Cleaning windows viruses from linux

In a dual-boot system, does anyone have experience dealing with viruses that hit windows from linux? (disambiguation note: dealing with them from linux .. )

The C:\ in windows is mounted to /media/disk on linux

Things I'm looking for:

Reading/Editing the Registry
Scanning for viruses and fixing them
Reading/Editing startup programs

hasen

Posted 2009-07-20T16:44:49.087

Reputation: 4 556

The viruses "hit windows from linux" or the "dealing with viruses ... from linux?" – Jared Updike – 2009-07-20T16:56:42.537

1aaah the dangling else problem! edited with disambiguation – hasen – 2009-07-20T17:04:43.220

Answers

Clamav can do this

As noted below, clam is included on a bunch of live CDs and usb bootable Linuxes (TRK) so you can check your windows machine without having to install anything on Windows.

Martin Beckett

Posted 2009-07-20T16:44:49.087

Reputation: 6 073

Does it also scan the registry/startup programs? – Robert Munteanu – 2009-07-20T17:05:06.777

I installed it with synaptic, but where is it? how do I use it? any link for a tutorial? – hasen – 2009-07-20T17:16:17.607

And for those who're not dual booting: ClamAV is also included on Knoppix live cds. – Arjan – 2009-07-20T17:17:27.743

I see docs are here http://www.clamav.net/doc/latest/

– hasen – 2009-07-20T17:43:55.247

This is what I use:

http://www.bitdefender.com/PRODUCT-80-en--BitDefender-Antivirus-Scanner-for-Unices.html

license is free for a year and reneweable, I have been using this for a while now.

Easy to install on Linux partition or Unix partition and easy to scan your mounted C: drive or other media, in addition to other binaries.

ClamAV can do the same but I think for simplicity and just scanning binaries I like how Bitdefender handles this, don't forget you have options on Linux or Unix, you can install both or just opt out and use which ever you think works best for you and your environment.

Registered

Posted 2009-07-20T16:44:49.087

Reputation: 261

Bitdefender has a Rescue Disk that boots into Knoppix and scans from there. You could either try ripping BitDefender from the disk, or just use that..

Dentrasi

Posted 2009-07-20T16:44:49.087

Reputation: 10 115

I tried this about a month ago with both clamav and AVG. I found AVG to be a lot faster, with less false positives. The downside to both of them is that they don't, as far as I know, clean the registry. I gather that it is possible to use a WinPE boot disk to do registry cleaning of an offline Windows install using a normal Windows virus scanning app. There are also various linux tools available to manually hack the Windows registry, but I'm not sure how you would determine what to look for and what to do with it, or if you might risk missing viruses that exist entirely in the registry.

intuited

Posted 2009-07-20T16:44:49.087

Reputation: 2 861

Avira runs on both, and can be installed on linux to clean up windows viruses

alpha1

Posted 2009-07-20T16:44:49.087

Reputation: 1 638

Try Panda's SafeCD. It is an iso which nedds to be burnt onto a CD after download. You can boot from the CD and use it to scan/clean a windows system. The download link is here -> http://research.pandasecurity.com/archive/Panda-SafeCD-3.4.3.5-Released.aspx

cyberchor

Posted 2009-07-20T16:44:49.087

Reputation:

There is TRK. A live providing (from their site):

full read/write and rpm support (since build 333)
easily reset windows passwords (backup and restore option in 3.3)
4 different virusscan products integrated in a single uniform commandline with online update capability (5 in version 3.3)
full ntfs write support thanks to ntfs-3g (all other drivers included as well)
clone NTFS filesystems over the network
wide range of hardware support (kernel 2.6.39.3 and recent kudzu hwdata)
easy script to find all local filesystems
self update capability to include and update all virusscanners
full proxyserver support.
run a samba fileserver (windows like filesharing)
run a ssh server
recovery and undeletion of files with utilities and procedures
recovery of lost partitions
evacuation of dying disks
UTF-8 international character support.
powerful multicast disk cloning utility for any filesystem
2 rootkit detection uitilities (version 3.3).
elaborated documentation (+manpages as of 3.3).
elaborated documentation

Andrea Ambu

Posted 2009-07-20T16:44:49.087

Reputation: 6 670