LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-20-2014, 11:20 PM   #1
sandroD
LQ Newbie
 
Registered: Nov 2014
Location: canada
Distribution: mint 13 main and ubuntu 9 on old laptop
Posts: 11

Rep: Reputation: Disabled
Cool virus finding and quarentine using linux OS on win PC computer


hi this is a situational quetion.

if a pc running windows has a virus. could I run (boot) a linux distro from a usb drive, then use an antivirus program like clamAV to find and quarantine a virus(s)?

as i understand clamAv is a program to prevent viruses in e-mail and it quanrantines viruses only and can not remove them. but by quantineing them they are not harmfull to your computer.

my idea is that it is easier to find and eliminate viruses that live and run in a windows OS, buy using a linux OS booted from USB drive that also has an antivirus linux program. the virus is dormant since linux is running off of USB and not win OS. infact you can scan the whole hard drive.

please provide any thoughts on this. it is a far fetched idea i have being a newbiew, but think it could be a powerfull, fast and affective way to get rid of viruses that are running on a win OS computer.

thanks for your comments and suggestions if you know of a linux antivirus program that will find and remove viruses that run in a win OS.
 
Old 12-21-2014, 12:45 AM   #2
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
What you write is perfectly possible.

You can use clamscan part of clamav to find infected files. Well it doesn't corrects or quarantines the infected file, but you can manually remove the infected files.

And if you remove Windows OS system files then you would need to place clean files of them. In old windows it was possible to get clean files from compressed cab installation files. But I don't know that for newer Windows.

I used to do it in old days.

As for booting cleanly you should use a Live cd or usb with selecting first booting device to be them else a virus present in the MBR (master boot record) will boot first and ... . This affects the newer UEFI GPT partitions based OS's as well.
 
Old 12-21-2014, 10:41 AM   #3
sandroD
LQ Newbie
 
Registered: Nov 2014
Location: canada
Distribution: mint 13 main and ubuntu 9 on old laptop
Posts: 11

Original Poster
Rep: Reputation: Disabled
Cool

Thanks for the insight veerain, I meant to say live CD or USB.

What do you mean by "in old windows" is that XP or older, like win 98 and 2000?

Therefore "newer windows" is vista, win 7, win 8 ?

Thanks for clarifying.

Also replacing files is for win os system, are you saying that virus is usually in win os system files, and not some other files that you could delete with out affecting won os system?

Thanks for clarifying. I am a newbie.

I think that doing what I suggest using clamav and clamscan, is with a live linux USB or Live CD would be great to help someone with an infected computer running win OS. This way would be faster and more powerfull than a virus removal tool that runs in Win OS, as it is infected to start with, only concern as you mentioned is that if an infected file is part of win os system file and you remove it, and can not replace it, then win os will not work. Is that correct?
Thanks for clarifying.

One final thing, I read that if MBR is screwed up, in win os or you remove it using live USB linux and clam av scan, since it is infected, you can fix it, by inserting win os CD and chosing "repair". This will fix MBR and leave the rest of hard drive and win OS with out over writing it. Any thought on that?

My intention is to hail LINUX on a live USB or live CD as the conquor of viruses on PC runing win os. Further proving linux supremacy over win OS. Let's face it, you can not run any win OS from a live CD or live USB, but you can with linux. Correct me if I am wrong here. Linux is computing power!
Thanks
 
Old 12-21-2014, 01:14 PM   #4
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,090

Rep: Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474
Quote:

And if you remove Windows OS system files then you would need to place clean files of them. In old windows it was possible to get clean files from compressed cab installation files. But I don't know that for newer Windows.
i NEVER EVER !!! trusted those

if the virus installs , it can edit THOSE
and REINSTALL on the next boot

get the "system dll" from MICROSOFT

firefox on a linux box can download them from MS

then once the system files that clam found as "bad" are replaced ( with windows NOT booted)
reboot into SAFE MODE
first
then into normal mode


that will STOP the normal windows auto "back-up" from replacing the already replaced dll with the ones in the cab files
and fix thost dlls in the backup cab files


--- the same procedure for REPLACING the MS openGL disabled Nvidia driver with the one from nvidia ( for the FIRST TIME)

NOW

that is only the half of it

viruses/ keylogers/ advertising software /...
edit the MS System registry and add ( HKEY_'s)
those NEED to be cleaned out

the WINE version of "regedit.exe" can do it
you just need to set the windows OS as the location for wine to use

--- be VERY VERY VERY CAREFUL!!!!!!!!!!!
 
Old 12-22-2014, 12:18 AM   #5
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
Quote:
Originally Posted by John VV View Post
i NEVER EVER !!! trusted those

if the virus installs , it can edit THOSE
and REINSTALL on the next boot

get the "system dll" from MICROSOFT
Imean't in windows 95, 98 and cab files are from Genuine Windows Installation CD/DVD.
 
Old 12-22-2014, 12:25 AM   #6
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
Quote:
Originally Posted by sandroD View Post
Thanks for the insight veerain, I meant to say live CD or USB.

Also replacing files is for win os system, are you saying that virus is usually in win os system files, and not some other files that you could delete with out affecting won os system?

is that if an infected file is part of win os system file and you remove it, and can not replace it, then win os will not work. Is that correct?

One final thing, I read that if MBR is screwed up, in win os or you remove it using live USB linux and clam av scan, since it is infected, you can fix it, by inserting win os CD and chosing "repair". This will fix MBR and leave the rest of hard drive and win OS with out over writing it.

Let's face it, you can not run any win OS from a live CD or live USB, but you can with linux.
Yes most probably it's in system files so that it can propagate easily. But it can also be in Micorsoft Office files with macros.

