Page 1 of 1

Bootable antivirus

Posted: Wed Dec 02, 2009 3:23 pm
by daemon
What antivirus company makes a boot disk capable of scanning servers? Or does it matter?

Posted: Fri Dec 04, 2009 2:01 pm
by HeRetiK
I'd try a Linux Live CD coming with pre-installed Antivirus Software, such as Ubuntu CE

Ok, here is what I did to scan my Windows PC with a Ubuntu CE Live CD. I wrote it out in a way that you can take it and include it in directions or something like that if you would like. Modify it if you see anything that needs changing. Really nice benefit to Ubuntu CE.

1. Boot into Ubuntu CE (I used dapper because that is the disk I had handy, I'm about 90% sure Edgy would be the same, and a little better because the ClamAv Engine will be more up-to-date)

2. Open Terminal type paste sudo fdisk -l This will let you know what partitions are there.
Note: If you have more than one partition you want to scan then you are going to need to make 2 or three directories, depending on what you want to scan.

3. Now in the terminal sudo mkdir /media/sda2 You can really use whatever you want for the sda2 part. I always like to use the hard drive name. Anything red from here on out you may need to adjust.

4. Next in the good old terminalsudo mount /dev/sda2 /media/sda2 this is all I did and it mounted my NTFS partition. Note: Also if you have more than one, you will need to mount them all.
Note: If the Live CD didn't automatically detect and setup your Network connection, you will need to make sure it works before updating ClamAv. It set mine up for DHCP, which my network doesn't like, so I went and placed the IP address in to make it work better.

5. Now we need to update ClamAv with the latest virus info. Again in the terminalsudo freshclam -v the -v is the verbose mode, I like to know what is going on.

6. Now we are going to scan the drive or drives. I don't trust ClamAv to just go ripping files out of where they belong, so we are just going to log all the info, and you will need to go back and manually remove anything that doesn't belong. Again in the good old terminalsudo clamscan -rvi --no-mail -l /home/ubuntu/Desktop/clamav.log /media/sda1 Some of the options you can adjust as you prefer. If in doubt type man clamscan and check out the options. Here are the ones that I use:
r - Recursive
v - Verbose (again because I like to know what it is doing)
i - only log the infected files
--no-mail - should keep you out of the mail boxes to avoid messing up your mail client
-l - is the log file and tells it where to log it to, ours logs it on the Desktop for easy retreival

7. Ok, I let mine run all night long, and was still going, so save ample amount of time to run this (of course it depends on the speed of the machine, and the size of the partition being scanned.) Now open the log file and you can see what was labeled as a virus, or problematic file. If you see anything that you think is a real virus you can go and delete it in the terminal using the sudo rm /path/to/the/virus/VirusName Use this at your own risk, it is not reversible be very careful removing files. Mine turned up three false positives two were large zip files that were too large to be scanned, and one is an old Win 98 program that I'm sure is not problematic. It didn't call them viruses, but did give some warning about them. If you have an over abundance of viruses you probably need to completely re-format your computer and your MBR to overwrite any viruses. Backup any data that is not virus infected and re-install your OS.

There's also Knoppix STD

However I'm afraid both solutions will require a little bit of knowledge on using the unix shell.

Posted: Mon Dec 07, 2009 2:41 pm
by daemon
Thanks hery, but I think I'm just going to have to reformat. Bleh.

Stupid conficker c.

Posted: Thu Jan 07, 2010 1:44 pm
by stephenxanders
Boot disk to check the virus? oh that would be awesome to have.. But anyway, even if there's such like that, it will still not fix the computer.. You will always end up reformatting because files had been corrupted even if the virus is detected :-)

Posted: Sat Mar 27, 2010 6:14 pm
by Azgarth
can someone remove this spammer?