How to Cure Windows Viruses using Linux

Official Ubuntu circle with wordmark. Replace ...

Image via Wikipedia

I have had several people ask how to install Ubuntu and use it to run additional virus checks from outside of Windows, and so I am including the instructions here.

This procedure will enable to you install Ubuntu alongside Windows, providing the following benefits from a ‘safety’ standpoint:

  1. Some viruses are great at hiding from Windows programs so I periodically boot into Linux and run a virus scan of the entire disk from there. It is not uncommon for the Ubuntu scan to find programs that Windows scanners have missed.
  2. Should the Windows system become unusable, I can still boot into Ubuntu, access my files, and run a virus scanner from outside of Windows.
  3. Some viruses are smart and protect themselves – e.g. they will install multiple versions that check each other and, should one die, immediately reinstate it.  They can’t do that if they never start in the first place.

Note: The instructions below enable you to set up your machine as a dual boot device.  However if the unthinkable has already happened and your Windows PC is already infected then a simpler option is to create a bootable Linux virus scanner.  AVG kindly provides the necessary disk image which can be found here and will allow you to create either a bootable CD or USB drive.  As with the dual-boot option below, this runs in a Linux environment and should therefore be immune to whatever nasty things have infected your Windows environment.

Ubuntu?  What’s that?

For those not familiar with it, Ubuntu is the most popular version of Linux available today.  It comes in several varieties (desktop, notebook, and server being the primary ones).  Ubuntu has a very ‘windows like’ graphical interface (except server), comes pre-packaged with software such as LibreOffice (which is Microsoft office compatible complete office suite) and is, of course, completely free.

Part 1 – Installing Ubuntu

There are several ways to install Ubuntu.  I am going to assume that most people have Windows and would like to install it alongside their current windows operating system with the choice of which operating system to run appearing at boot time.  I have personally installed it alongside Windows 7 and windows Vista, and I’m told it will happily work with Windows XP.

Important note:  Before you start, please take a backup of your system and make sure that you have Windows boot disk available.  I have not seen it wreck anything yet, but I would hate someone to send me an email describing how they lost everything.

There are instructions on the Ubuntu web site for installing Ubuntu alongside Windows, including the necessary download links to Wubi (the windows Ubuntu installer).

Note:  as of writing there is a bug in the current version of Wubi and, sometimes, it will tell you that a disk is missing and give you the option to Try Again, Cancel or Continue.  Apparently this is something to do with extra disks (e.g. USB drives) being attached and is very annoying because it won’t go away.  However the solution is very simple – just hit continue many, many times (about 30 or so) and the program will continue and work fine (sic).

If presented with the option to do a Demo and full installation or Install inside Windows, select the Install inside Windows option.

You should then be asked which drive to install to (assuming C:) how much disk space to allocate (you should select at least 5gb), and you will need to select a user id and a password.  Passwords are used a lot in Ubuntu for admin functions, so make sure it is something you can easily remember and do not leave it blank.

The install will start and, after a while, you will be asked to reboot.  Once you reboot you should be given the option to boot into Windows (which will occur automatically if you do nothing) or Ubuntu.  Select Ubuntu and the installation of Ubuntu will continue.  Once complete you will be able to boot into either operating system.

Extra notes:

– If you are using a laptop and Ubuntu doesn’t have a driver for your wi-fi card then try connecting to a wired LAN and running a system update (System –> Administration –> Update Manager).  That sometimes solves the issue.  If not then you will have to install a program called ndiswrapper and use that to install your driver (quite easy to do).

– I always run the update mentioned above anyway to make sure that I have the most up to date software.

Part 2 – Running your virus scan.

To run a full virus scan from Ubuntu you will need to boot into Ubuntu and install two programs.  By default Ubuntu does not come with any Virus scanning software installed (which I think personally smacks of hubris).  To do this do the following.

– System –> Administration –> Synaptic Package Manager

– Search for ClamAV and mark that for installation by checking the box.  It will automatically add other software needed to support that.  ClamAV is the virus scanning software.

– Search for ClamTK and mark that for installation by checking the box.  It will automatically add other software needed to support that.  ClamTK is the Graphical User Interface for the scanning software.

– Click on the Apply button and wait for the software to install.

To run the scan:

Applications –> Virus Scanner

The first time you run it, it will probably tell you that the virus definitions are out of date.  Let it sit for a while, close the program and then open it again and you should find they are OK now (it updates when you run it).

Scan –> Recursive scan

Select the File System disk and click OK.  The scan will start but it will take several minutes for any information to be displayed in the scanner software.

The full scan will take a long time, depending on the size of your disk.  If any viruses are found they will be displayed at the end as a list and you can right-click on each file to choose an action.

Advertisements

14 responses to “How to Cure Windows Viruses using Linux

  1. Pingback: Virus Scanners and Snake Oil | Houldsworth's Random Ramblings

  2. Pingback: Quora

  3. joey

    I am surprised you mention clam av? That scanner is not very effective and is also very confusing to use. it is much better to boot into ubuntu, open firefox, google avast linux, download and install it and run the scan after mounting the windows drive. There is no comparison between clam and avast…avast is much better.

    • Thanks for the comment.

      I mention ClamAV because it comes as part of Ubuntu – or at least is the suggested AV in their included repository.

      However, I would agree with you that Avast is better, particularly in the usability area.

      But…now I tend to suggest people use AVG Rescue CD http://www.avg.com/us-en/avg-rescue-cd

      No complication of having dual boot and you can use it after the PC has been infected – as long as you have access to another PC to create the boot device.

