Scan a Windows drive for viruses using Linux
Recently I came into a client who had a Windows XP machine that contained a nasty little virus that rendered the machine nearly unusable. When the machine would boot the CPU was pegging out at 100%, causing the GUI to be nearly unresponsive.
I attempted to run AVG, Avast, Malwarebytes - but all for naught. The machine was so slow it seemed as if installing a simple anti-virus tool was going to take me an entire 40 hour work week. So I opted for a different approach. Instead of allowing Windows to boot, I decided it was time take advantage of my good old friend, Linux! That's right, Linux can scan a Windows machine for viruses, and it does it quite well. And in this article I am going to show you a quick way to achieve this.
What you need
Amidst all the simplicity you will enjoy with the Linux scanning, there are a few things you will need. First you need to remove that drive from the Windows machine. That's right, we're going to attach it to the Linux machine and do a scan of this now "external" drive. I prefer to use a tool that allows me to attach the drive such that the drive is attached to the machine via USB.
You will also want to have a modern instance of Linux up and running. The machine can already be on. In fact, it's better if it is.
You will also need to install an anti-virus on Linux. http://www.f-prot.com/download/home_user/ is an outstanding choice.
The "how to"
The first thing you need to do is connect the infected drive to the Linux machine. Depending upon your distribution, an icon should appear on your desktop. If it does, double click that icon so to ensure the drive mounts. Now check to where that drive mounted (most likely in /media). What you will now do is use your Linux scanning tool to scan that mounted drive.
Let's say you are using F-Prot. To run this scan you would issue the command:
fpscan --disinfect /media/DISK
Where DISK is the mount point of your disk.
This will scan that drive and disinfect it. Understand that if one scanner doesn't locate the infected files you might want to run a different scan. You can use ClamAV for email-based viruses (Check out my article "Scan your Linux machine for viruses with ClamTK" for using a GUI front end for ClamAV). NOTE: I will be doing an article on installing and using Avira Antivir on Linux this week.
Hopefully one of your anti-virus tools will have caught the culprit and either quarantined or removed the virus. Once you are done with the scan, make sure you unmount the "external" drive before you remove the hardware.
After the hard drive is off the Linux machine, re-install it to the Windows machine, and boot up. Hopefully you are good to go.
You probably never thought you would need any anti-virus on a Linux machine. Well, if your Windows machine has become unusable you have found the perfect use for such a combination. And remember, if you are using Linux for your mail server, you should certainly have anti-virus installed.Advertisement