How to Remove Windows Viruses with Linux

Viruses. They happen to almost everyone. If they don’t happen to you, it’ll be your cousin Stan who get joins the malware-of-the-month club, and you’re the only person he knows who can fix a computer. The problem is, things are so screwed up that Windows won’t even start properly. And if it does, the virus has embedded itself so deeply that you can’t access the files and tools you’d need to remove it. Enter Linux. By booting from a Linux Live CD or USB, you can remove the offending programs manually or with a Linux-based anti-virus program. This guide will cover creation of a bootable USB Linux system as well as a comparison of the antivirus software options.

Choosing a Linux Distro

There are a few criteria to look at when deciding exactly which to go with. We’ll want something fairly small, runs well from USB, auto-detects local hard drives, and able to work with a persistence file so we can save our new programs and updates directly to the USB stick.

I’d recommend Crunchbang Linux. It meets all of the above criteria, it’s Ubuntu-based, and it’s just a very slick distro that would work well for this purpose. Also, whichever distro you decide, choose the 32 bit option. Your computer may be 64-bit ready but Cousin Stan’s might not, and we need this software to be as portable as possible.

Installing Linux to USB

This is a topic we’ve covered before at MakeTechEasier, both for Windows with Lili USB Creator and Linux with UNetbootin.

Of the two, I’d actually recommend Lili, the Windows software, to create your USB stick. Lili makes it easy to create a persistence file so your changes can be saved on the USB stick so you won’t have to reinstall and update your AV every time you use it.

Linux Antivirus Software

A number of commercial and independent AV vendors make Linux versions, with various amounts of hassle and levels of functionality. A few of the more well known ones include…

NameLicenseRegistration RequiredScanRepair
AVGClosedNoYesNo
AvastClosedYesYesYes
PandaClosedYesYesYes
ClamAVOpenNoYesYes

We’ll be using Clam Antivirus because it’s the simplest install, requires no registration, and does an excellent job of detecting and removing infected files. It should be available for download for just about any Linux system from the Clam website or your distro’s online repositories. Ubuntu users can also install it by clicking here.

Running the Scan

For starters, you’ll want to run an update once Clam is installed so that our scan will have the newest virus definitions. To do this, open a command prompt and run

While there is a GUI called Clamtk available for download, we’ll be using the command line interface. This is because Clamtk lacks some of the configuration options that we’ll be passing to the antivirus.

To run the scan we’ll need to know a few things. First is the location that you intend to scan. If you’re scanning a Windows drive from a live Linux system as intended, you can find this by clicking that drive from the left pane of your file browser and looking at the path shown in the address bar.

linuxantivirus-drivelocation

Then we’ve got a few options we may want to pass to Clam regarding how to perform the scan. Some options worth considering are:

So when you’re ready, your full command will look something like this:

When all’s said and done, you’ll get a fairly detailed report.

linuxantivirus-scansummary

If all went well, you’re set until next time Stan clicks a popup.

21 comments

    • Just use –exclude multiple times like this:

      clamscan -r –exclude=.avi –exclude=.mp4 –remove=yes /media/disk

      • thanks a lot Diaspara.

        Back to the remove/repair discussion I see that most of the time even windows antivirus can’t heal files but just remove them.

  1. I wouldn’t call ClamAV’s ‘remove’ option a ‘repair’. Using it you could easily render a Windows box unbootable. Most (all?) commercial antivirus software can actually repair normal files that are infected by a virus. I really like ClamAV for email scanning on gateways but not for cleaning up an infected Windows box.

  2. Or how about not using Windows at all? It is and will always be riddled with security holes, viruses, and spyware. You can always run Linux with a Windows virtual machine which is an ideal setup because you get the best of both worlds. You could do the opposite and run Windows with a Linux VM however Linux is a better platform since it’s not as bloated.

  3. Apexwm, while you are right that Windows is more vulnerable to malware/virii than UNIX/Linux, that does not mean that UNIX/Linux is also not equally vulnerable to attacks, sometimes even successful ones like the most recent botnet attack that happened about a month ago (widely reported). Security starts and ends with the user and his/her personal habits. Yes, even on Linux, a user with horrible security habits is just as much at risk of being exploited, albiet the carnage to their system is much more contained, the damage to them personally is equal, such as with identity theft. Also, consider distros like PuppyLinux that run users default as root. In such case, the damage to a Linux system could be catastrophic.

    • A long time I ago you wrote :))

      I’d agree in general that all systems are vulnerable to various degrees. However, Linux is far less vulnerable than the others. I also agree that no system is idiot proof :))

      The issue with PuppyLinux is only a concern if you install the OS to a hard drive and then continue to run as root all the time. PuppyLinux is a a ‘live’ distro meant to be run from the CD/DVD. When turned off anything you have downloaded or altered is automatically destroyed unless you direct it to be saved to the hard drive.

      Given most live CDs are meant purely for temporary use only and for everything to be deleted after use, PuppyLinux and similar are much safer than most anything out there. Even the US military see live CD Linux operating systems this way:

       http://spi.dod.mil/lipose.htm

  4. Apexwm, while you are right that Windows is more vulnerable to malware/virii than UNIX/Linux, that does not mean that UNIX/Linux is also not equally vulnerable to attacks, sometimes even successful ones like the most recent botnet attack that happened about a month ago (widely reported). Security starts and ends with the user and his/her personal habits. Yes, even on Linux, a user with horrible security habits is just as much at risk of being exploited, albiet the carnage to their system is much more contained, the damage to them personally is equal, such as with identity theft. Also, consider distros like PuppyLinux that run users default as root. In such case, the damage to a Linux system could be catastrophic.

  5. my problem is that i got a virus in my computer and it s a trojan.. and i dont know how to remove it.. and i dont want to lose my data.. is there a solution for it

  6. the virus has blocked mostly all my application and running down out of memory every times.. help me to get it out.. the main option is that i dont want to lose my data..

  7. Or once you get it booted, one of the online cloud based things, cuz you’re going to need something other than AVG or Avast for spyware.

  8. I would recommend clamwin for a windows av it works really well and is the windows version of clamav

    • The problem I’ve had with ClamWin (and this was a while ago, perhaps it’s changed now) was that it couldn’t do real-time live scanning. ie you had to do manual or scheduled scans to detect anything, it wouldn’t recognize a new threat as it entered the system.

Comments are closed.

Sponsored Stories