How to remove virus in windows with ubuntu

Install ClamAV

sudo apt-get install clamav

Update Virus definitions

sudo freshclam  

Find Windows Partition – You want the partition that is NTFS – That’s the root windows partition – /dev/sda2 in this case

sudo fdisk -l 

Disk /dev/sda: 160.0 GB, 160000000000 bytes
255 heads, 63 sectors/track, 19452 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x41ab2316

Device Boot Start End Blocks Id System
/dev/sda1 1 5 40131 de Dell Utility
/dev/sda2 * 6 19046 152946832+ 7 HPFS/NTFS
/dev/sda3 19047 19452 3261195 db CP/M / CTOS / …

Mount the windows Partition

sudo mkdir /media/windows
sudo mount /dev/sda2 /media/windows

Make a Quarantine

mkdir /tmp/virus

Run scan (takes a while)

sudo clamscan -v -r --bell --move /tmp/virus --log /tmp/virus.log /media/windows

The switches do the following:

-v: verbose – Print out lots of info
-r: recursive – Check ALL files and directories
–bell: bell – Make a noise when a virus is found
–move: Move the viruses to /tmp/virus/
–log: Save a log of all files to /tmp/virus.log
/media/windows: The directory to scan (The mounted Windows partitoin)

It should move all infected files to your /tmp – You can browse through and see if any should be kept – but you may just want to delete them all!

sudo rm -r /tmp/virus

For those who are lazy

You can just download this script and run it as root – It will install ClamAV, mount the windows partition, and scan all files. It will ask you at the end which files to delete.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s