virus finding and quarentine using linux OS on win PC computer
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: mint 13 main and ubuntu 9 on old laptop
Posts: 12
Rep:
virus finding and quarentine using linux OS on win PC computer
hi this is a situational quetion.
if a pc running windows has a virus. could I run (boot) a linux distro from a usb drive, then use an antivirus program like clamAV to find and quarantine a virus(s)?
as i understand clamAv is a program to prevent viruses in e-mail and it quanrantines viruses only and can not remove them. but by quantineing them they are not harmfull to your computer.
my idea is that it is easier to find and eliminate viruses that live and run in a windows OS, buy using a linux OS booted from USB drive that also has an antivirus linux program. the virus is dormant since linux is running off of USB and not win OS. infact you can scan the whole hard drive.
please provide any thoughts on this. it is a far fetched idea i have being a newbiew, but think it could be a powerfull, fast and affective way to get rid of viruses that are running on a win OS computer.
thanks for your comments and suggestions if you know of a linux antivirus program that will find and remove viruses that run in a win OS.
You can use clamscan part of clamav to find infected files. Well it doesn't corrects or quarantines the infected file, but you can manually remove the infected files.
And if you remove Windows OS system files then you would need to place clean files of them. In old windows it was possible to get clean files from compressed cab installation files. But I don't know that for newer Windows.
I used to do it in old days.
As for booting cleanly you should use a Live cd or usb with selecting first booting device to be them else a virus present in the MBR (master boot record) will boot first and ... . This affects the newer UEFI GPT partitions based OS's as well.
Distribution: mint 13 main and ubuntu 9 on old laptop
Posts: 12
Original Poster
Rep:
Thanks for the insight veerain, I meant to say live CD or USB.
What do you mean by "in old windows" is that XP or older, like win 98 and 2000?
Therefore "newer windows" is vista, win 7, win 8 ?
Thanks for clarifying.
Also replacing files is for win os system, are you saying that virus is usually in win os system files, and not some other files that you could delete with out affecting won os system?
Thanks for clarifying. I am a newbie.
I think that doing what I suggest using clamav and clamscan, is with a live linux USB or Live CD would be great to help someone with an infected computer running win OS. This way would be faster and more powerfull than a virus removal tool that runs in Win OS, as it is infected to start with, only concern as you mentioned is that if an infected file is part of win os system file and you remove it, and can not replace it, then win os will not work. Is that correct?
Thanks for clarifying.
One final thing, I read that if MBR is screwed up, in win os or you remove it using live USB linux and clam av scan, since it is infected, you can fix it, by inserting win os CD and chosing "repair". This will fix MBR and leave the rest of hard drive and win OS with out over writing it. Any thought on that?
My intention is to hail LINUX on a live USB or live CD as the conquor of viruses on PC runing win os. Further proving linux supremacy over win OS. Let's face it, you can not run any win OS from a live CD or live USB, but you can with linux. Correct me if I am wrong here. Linux is computing power!
Thanks
And if you remove Windows OS system files then you would need to place clean files of them. In old windows it was possible to get clean files from compressed cab installation files. But I don't know that for newer Windows.
i NEVER EVER !!! trusted those
if the virus installs , it can edit THOSE
and REINSTALL on the next boot
get the "system dll" from MICROSOFT
firefox on a linux box can download them from MS
then once the system files that clam found as "bad" are replaced ( with windows NOT booted)
reboot into SAFE MODE
first
then into normal mode
that will STOP the normal windows auto "back-up" from replacing the already replaced dll with the ones in the cab files
and fix thost dlls in the backup cab files
--- the same procedure for REPLACING the MS openGL disabled Nvidia driver with the one from nvidia ( for the FIRST TIME)
NOW
that is only the half of it
viruses/ keylogers/ advertising software /...
edit the MS System registry and add ( HKEY_'s)
those NEED to be cleaned out
the WINE version of "regedit.exe" can do it
you just need to set the windows OS as the location for wine to use
Thanks for the insight veerain, I meant to say live CD or USB.
Also replacing files is for win os system, are you saying that virus is usually in win os system files, and not some other files that you could delete with out affecting won os system?
is that if an infected file is part of win os system file and you remove it, and can not replace it, then win os will not work. Is that correct?
One final thing, I read that if MBR is screwed up, in win os or you remove it using live USB linux and clam av scan, since it is infected, you can fix it, by inserting win os CD and chosing "repair". This will fix MBR and leave the rest of hard drive and win OS with out over writing it.
Let's face it, you can not run any win OS from a live CD or live USB, but you can with linux.
Yes most probably it's in system files so that it can propagate easily. But it can also be in Micorsoft Office files with macros.
Yes if windows system files are removed then windows may not start. And replacing other files don't have such effect, but you loss data with it (may be valuable).
And you can use Windows Repair to fix MBR's as well as some system files. Best when you have a clean windows install, it's wise to make a repair cd. Or Official Windows Install DVD also has repair option.
Nowadays with Windows 8/8.1 you can install Windows to usb; so it works as Live USB Drive!
Distribution: mint 13 main and ubuntu 9 on old laptop
Posts: 12
Original Poster
Rep:
Thanks to all who have commented above on my idea.
I have concluded, that what I want to do at my knowledge level is complicated, there is more than I thought than just finding corrupted files using clamav and clam scan, and deleting. Them and all is good.
So maybe this is a project for someone in the linux community who has the skill, to make a linux app that can find vuruses in and win OS computer, booting off live linux USB and do the other steps of replacing deleted win os system files, and cleaning MS regisrty ect .
So after reboot, win OS computer works, with no viruses.
Sounds so easy, as my idea, but logistics so complicated. To much for my newbie level.
If you have problems with windows use "Windows Defender Offline" & "Ccleaner" to remove the infection. Then run "sfc /scannow" from command prompt, to see if it can automatically repair the corrupted files.
So maybe this is a project for someone in the linux community who has the skill, to make a linux app that can find vuruses in and win OS computer, booting off live linux USB and do the other steps of replacing deleted win os system files, and cleaning MS regisrty ect .
someone has
have you not seen "the AS SOLD ON TV" USB thumb drive virus fixer
there is a reason i bolded and capitalized the "use caution"
the windows registry is a bit convoluted
it's main purpose is to hide installed software and the activation keys
Distribution: mint 13 main and ubuntu 9 on old laptop
Posts: 12
Original Poster
Rep:
Hi Eddy1, thanks for your advice.
I don't have a virus on a win OS pc, I was just toying with the idea of using a linux app, to find and get rid of a virus on a Win OS PC. should the situation arrise. Booting from a live linux USB. Not sure if it could be done, so I just put the idea out there. I learned a lot from the responses I got.
Just a question though, what is " sfc/scannow ".?
I use ccleaner when running win OS, it is a great program.
Distribution: mint 13 main and ubuntu 9 on old laptop
Posts: 12
Original Poster
Rep:
Hi Eddy1, thanks so much, will look at those links to be prepared for future problems, if not on my, then others PC running WIN OS.
I guess I need to google "Hiren's boot CD"
And make one, I usually use CCleaner that is installed. On a win PC for regular cleaning, but I C the power of running virus find and cleaning from live CD or live USB.
That is the best lesson I have learned from all the above. Thee power is in using "live" to boot from for virus find, remove and cleaning.
I guess I need to google "Hiren's boot CD"
And make one, I usually use CCleaner that is installed. On a win PC for regular cleaning, but I C the power of running virus find and cleaning from live CD or live USB.
The tools on hiren's bootcd have an expiration date on them, especially AV.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.