Hello. I'm currently having a major virus issue in Winblows to the point where it isn't safe to run Windows.
I've lurked around quite a bit and mostly found "Hurr you don't need an AV for Linux."

I've tried Nod32. Does not display or remove viruses. Just said "You have 67 viruses"
AVG. Did not install.
Avast. Does not finish scan. Crashes part way through. Acts as its being closed though. No freezing or error message.

And I've yet to find another.
My usual AV is MalwareBytes, but that won't work under Wine.
(Too many false alerts, don't want it to be removed without my approval.)

Does a more experienced user know of another AV that actually works?

clamav, and don't run under wine.

I was running MBAB under Wine because it doesn't have a Linux version.
And ClamAV is Terminal only?
How do I review what I want removed?

I think you're going about it wrong. It takes a lot more than AV software to remove a serious infection. Just like you shouldn't rely on AV to detect all malware; you shouldn't rely on it to remove all malware.

It takes analysis of data in motion (network traffic), data at rest (file system) and data in use (memory) to make me feel comfortable in trusting the computer again. Needless to say it's often easier to simply back up your data, reformat and learn from your mistakes after you figured out how it happened.

perhaps you could run a virtual windows and then have an AV in the virtual box scan the infected partition.. Just an idea...

On a clean machine go to http://www.avg.com/us-en/avg-rescue-cd and download this free cd, burn it to a disk or usb and boot the PC off the cd or usb. Follow the prompts and let the program clean the system.

Here is an approach I have used to cleanup infected Windows machines. Perhaps it will give you some ideas.

I have a Dell netbook running Ubuntu. It has Bitdefender virus scanner installed.

I also have a little hard drive to usb adapter cable. It will connect to about any type of hard drive and convert it to a USB "external" drive. Here is the model I have http://www.newegg.com/Product/Produc...82E16812232002

So I open up the case on the infected Windows PC and unplug the data cable from the hard drive. I connect the adapter gizmo to the drive and plug it into the netbook. I use the power of the Windows PC to spin the drive.

Linux will mount the Windows drive and I can then do the scan. I save or print out the report showing any infected files. I allow Bitdefender to delete the infected files. It can do this without concern about files being in use because Windows is not running. Even viruses which prevent AV software from installing or running can be zapped because the AV software is running on the Linux box and not on the infected machine.

Using the report prepared by Bitdefender I replace the infected files with clean files from a Windows virtual machine running the same version of Windows as the infected machine.

I then unmount the Windows drive and reconnect it to the Windows PC. When it boots up it should be clean.

Ken

Trinity Rescue Kit.

Works great.

AVG has anivirus software that runs in linux. I have not tried it though.

As for software to run while in windows, I recommend that you run your favorite and installed av software scan, and at the same time run Malware Bites, and http://housecall.antivirus.com online scan.

Run all 3 scans at the same time. Start one scan, then start the next one, and then the 3rd one, let them all run at the same time.

Wayne Sallee
Wayne@WayneSallee.com

AVG runs just fine in Linux.

I used to use F-Prot, but F-Prot broke the "free for home use" version. They did a major reworking of it, and the free version would no longer retain its licensing. Their tech support people were very nice, but nice don't fix broke.

You don't...

What you want is an AV program for repairing a windows partition from Linux. Which is a different thing altogether. Personally if I were you, I'd cut my losses, recover whatever (non executable) files you can, e.g. photos, documents, etc and just format and reinstall.

Preferably ditch windows altogether if possible...

As AlucardZero suggested, I too use ClamAV. I've put it on a Knoppix Live CD (Knoppix FAQ has a guide on how to save data for Live CD's). Then I plop the CD in, and if I have to edit the BIOS to load from CD first, and then do a scan in terminal with the Live CD.

To set up everything for ClamAV, you have to first remove or comment out "Example" in freshclam.conf (the instructions are given in the .conf file too):

/usr/local/etc

is where freshclam.conf is put by default.

You can choose to remove "Example" all together, or just put a '#' in front of it.

Next is the actual update, which for this you just type "freshclam" in a terminal, and that's it.

Then, the scanning part. First, find out where your Windows installation is located. Usually it's /sda[X] in which [X] is a number. Just scan the directory with:

-r goes into every folder and searches them
-i shows only infected files

You can choose to remove the infected files (although you should check for false positives), or if you're daring enough to just remove whatever files that you may think is infected:

I don't recommend that method though, but if you're feeling brave and ballsy, go for it. Also note that [DIRECTORY] is the location of Windows.

The only way to deal with malware is ... to use your system (any type of system) in such a way that the malware cannot succeed in installing itself or doing malice. Then, maintain constantly-executing backups that malware (running under your own account as malware always does) cannot touch it.

When you come home at night, you unlock the door, go inside, and lock the door behind you. If you walked up to the CEO's office (assuming you could get past the many gatekeepers), you would find that the door is locked. If you saw a juicy and portable piece of equipment, you should find that it is secured by a lock and a cable.

These are simple precautions that prevent "opportunists" from succeeding in their efforts. There is a legendary story of a cat-burglar who burgled many expensive homes over the years. When he was finally caught, he explained that he walked up to the door with a warm pizza in his hand, and tried the door, usually finding it unlocked, the security system (if there was one) turned off, and nobody was home. He scooped up what he could easily find, put it into the pizza box and left. Q.E.D.

"Anti-virus" vendors have made millions of dollars for themselves by deliberately (I think...) arranging for the system to be completely unprotected, then selling software (constantly in need of "updating") which removes whatever was left behind by the latest cat-burglar.

Windows is not "an intrinsically insecure system." But millions of copies of it have been sold which have all of its formidable security features deliberately turned off.

Most virus infected computers can be cleaned up. People give up too easily.

Attack the viruses with several different virus scans at once. If things are too messed up to do this in regular mode, do it in safe mode, then do it again in regular mode.

Wayne Sallee
Wayne@WayneSallee.com