Rescue that infected Windows machine with Trinity Rescue
Sticking with our current theme ofÂ rescuing, we will now focus our magnifying glass another another useful Linux tool - Trinity Rescue Kit.TRK is another live Linux distribution, but with a different spin. Instead of being a live CD who's purpose is to do just about everything, Trinity wants to really only do two things: Recover data and remove viruses. But it's the latter task that really sets this apart. You will find most live Linux distributions tend to neglect antivirus. Sure you could take an existing live distribution and add an antivirus package to it. But why bother when TRK already has numerous antivirus tools ready for work.
In this article I will introduce you to Trinity Rescue Kit and how you can use it to scan an infected Windows machine and remove dastardly viruses.
The first step is to download TRK and burn it onto a disk. If you are unsure how to do this let's walk through the process.Download an iso image of TRK from the TRK download page (make sure you scroll down to one of the four mirrors and download from their). Once you have the iso downloaded you only need open up a tool like K3B and burn the image (check out my article "Burn CD and DVD ISO images with K3B" for more information). You could also put this image on a USB drive to easier portability. The easiest way to do that is to use Unetbootin (see my article "Install Linux on a USB drive with Unetbootin" for more information).
With your CD or your USB drive in hand it's time to march over to that infected machine and get to work.
The first thing to do is stick the CD or the USB drive in the machine and reboot. If your machine is not set to boot from either the CD or USB you will want to enter the boot menu of the machine and select either device (depending on which you are using). With TRK you can just let the boot process happen - there is no interaction necessary. Eventually you will wind up at a root prompt. There is no GUI to mention here. TRK is all command line goodness. But never fear, the commands are not too terribly challenging. In fact, to rescue a machine from virus infection there is really only a couple of commands you need to issue.
Mounting the drives
The first thing you have to do is mount the drives on the machine. TRK has a very simple command for that. At the command prompt enter:
Which will mount all of your drives in read/write mode. This is necessary in order to rid the machine of any infection. You will want to see where all of your drives have been mounted. Take a look in the / directory with the command ls /. You should listings like /hda1, /hda2, /hda3, etc. These are your mounted drives that you will want to scan.
Now, with the drives mounted, it's time to scan. This is done with the following command:
virusscan -a clam,bde,va -d /MOUNTED_DRIVE
Where MOUNTED_DRIVE is the drive to scan. You can scan multiple drives by separating them with commas like so:
virusscan -a clam,bde,va -d /hda1,/hda2,/hda3
In the above command clam is for ClamAV, bde is for BitDefender, and va is for Vexira Antivirus. Yes you can scan with multiple antivirus engines, but know that the more engines you use the longer the scan will take.
Once the scan is done you will have a report on what the scan process found and what action was taken.
Trinity Rescue Kit is an outstanding tool to place in your toolbox for disinfecting machines. Get to know it and start using it, you won't regret the time spent.Advertisement