Virus Scan A Windows Machine
How often do we all hear the phrase, “Could you take a look at it for me?” Whether you are checking out a machine for a friend or colleague or looking after one of your own machines, it's handy to have the ability to virus check a Windows setup from the safety of a Linux boot CD or USB stick. This short guide shows you how to scan for infected files by booting into SystemRescueCD and running ClamAV, a virus checker.
We recently covered SystemRescueCD, a bootable disc that constitutes a Swiss army knife of Linux based tools for system recovery. ClamAV is one of the useful tools that it includes in a preconfigured, ready to run state. It is possible to boot from SystemRescueCD, mount a Windows partition and then scan it for virus infected files. As you don't have to boot the infected system, this approach offers some advantages over that of running a Windows-based tool.
Boot into the SystemRescueCD desktop in the normal way by accepting the default options and then typing “wizard” when prompted. Once you're at the desktop, open a command line terminal.
The first thing to do is to start the ClamVA demon by typing
After a few moments, control of the command line should return to the user. The next thing we need to do is to update the ClamVA virus database. Use this command:
The next stage is to mount the NTFS partition that contains the suspect files. Before we can do that though, we have to figure out how Linux has named the Windows partition. Do this by running GParted via the application launcher. GParted will display all of the partitions on all of the disks fitted to the system. Make a note of the device name of the partition that you're interested in.
Once you know the name of the partition, mount it so that we can access it. Do this by typing:
ntfs-3g /dev/sda1 /mnt/windows
adjusting the “sda1” part for the actual name of the partition that you're interested in.
Change the current directory to the root of the windows partition:
Invoke the virus checker itself and select recursive operation:
The virus checker will now run and tell you if it finds an infected file. By and large, the simplest procedure is to move any such file to an unused directory. Note that, in cases where you have an idea of where the problem might be, you can add a directory name to the clamscan command.
Remember, if you are sorting out a friend's box, play up the advantages of a Linux system to them. The actual scan takes quite a while, and the person you're helping won't be able to tell you to get lost until you've got it working again for them.
UK based freelance writer Michael Reed writes about technology, retro computing, geek culture and gender politics.
Getting Started with DevOps - Including New Data on IT Performance from Puppet Labs 2015 State of DevOps Report
August 27, 2015
12:00 PM CDT
DevOps represents a profound change from the way most IT departments have traditionally worked: from siloed teams and high-anxiety releases to everyone collaborating on uneventful and more frequent releases of higher-quality code. It doesn't matter how large or small an organization is, or even whether it's historically slow moving or risk averse — there are ways to adopt DevOps sanely, and get measurable results in just weeks.
Free to Linux Journal readers.Register Now!
|Secure Server Deployments in Hostile Territory, Part II||Jul 29, 2015|
|Hacking a Safe with Bash||Jul 28, 2015|
|KDE Reveals Plasma Mobile||Jul 28, 2015|
|Huge Package Overhaul for Debian and Ubuntu||Jul 23, 2015|
|diff -u: What's New in Kernel Development||Jul 22, 2015|
|Shashlik - a Tasty New Android Simulator||Jul 21, 2015|
- Secure Server Deployments in Hostile Territory, Part II
- Hacking a Safe with Bash
- KDE Reveals Plasma Mobile
- Huge Package Overhaul for Debian and Ubuntu
- Home Automation with Raspberry Pi
- The Controversy Behind Canonical's Intellectual Property Policy
- Shashlik - a Tasty New Android Simulator
- Embed Linux in Monitoring and Control Systems
- diff -u: What's New in Kernel Development
- General Relativity in Python