Using Linux to clean up a Xp hard drive.
A friend, running XP SP3, clicked on a link in an e-mail from a "friend" and now has infected his computer with, "Trojan.RootKit.ZAccess."
I tried several things while at his keyboard, but nothing reported the trojan and anything I tried to install to find it was not allowed to run. I used the AVG emergency boot disk, based a linux distribution, and it did not fine the trojan. Finally, I took the drive out of his case, put it in a external USB case and plugged it into my Slackware Linux box. I ran ClamAV on it and it reported the Trojan.RootKit.ZAccess as mentioned above. I've found the infected file and all references to it, BUT even in Linux I cannot delete anything from the drive. Doesn't manner if I on as root or user. It won't even let me change the permissions. Any ideas would be greatly appreciated (other than reformatting the drive). :) |
Is it possible that the drive is mounted read only? Or that the file you are trying to delete has its attributes set to read only?
Regards, Fordeck |
:doh:
Thanks for the "wake up call." I blame the decaf. :) |
Quote:
|
Quote:
|
After Googling that rootkit, I have found that it happens to be a variant of the Agent.nsf Trojan, am I right? Definitely sounds like the email from a "friend" had to have really been an email from the Trojan itself as it resided on the friend's computer. To me, that sounds like the Trojan is trying to play botnet on your friend. The only way to stop the spread of the Trojan, unfortunately, is to format your friend's hard drive.
Fortunately, you can easily do this from a Linux Live CD, specifically an Ubuntu, Fedora, Debian, or Mint (or anything with a desktop environment that can run GParted) one. If the Live CD has GParted (which I'm sure Ubuntu does) then try the following: Launch GParted (System -> Admin -> GParted on Ubuntu or anything GNOME-based). When GParted launches, select the drive to partition, but instead of partitioning it, select "Create partition table" from the Device menu. This will completely erase anything on the drive. After this, then you can create a new partition (ext4 is a good file system to use) that takes up the entire disk, and apply the changes. Then, use the Live CD's installer to install Linux to the drive. But please, teach your friend how to use Linux if he doesn't know. If he learns all the open source alternatives to proprietary apps, that's great. If not, and he's more comfortable with Windows XP, then he can easily reinstall it (provided he has the XP CD). |
Quote:
Quote:
Quote:
Quote:
I wonder why you still don't get that forcing people to FOSS is not the appropriate way. |
I agree that the nuke and boot approach to handling a virus or trojan is excessive. Typically malwarebytes does a very good job of removing these types of infections. One needs to download it using a clean system and put it on a memory stick under a non assuming name, copy it to the target system and run it under an assumed name. If this fails, there are other programs that can be effective such as hijack-this, but dangerous to use unless you know what you are doing.
If you need or would like help with Windows malware, I highly recommend this other forum. Some of the most knowledgeable experts in Windows malware that I have seen hang out there. |
Quote:
|
First time i installed Linux in a PC was because I was enough pissed off to nuke and boot xp away... because of Virus and Malware... never turned back...
|
Quote:
But that wasn't that what Kenny said, he didn't want to suggest Linux, he wanted the OP to erase the whole drive and just install Linux on a PC that even isn't his own: Quote:
Or in short: Suggestion is OK, forcing is not. |
The best way to deal with a broken XP installation is to delete the OS, reformat the hard drive to ext3/4, and install a Linux distribution.
At least, that's what I keep trying to tell my wife for this computer. |
All times are GMT -5. The time now is 03:44 PM. |