Many windows users, if not all, run into a virus infection once in a while. This is unavoidable when using Microsoft's operating system. Without digressing too much, the fact that Windows is such a popular OS with no controlled software sources makes it easy for viruses and malware to spread. And while there's a plethora of antivirus tools for Windows, sometimes infections (such as certain scareware) can disable the install and/or use of antivirus systems and render your OS unusable until cleared.
In this post, I will show you a surefire method on how to scan for viruses in your Windows OS by using a Linux live CD or a Linux live USB.
- A Linux Live ISO—Some popular choices are Ubuntu, ArchBang, #!, Puppy Linux, Mint and so on. Any live cd/dvd will do.
- A blank DVD/CD or a 1GB or greater capacity USB
- For DVD burning—download IMGBurn
- For USB creation—use unetbootin
- Very basic knowledge of Linux preferred, but not essential
Step 1 Beginning
To begin, it would be a good idea to identify just how usable your Windows install is while infected. If you are able to install IMGBurn or use unet, that's good. Otherwise, use a friend's PC or that of a family member.
Step 1 (A):
If you are using a DVD, run IMGBurn and insert a blank DVD into your DVD tray.
Select "Write image file to disc". Under "Source", select the downloaded Linux ISO image, select "write speed x2". (I found it to be the optimal speed for bootable DVDs. If your DVD supports 4x and not 2x, choose 4.)
Once done, finalize the write and restart your PC.
On most systems, once your BIOS is loading, you need to click either F12 or F9 a couple of times to go into the boot device selection screen. As these are different depending on your motherboard model and BIOS type, I will not attempt to post screen shots of this process, as it is VERY likely what you see will NOT match my SS.
Once inside the boot selection screen, choose CD/DVD drive and press enter.
This will load the Linux bootloader and let you select the instance type. ''Default'' or ''Live'' is usually best.
Step 1 (B):
If using UNETBOOTIN, in the main screen, use ISO Image and browse to where you downloaded your ISO. Select it.
Then at the bottom of the program window, select the letter of the drive which corresponds to where you inserted your USB.
To know which letter it is, go into ''My Computer'' and see which letter is assigned to the USB.
If the USB is not empty, I suggest you give it a quick format and then press "OK".
Once the installation is finished, you can reboot and repeat the steps I described in 1 (A) to boot into the live system via boot device selection.
Step 2 Installing ClamAV
For this exercise, we will be using clamAV, an open source antivirus program designed for use in Linux, Windows, and as a portable AV.
It is completely free and has very good community support.
I will be using two Linux systems for this tutorial: Ubuntu (the most user-friendly Linux distribution on the market—Sorry Matthew! Had to do it for the newbies...) and CrunchBang (my favorite distro at the moment). However, this will work on all systems.
For Ubuntu, press CTRL+ALT+T to bring up your terminal and type in:
sudo apt-get install clamav
This will install the base package for ClamAV, the virus definitions, and a few other dependencies.
Once this is installed, you will notice that there is no GUI for it. Which means that you can only use it from your terminal. Well, we will just have to download a GUI.
Open up firefox or whicever browser is in the live CD and enter/copy/click this URL:
For Ubuntu, select the *.DEB package in the list and download it.
For Linux distros that do not use .DEB (Debian) packages, you will have to install it from the tar.gz zip file.
Once the file is done downloading, execute it and it will be opened by the system's package manager. Install it and you are done!
- When I was installing the CLAMTK GUI, I had an unresolvable dependency issue and could not install the scanner GUI until I installed the "libdate-manip-perl" package. To do this, just go into the package manager and enter "libdate-manip-perl" as a search term, download and install it.
Step 3 Scanning your OS
Once you have installed the scanner GUI, go into your terminal and type in "clamtk" or find the app in your installed applications directory.
Run the scanner and you will be presented with a window which lets you select multiple scanning methods. A single file, a directory and so forth...
For this example we will scan a directory, so select ''Scan directory'' and browse to your Windows OS. (Read below on how to do it).
In my ''run'' I just selected "scan directory" and clicked on the main HDD (shown in the file manager as a 500GB filesystem, meaning this is my main HDD). From there, you will see the familiar—Users folder, in which you can go into your Named folder and to wherever you need the scanner to point.
My example was /users/admin/desktop/mydrive <--- which was a folder with backups of my USB key.
After this, the scanner will do its magic, and if any threats are found it will notify you of what they are and how to dispose of them.
It's that simple!
Step 4 Additional Example on Crunchbang (#!)
Disclaimer: Pardon the ''Pedobear" terminal ASCII. I found it hilarious so I kept it.
Installing clamAV (same syntax - sudo apt-get install clamav):
Downloading ClamTK from sourceforge:
Installing the DEB package:
Running ClamTK (just run the terminal and enter ''clamtk''):
And that's it.
I hope the above article was useful and helped you weed out a nasty infection or two. This is a great method of utilising a scanner without having to actually go into the system itself and clean it that way. It is a good method for a couple of reasons: for one, you will not be held back by any detrimental effects caused by the infection; number two, it's advantageous to using safe mode as some AV scanners do not work very well in Windows safe mode. Some of their drivers do not get loaded properly or at all. Scanning the main OS as if it were a external HDD eliminates these problems.
A few pointers in staying safe on Windows:
- Install a good antivirus system and/or firewall. A good Firewall and AV combo is COMODO, but it's quite needy in terms of instructing your environment and the programs you consider safe. As the engine behind comodo has execution prevention, sandboxing, and many other advanced features, it is not suited for newbie users. Give their free internet security suite a spin to see if you like it. Other AV systems that come highly recommended are NOD32, Kaspersky, Avast!.
- Be wary of programs that you download, and scan all downloads before opening/executing.
- Only download installers/exe's from trusted sources or at least ones that come recommended.
- Do not open email attachments that contain the file extension ".exe".
- Use common sense—if you do not know what an executable (.exe) does, do NOT run it.
If you are unsure, google the file in question and see if other users have come across the file and check up on their experiences. This goes for viruses as well. If you have an infection, google it to find info on it, you are likely to stumble upon a solution.
And lastly, if you somehow managed to catch something so horrible no method of removal works, reinstall your Windows and be more careful next time.
Hope this guide helps you.
Start your White-Hat Hacker journey with Null Byte's Beginner's Guide to Mastering Linux eBook.