Earlier today, I noticed that Windows Defender was acting up. It was disabled and, once re-enabled and tasked with a quick scan, it would error out with some Windows License Expired error code or something.
Since that's nonsense, I think that the best thing I can do is shut Windows down and run a virus scan from a clean copy of Linux.
How can I go about to sanely do that?
Here's a low-sanity approach that has the advantage of not installing resident protection on Linux in the process:
Install clamav
from whatever software packaging solution your distribution uses. For Ubuntu:
apt-get install clamav
Mount and locate the Windows partition. If you use Ubuntu, open the Home folder and pick the relevant partition from the Devices list. From the Go menu, pick Location. The address bar turns into an editable field. Copy the contents of this field into the clipboard.
Open two windows of the terminal (yes - don't worry).
In one, type cd
, paste in the mount point (right click, paste or ctrl-shift-v), hit enter. When that's done, run this:
clamscan -ir .
-r
instructs clamscan to search subdirectories. -i
instructs clamscan not to drown the seven lines about infected files into four hundred thousand lines about OK files (happens).
However, that gives you no progress information, so let's fix that.
In the latter console window, or in a new tab, or something, paste in the following incantation in order to see what file is currently being scanned:
watch "lsof -Fn -p `pidof clamscan` | grep ^n\/[^tpdul] | cut -c1 --complement | tail -n1"
WTF is that? Basically: watch
tells the system to run the command in quotes every few seconds. The command in quotes is split by the |
s in a few parts. The first gets us the list of files clamscan
has opened and a few other things. The second cuts the other things out (including irrelevant files in /tmp
, /proc
, /dev
, /usr
, /lib
). The third cleans up. The fourth only shows you the file opened the latest. Don't worry about it too much.
Take the results with a grain of salt. ClamAV seems to prefer reporting infections when in doubt. virscan.org is a thing that exists.
Google the name of the viruses and take action.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments