Virus Scan A Windows Machine

How often do we all hear the phrase, “Could you take a look at it for me?” Whether you are checking out a machine for a friend or colleague or looking after one of your own machines, it's handy to have the ability to virus check a Windows setup from the safety of a Linux boot CD or USB stick. This short guide shows you how to scan for infected files by booting into SystemRescueCD and running ClamAV, a virus checker.

We recently covered SystemRescueCD, a bootable disc that constitutes a Swiss army knife of Linux based tools for system recovery. ClamAV is one of the useful tools that it includes in a preconfigured, ready to run state. It is possible to boot from SystemRescueCD, mount a Windows partition and then scan it for virus infected files. As you don't have to boot the infected system, this approach offers some advantages over that of running a Windows-based tool.

Boot into the SystemRescueCD desktop in the normal way by accepting the default options and then typing “wizard” when prompted. Once you're at the desktop, open a command line terminal.

The first thing to do is to start the ClamVA demon by typing

clamd

After a few moments, control of the command line should return to the user. The next thing we need to do is to update the ClamVA virus database. Use this command:

freshclam

The next stage is to mount the NTFS partition that contains the suspect files. Before we can do that though, we have to figure out how Linux has named the Windows partition. Do this by running GParted via the application launcher. GParted will display all of the partitions on all of the disks fitted to the system. Make a note of the device name of the partition that you're interested in.

Once you know the name of the partition, mount it so that we can access it. Do this by typing:

ntfs-3g /dev/sda1 /mnt/windows

adjusting the “sda1” part for the actual name of the partition that you're interested in.

Change the current directory to the root of the windows partition:

cd /mnt/windows

Invoke the virus checker itself and select recursive operation:

clamscan -r

The virus checker will now run and tell you if it finds an infected file. By and large, the simplest procedure is to move any such file to an unused directory. Note that, in cases where you have an idea of where the problem might be, you can add a directory name to the clamscan command.

Remember, if you are sorting out a friend's box, play up the advantages of a Linux system to them. The actual scan takes quite a while, and the person you're helping won't be able to tell you to get lost until you've got it working again for them.

SystemRescueCD website

ClamVA website

Load Disqus comments