How to Remove Windows Viruses with Linux

Viruses. They happen to almost everyone. If they don’t happen to you, it’ll be your cousin Stan who get joins the malware-of-the-month club, and you’re the only person he knows who can fix a computer. The problem is, things are so screwed up that Windows won’t even start properly. And if it does, the virus has embedded itself so deeply that you can’t access the files and tools you’d need to remove it. Enter Linux. By booting from a Linux Live CD or USB, you can remove the offending programs manually or with a Linux-based anti-virus program. This guide will cover creation of a bootable USB Linux system as well as a comparison of the antivirus software options.

Choosing a Linux Distro

There are a few criteria to look at when deciding exactly which to go with. We’ll want something fairly small, runs well from USB, auto-detects local hard drives, and able to work with a persistence file so we can save our new programs and updates directly to the USB stick.

I’d recommend Crunchbang Linux. It meets all of the above criteria, it’s Ubuntu-based, and it’s just a very slick distro that would work well for this purpose. Also, whichever distro you decide, choose the 32 bit option. Your computer may be 64-bit ready but Cousin Stan’s might not, and we need this software to be as portable as possible.

Installing Linux to USB

Of the two, I’d actually recommend Lili, the Windows software, to create your USB stick. Lili makes it easy to create a persistence file so your changes can be saved on the USB stick so you won’t have to reinstall and update your AV every time you use it.

Linux Antivirus Software

A number of commercial and independent AV vendors make Linux versions, with various amounts of hassle and levels of functionality. A few of the more well known ones include…

NameLicenseRegistration RequiredScanRepair

We’ll be using Clam Antivirus because it’s the simplest install, requires no registration, and does an excellent job of detecting and removing infected files. It should be available for download for just about any Linux system from the Clam website or your distro’s online repositories. Ubuntu users can also install it by clicking here.

Running the Scan

For starters, you’ll want to run an update once Clam is installed so that our scan will have the newest virus definitions. To do this, open a command prompt and run

sudo freshclam

While there is a GUI called Clamtk available for download, we’ll be using the command line interface. This is because Clamtk lacks some of the configuration options that we’ll be passing to the antivirus.

To run the scan we’ll need to know a few things. First is the location that you intend to scan. If you’re scanning a Windows drive from a live Linux system as intended, you can find this by clicking that drive from the left pane of your file browser and looking at the path shown in the address bar.


Then we’ve got a few options we may want to pass to Clam regarding how to perform the scan. Some options worth considering are:

-r                   #perform recursive scan - good for a whole drive
--exclude=.mp3       #set exclusion pattern to skip things like music and videos
--scan-mail=yes/no   #include mail files in system scan
--remove=yes/no      #delete infected files, yes or no.  Careful with this.

So when you’re ready, your full command will look something like this:

clamscan -r --exclude=.avi --remove=yes /media/disk

When all’s said and done, you’ll get a fairly detailed report.


If all went well, you’re set until next time Stan clicks a popup.

Joshua Price

Josh Price is a senior MakeTechEasier writer and owner of Rain Dog Software

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox