue Western Digital Blue 
OSPowerCase
Centos 7x64 EVGA 750w Bronze Fractal Design Core 3500 
  hide details  
Reply
 
Project Sophos
(23 items)
 
Server
(11 items)
 
CPUMotherboardGraphicsGraphics
Intel 3930k Asus P9X79 Deluxe  EVGA GTX 670 2GB 2670-KR EVGA GTX 670 2GB 2670-KR 
RAMHard DriveCoolingCooling
G.Skill Sniper 16GB  Western Digital Caviar Black 1Tb EK Supreme LTX CPU Plexi/Nickel waterblock EK GTX 670 Plexi/Copper waterblock  
CoolingCoolingCoolingOS
EK GTX 670 Plexi/Copper waterblock  Dual Swiftech 655-B Pumps with Bitspower Top Two XSPC RX480 Radiators Windows 7-64 bit 
MonitorPowerCaseMouse
3 Dell S2340L 23" Cooler Master 1000w Silent Pro Custom Oak Desk Logitech G700 
CPUMotherboardGraphicsGraphics
AMD 1100T 3.3Ghz @ 4.012Ghz Asus Sabertooth 990FX Sparkle GTX 560TI EVGA Geforce GTX 460 Fermi 
RAMHard DriveHard DriveOptical Drive
Patriot G2 Western Digital Caviar Blue Western Digital Caviar Blue none - their ancient 
CoolingCoolingCoolingCooling
EK-Supreme LTX CPU Water Block - Acetal EK-VGA Supreme HF High Performance GPU Water Bl... Tejava glass bottle Swiftech MCP-655B 
CoolingOSOSMonitor
Masterkleer 1/2" ID 3/4" OD tubing Ubuntu 10.10 64-bit Windows 7 64-bit I-inc 22" 
MonitorKeyboardPowerCase
I-inc 22" Logitech k-300 Gaming Keyboard Thermaltake Toughpower 775 Watt Power Supply Corsair 800D 
MouseMouse PadOther
Logitech G700 Eh they're useless Scythe Kaze Master Pro 
CPUCPUMotherboardGraphics
Intel Xeon E5-2670  Intel Xeon E5-2670  Intel S2600CP2 Headless 
RAMHard DriveHard DriveHard Drive
Samsung ECC 2Rx4 PC3 10600R E1-P1 Western Digital Black Western Digital Blue Western Digital Blue 
OSPowerCase
Centos 7x64 EVGA 750w Bronze Fractal Design Core 3500 
  hide details  
Reply
post #14 of 24
I started reading this

I decided that I really like the command, ClamScan



THis always was funny to me, Geek Squad and Staples computer repair teams know absolutely nothing about anything~

Worked for staples and they didnt evne know what Linux was, they tried telling me that it would be against the law to use a Linux Small boot on a flash drive, to simply enter someones harddrive to extract a password.......

I eventually quit, they wouldnt give me enough hours to complete the workload, and forced me out onto the sales floor too often sicne they refuse to train new hires, and would rather yell at me for not having the same amount of Sales as a Full Timer and not completing my PC Fixes.......

Total Scum.



Good write up though, not enough people know about this.
Nameless Traitor
(14 items)
 
†he cu|†
(13 items)
 
 
CPUMotherboardGraphicsRAM
Core I7 920@3.8ghz Asus P6T-Deluxe GTX 570 1.2gb ;p Mushkin RedLine: 3x2GB 1600mhz 998805 
Hard DriveCoolingOSMonitor
128GB Crucial M4 SSD + 2 x 250GB + 500GB Extern... Noctua U12P Win7 Ultimate 64-bit 20in Wide LCD 1680x1050 
KeyboardPowerCaseMouse
Ducky OCN 1008 MX Brown MechBoard Corsair CMPSU-750HX HAF 932! Logitech G5 
Mouse Pad
Cool Warhammer Print 
CPUMotherboardGraphicsRAM
Opty 165 CCBBE @ 300fsb DFI LanP UT SLI-DR eVGA 8800gts 640mb 2x1gb Corsair XMS TwinX P 
Hard DriveOptical DriveOSMonitor
250 g sataII Max†or NEC DVD+/-DL XP pro 20.1 inch wide 5ms 
KeyboardPowerCaseMouse
Some old Thing OCZ GameXstream 600w Spire Baby! Logitech G5 
Mouse Pad
What? 
  hide details  
Reply
Nameless Traitor
(14 items)
 
†he cu|†
(13 items)
 
 
CPUMotherboardGraphicsRAM
Core I7 920@3.8ghz Asus P6T-Deluxe GTX 570 1.2gb ;p Mushkin RedLine: 3x2GB 1600mhz 998805 
Hard DriveCoolingOSMonitor
128GB Crucial M4 SSD + 2 x 250GB + 500GB Extern... Noctua U12P Win7 Ultimate 64-bit 20in Wide LCD 1680x1050 
KeyboardPowerCaseMouse
Ducky OCN 1008 MX Brown MechBoard Corsair CMPSU-750HX HAF 932! Logitech G5 
Mouse Pad
Cool Warhammer Print 
CPUMotherboardGraphicsRAM
Opty 165 CCBBE @ 300fsb DFI LanP UT SLI-DR eVGA 8800gts 640mb 2x1gb Corsair XMS TwinX P 
Hard DriveOptical DriveOSMonitor
250 g sataII Max†or NEC DVD+/-DL XP pro 20.1 inch wide 5ms 
KeyboardPowerCaseMouse
Some old Thing OCZ GameXstream 600w Spire Baby! Logitech G5 
Mouse Pad
What? 
  hide details  
Reply
post #15 of 24
Thread Starter 
Quote:
Originally Posted by StormX2 View Post

I started reading this
I decided that I really like the command, ClamScan
THis always was funny to me, Geek Squad and Staples computer repair teams know absolutely nothing about anything~
Worked for staples and they didnt evne know what Linux was, they tried telling me that it would be against the law to use a Linux Small boot on a flash drive, to simply enter someones harddrive to extract a password.......
I eventually quit, they wouldnt give me enough hours to complete the workload, and forced me out onto the sales floor too often sicne they refuse to train new hires, and would rather yell at me for not having the same amount of Sales as a Full Timer and not completing my PC Fixes.......
Total Scum.
Good write up though, not enough people know about this.

After seeing far too many instances of geek-squad not knowing jack, is when I decided to just do it all myself for family, friends, and coworkers.

You should do a write-up on how to recover a windows password using linux. I bet plenty of people could use that info. I suppose I could write one too, if you don't wanna.
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
post #16 of 24
Quote:
Originally Posted by StupidMonkey View Post

After seeing far too many instances of geek-squad not knowing jack, is when I decided to just do it all myself for family, friends, and coworkers.
You should do a write-up on how to recover a windows password using linux. I bet plenty of people could use that info. I suppose I could write one too, if you don't wanna.

Does this count? http://pogostick.net/~pnh/ntpasswd/

tongue.gif

Its Linux based....
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
post #17 of 24
Quote:
Originally Posted by StupidMonkey View Post

Yes, ROOT is required. That being said, in most liveCDs you are already ROOT, but have no root password.
Except in this instance you're not. You specifically chose to enable and log into root.
Quote:
Originally Posted by StupidMonkey View Post

The standard in Linux is when you are root, or need to install something as root but not in root, SUDO for example, you would need a password. Yes there are other ways to do this, but I wrote this based upon what is the easiest for everyone, even for those who have never even seen anything Linux and know nothing about it. Most people I talk to mention Linux as some really hard OS that you have to know code in order to use it, which is completely false. So, writing this in the simplest format seemed to be best.
Yes, I know this as I'm a full time Linux and UNIX user - both professionally (unix sys admin) and personally (at home) tongue.gif

Anyhow, you're not logging into root to install something, you're logging in to run the AV.
So my original question stands: does the AV really need to run as root? I can't see why it should need it unless it was trying to mount / unmount file systems - however even then, you'll most likely be running this against NTFS which runs against FUSE (rather than in kernel memory) and thus can be mounted / umount with regular user access anyway.

So I'm just puzzled why the AV is running as root as you're introducing two additional and unnecessary console commands to your walkthrough if freshclam doesn't require root permissions (which on face value, I wouldn't have expected it would).

If it does require root, then fair enough. But I'm genuinely more intellectually curious why it would rather than trying to troll / berate your hard work. So it's really just curiosity why it needs root than anything smile.gif
Quote:
Originally Posted by StupidMonkey View Post

Also, as others have said, CLAMAV is pretty good, and keeps up with updates.
Excellent biggrin.gif
post #18 of 24
Thread Starter 
Quote:
Originally Posted by tompsonn View Post

Does this count? http://pogostick.net/~pnh/ntpasswd/
tongue.gif
Its Linux based....

