Ubuntu Rescue Remix + Clamscan
so you've got a PC with more viruses than a porno shop door handle and none of the free removal tools are finding anything but you can still tell there is something on there... well, you should probably consider re-installing ASAP, but in the meantime, here's a way to get rid of some of your e-worms...
step 1:
download ubuntu rescue remix
step 2:
burn the CD
step 3:
boot it up and let's get to work!
first you want to make sure that your network cable is plugged in so you can get the virus definition updates. sometimes you have to restart networking:
sudo /etc/init.d/networking restart
now you can update clamav's database:
sudo freshclam
now mount your hard drive: (typically, /dev/sda2 or /dev/sda1)
mkdir c
sudo mount /dev/sda2 c
cd c
ls
you should see your C: drive, if you don't, 'cd .. ; sudo umount c' and try another device. 'dmesg | less' can be useful in determining where linux is finding your hard drive and partitions.
now you can start scanning. i recommend saving your results to a logfile so that it can save you some time later. i typically do a preliminary scan without removing anything first:
clamscan -r -i -l scan-results.txt .
now we have a file with the results that we can process with some nifty sed scripts to create a file list to feed back to clamscan after looking it over and making sure that nothing in there is a false positive:
sed '1,3d' scan-results.txt | sed 's/:.*//' | sed '/./!Q' > file-list.txt
clamscan --remove -r -i -l second-scan-results.txt -f file-list.txt
and that's about it. have fun!
step 1:
download ubuntu rescue remix
step 2:
burn the CD
step 3:
boot it up and let's get to work!
first you want to make sure that your network cable is plugged in so you can get the virus definition updates. sometimes you have to restart networking:
sudo /etc/init.d/networking restart
now you can update clamav's database:
sudo freshclam
now mount your hard drive: (typically, /dev/sda2 or /dev/sda1)
mkdir c
sudo mount /dev/sda2 c
cd c
ls
you should see your C: drive, if you don't, 'cd .. ; sudo umount c' and try another device. 'dmesg | less' can be useful in determining where linux is finding your hard drive and partitions.
now you can start scanning. i recommend saving your results to a logfile so that it can save you some time later. i typically do a preliminary scan without removing anything first:
clamscan -r -i -l scan-results.txt .
now we have a file with the results that we can process with some nifty sed scripts to create a file list to feed back to clamscan after looking it over and making sure that nothing in there is a false positive:
sed '1,3d' scan-results.txt | sed 's/:.*//' | sed '/./!Q' > file-list.txt
clamscan --remove -r -i -l second-scan-results.txt -f file-list.txt
and that's about it. have fun!