  4. Todd

    I am a newer Linux user still learning how to navigate the os really, but i have fooled around a few years ago on a couple different systems. I have a question for you Barry. Are you familiar with backtrack linux? I started to learn that system but it is clearly using some advanced networking / security programs that mainly i had and probably still have no idea how to use. When i get comfortable with operating within a linux environment, to my understanding you can use any program as long as its compatible with the kernel? so i could install all the backtrack tools into ubuntu? could you talk about that a little or do you have any suggestions on where i can learn about that sort of thing?

  5. I am worryed allthough I have Avast for my Toshiba laptop widows vista I feel something got through because I don’t have the full paid version with all the extras. And I can’t afford right now the cost of the extras so that is why I beleave my defenses were breached in some way. I am very uneasy about this I ran a full scan and a quick scan and it seems it’s o.k. but my gut feeling tells me something is very wrong. When I downloaded clamav I got this…
    Archive: /tmp/ClamAVSetup.exe
    [/tmp/ClamAVSetup.exe]
    End-of-central-directory signature not found. Either this file is not
    a zipfile, or it constitutes one disk of a multi-part archive. In the
    latter case the central directory and zipfile comment will be found on
    the last disk(s) of this archive.
    zipinfo: cannot find zipfile directory in one of /tmp/ClamAVSetup.exe or
    /tmp/ClamAVSetup.exe.zip, and cannot find /tmp/ClamAVSetup.exe.ZIP, period.
    Please help me I don’t know how to solve this can anyone send orders in those blue letters so my computer will do the right thing and this dead end is solved thank you for a prompt answer I await eagerly the way to stop this sick vandals that hurt inocents. Yours truely “Thunder Angel”
    P.D. I got a u3 system.

  6. Gee Wizz! Every thing was working fine I did all you recomended and I got this..
    org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
    Tell me I am not doomed? please
    I saw when I press run it started to blink all off a sudden I had to issue a few orders for it to continue and then bang. I got this I feel like running it again. Anyway where do I go from here?
    About your question Boot Package Maneger??? I don’t know I don’t think so. Thanks Again “Thunder Angel”

  7. Sorry about that Barry:
    It is hard to put it down all in perspective but yes I am running windows vista. I wrote down on a scribble pad as I got the bad thing. I make left click on u3 system icon on left bottom then I get 3 choices #1-Autorun.inf #2- Launchpad.zip #3- Launchu3.exe
    I then make double click on the first I then get a white box with coded orders I double left click on open then I get this crazy yellow and red box containing crazy gibberish somthing like zeros and ones but not exactly the program reads this and after a few blinks and the line cursor reaches the end. I get this message…
    There was a problem opening the file /media/u3 system/ launch u3.exe.
    The file you opened has some invalid characters if you continue editing this file you could corrupt this document.
    You can also choose another character encoding and try again.
    current local(utf-8)
    western(iso-8859-15)
    I don’t think I am running the clamav I fear or am I? I think I am the dumbest creature in the face of this earth when it comes to understanding Ubuntu. Man what a bummer! I don’t think I can make it off first base. You know the blue code order you sent me helped me alot. I don’t know if it’s o.k. but if this won’t help you can call me at 939-260-1677 maybe over the phone we can make ends meet in this hard start for me if you permit send me your u.s. number through my e-mail if you can’t reach me and tell me at what time I can call you. You can try my cel # from 9 AM or 6PM- 8PM that is usually when I am hooked up.

  8. Well here I am again I would like to mention that I had a situation that my computer was too darn slow and had other issues. So I had to pass all my important files into a separate system a little black box I bought at Costco that stores data I then did the painfull task of placing a disk that erases all and then after this I used the master 2 disk that came with my Toshiba to convert my laptop like if new. I then installed and chose Avast free version for my protection. The last thing I did was install Ubuntu through a disk that had a older version and made an upgrade through internet. So I really don’t know if I should go for the blue instructions you sent me. Or would you really recommend it? The last thing I installed on the windows system was Skype it went through charming but I still feel uneasy as if I got a fake Skype that went through my defenses or if it was something else. It is very inportant I get this so called clam Av running it sounds very amusing and can save my peace of mind. But I still can’t figure out what in tarnations I get this response when I do the process to run Clam Av. Unless I am doing the running process wrong. Is there any way I can type live chat with you so you can guide me through my trouble shooting? Never the less I am fondly apreciated with your time and effort to help this motor coordinated handicap stranger. Thanks a billion for the extra mile given so far to me. Ralph “TA”

    • Ralph
      Apologies for the delay – life is pretty hectic at the moment and not going to get any easier in the near future.

      Let me make sure I have this correct. You backed up, formatted the hard drive, re-installed Windows using your original disks, then installed Avast on Windows, then Skype on Windows, and finally installed Ubuntu and ClamAV and are having trouble running that but the rest of the PC seems to be working fine when using Windows. Correct?

      Based on that I would assume that:
      a) As long as you went to skype.com (and not some other site) for your skype download then you should be fine
      b) There should be no need to re-install Ubuntu

      Here is some additional information on how to install and run ClamAV: https://help.ubuntu.com/community/ClamAV

      There are also other free AV programs that are available which can be found using the link below if you wanted to try something that has a better user interface since ClamAV isn’t particularly user friendly.
      https://help.ubuntu.com/community/Antivirus

      Since I run a business providing technical support I really can’t spend time trouble shooting with you without charging – it wouldn’t be fair to my paying clients. If you wanted to set up some time for me to provide this I’d be more than happy to help but i suspect careful reading of the pages that I provided will enable you to get by without spending you hard earned cash.

      Thks

Your thoughts?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s