Fair enough!
Quote:
Originally Posted by Plan9 View Post

Except in this instance you're not. You specifically chose to enable and log into root.
Yes, I know this as I'm a full time Linux and UNIX user - both professionally (unix sys admin) and personally (at home) tongue.gif
Anyhow, you're not logging into root to install something, you're logging in to run the AV.
So my original question stands: does the AV really need to run as root? I can't see why it should need it unless it was trying to mount / unmount file systems - however even then, you'll most likely be running this against NTFS which runs against FUSE (rather than in kernel memory) and thus can be mounted / umount with regular user access anyway.
So I'm just puzzled why the AV is running as root as you're introducing two additional and unnecessary console commands to your walkthrough if freshclam doesn't require root permissions (which on face value, I wouldn't have expected it would).
If it does require root, then fair enough. But I'm genuinely more intellectually curious why it would rather than trying to troll / berate your hard work. So it's really just curiosity why it needs root than anything smile.gif
Excellent biggrin.gif

The action of scanning /media requires root access, stated by clamav, and proven when you try to clamscan or freshclam.
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
post #19 of 24
Quote:
Originally Posted by StupidMonkey View Post

The action of scanning /media requires root access, stated by clamav, and proven when you try to clamscan or freshclam.

Seeming as you didn't know, I went off and did my own research. Seems I was right and clamscan doesn't need root permissions to scan (as long as the files can be read and -presumably- written by said user. But that shouldn't be an issue on NTFS volumes anyway).

However freshclam (which is the virus definitions updater) does need to run as root. Which actually makes more sense as you'd expect the definitions and program data to have root permissions (albeit globally executable where applicable) so it would be rather hard to update them without elevating your permissions first.

The only other thing I'd say would be that it might be more useful for Linux noobs if you had the log file output to the users home (or better yet, their desktop). eg:
Code:
clamscan -rl /home/[live_cd_use_name]/Desktop/clam.log

That aside, it looks a very good guide smile.gif
Edited by Plan9 - 1/31/12 at 5:51pm
post #20 of 24
Thread Starter 
Quote:
Originally Posted by Plan9 View Post

Seeming as you didn't know, I went off and did my own research. Seems I was right and clamscan doesn't need root permissions to scan (as long as the files can be read and -presumably- written by said user. But that shouldn't be an issue on NTFS volumes anyway).
However freshclam (which is the virus definitions updater) does need to run as root. Which actually makes more sense as you'd expect the definitions and program data to have root permissions (albeit globally executable where applicable) so it would be rather hard to update them without elevating your permissions first.
The only other thing I'd say would be that it might be more useful for Linux noobs if you had the log file output to the users home (or better yet, their desktop). eg:
Code:
clamscan -rl /home/[live_cd_use_name]/Desktop/clam.log
That aside, it looks a very good guide smile.gif

Setting to root 1st avoids SUDO and thus one less step. Thanks for the verification!

The command of -r tells clamav to remove said files automatically upon scanning... and you get a summary at the end of scanning. If they are new to this at all, then a log file gives them nothing of value. A simple summary is sufficient. "6 bazillion files scanned, 6 Viruses Found, 6 Viruses Removed" is peace of mind. Putting it in /var/log/clam puts it out of sight and out of mind, but leaves it there for the curious, and is gone upon ejection of the liveCD. No cleanup, no mess, no after thought. Easy Virus Go Bye-Bye = Goal.
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AVC PENTIUM 4 DUAL CORE HSF Z9H741K011 EVGA 680i SLI 2x NVIDIA GEFORCE 8800GT 512MB PCI-E REV 1 (SLI) 4x WM552/XG691 HYNIX 1GB DDR2 PC2-6400 JEDEC STD 
Hard DriveOptical DriveOSMonitor
2x SEAGATE HDD 250GB SATA 7200RPM 16MB (Raid0) LG 20X DUAL-LAYER DVD RE-WRITER NON-LIG XP-MCE/Mint 11 KDE 50 inch Samsung DLP HDTV 
KeyboardPowerCaseMouse
MS Wireless BT 7000 1 KILOWATT OEM ATX PSU FULL-TOWER BLUE CASE 2.0B MS Wireless Laser BT 8000 
Mouse Pad
Alienware Big Head 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Operating Systems
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › HOW TO: Remove a Virus in Windows using Linux