Yes if windows system files are removed then windows may not start. And replacing other files don't have such effect, but you loss data with it (may be valuable).

And you can use Windows Repair to fix MBR's as well as some system files. Best when you have a clean windows install, it's wise to make a repair cd. Or Official Windows Install DVD also has repair option.

Nowadays with Windows 8/8.1 you can install Windows to usb; so it works as Live USB Drive!
 
Old 12-22-2014, 07:23 AM   #7
sandroD
LQ Newbie
 
Registered: Nov 2014
Location: canada
Distribution: mint 13 main and ubuntu 9 on old laptop
Posts: 11

Original Poster
Rep: Reputation: Disabled
Thanks to all who have commented above on my idea.

I have concluded, that what I want to do at my knowledge level is complicated, there is more than I thought than just finding corrupted files using clamav and clam scan, and deleting. Them and all is good.

So maybe this is a project for someone in the linux community who has the skill, to make a linux app that can find vuruses in and win OS computer, booting off live linux USB and do the other steps of replacing deleted win os system files, and cleaning MS regisrty ect .

So after reboot, win OS computer works, with no viruses.

Sounds so easy, as my idea, but logistics so complicated. To much for my newbie level.

So I won't be doing this idea of mine.

My homework is to try to run windows in wine.
 
Old 12-22-2014, 10:01 AM   #8
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
Wine is windows emulator. It runs Windows Applications in Linux environment.
 
Old 12-22-2014, 11:38 AM   #9
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,838

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
If you have problems with windows use "Windows Defender Offline" & "Ccleaner" to remove the infection. Then run "sfc /scannow" from command prompt, to see if it can automatically repair the corrupted files.
 
Old 12-22-2014, 12:35 PM   #10
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,090

Rep: Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474
Quote:

So maybe this is a project for someone in the linux community who has the skill, to make a linux app that can find vuruses in and win OS computer, booting off live linux USB and do the other steps of replacing deleted win os system files, and cleaning MS regisrty ect .
someone has

have you not seen "the AS SOLD ON TV" USB thumb drive virus fixer

there is a reason i bolded and capitalized the "use caution"

the windows registry is a bit convoluted
it's main purpose is to hide installed software and the activation keys

and HIDE things it dose
 
Old 12-22-2014, 12:43 PM   #11
sandroD
LQ Newbie
 
Registered: Nov 2014
Location: canada
Distribution: mint 13 main and ubuntu 9 on old laptop
Posts: 11

Original Poster
Rep: Reputation: Disabled
Hi Eddy1, thanks for your advice.

I don't have a virus on a win OS pc, I was just toying with the idea of using a linux app, to find and get rid of a virus on a Win OS PC. should the situation arrise. Booting from a live linux USB. Not sure if it could be done, so I just put the idea out there. I learned a lot from the responses I got.

Just a question though, what is " sfc/scannow ".?

I use ccleaner when running win OS, it is a great program.
 
Old 12-22-2014, 01:22 PM   #12
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,838

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Windows defender Offline is a program that is run from cd/usb
http://windows.microsoft.com/en-us/w...fender-offline
sfc /scannow repairs corrupted files
http://support.microsoft.com/KB/929833
http://pcsupport.about.com/od/toolso...fc-scannow.htm
As far as Ccleaner it's also best to run from live-cd, it's included in hiren's-boot-cd

Last edited by EDDY1; 12-22-2014 at 01:23 PM.
 
Old 12-22-2014, 10:42 PM   #13
sandroD
LQ Newbie
 
Registered: Nov 2014
Location: canada
Distribution: mint 13 main and ubuntu 9 on old laptop
Posts: 11

Original Poster
Rep: Reputation: Disabled
Hi Eddy1, thanks so much, will look at those links to be prepared for future problems, if not on my, then others PC running WIN OS.

I guess I need to google "Hiren's boot CD"

And make one, I usually use CCleaner that is installed. On a win PC for regular cleaning, but I C the power of running virus find and cleaning from live CD or live USB.

That is the best lesson I have learned from all the above. Thee power is in using "live" to boot from for virus find, remove and cleaning.
 
Old 12-22-2014, 10:50 PM   #14
sandroD
LQ Newbie
 
Registered: Nov 2014
Location: canada
Distribution: mint 13 main and ubuntu 9 on old laptop
Posts: 11

Original Poster
Rep: Reputation: Disabled
Hi john VV



"someone has

have you not seen "the AS SOLD ON TV" USB thumb drive virus fix"

I have NOT. But as you said , " use caution"

See Eddy1 above about using defender and CCleaner on live CD or USB.
 
Old 12-23-2014, 01:42 AM   #15
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,838

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Quote:
I guess I need to google "Hiren's boot CD"
And make one, I usually use CCleaner that is installed. On a win PC for regular cleaning, but I C the power of running virus find and cleaning from live CD or live USB.
The tools on hiren's bootcd have an expiration date on them, especially AV.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
What Linux Distro works on a Win 8 computer fullwhitebeard Linux - Software 4 07-08-2013 10:53 AM
Viewing my Linux Computer on Win XP geotev Linux - Networking 2 07-16-2007 09:37 AM
Internet is slower on my win computer than on my linux computer eXor Linux - Networking 1 12-03-2004 08:58 AM
Finding Right Build for Computer Saavy linux newbie.... and his unsaavy wife :) Morfedel Linux - Newbie 7 05-29-2004 09:35 AM
finding virus info edsmithers Linux - General 3 08-07-2003 03:56 AM


All times are GMT -5. The time now is 12:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration