Install ClamAV
You can read more on How to install and Use clamav on my previous post HERE or you can just install it by:
sudo apt-get install clamav
Update Virus definitions
sudo freshclam
Find Windows Partition – You want the partition that is NTFS – That’s the root windows partition – /dev/sda2 in this case
sudo fdisk -l
Disk /dev/sda: 160.0 GB, 160000000000 bytes
255 heads, 63 sectors/track, 19452 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x41ab2316
Device Boot Start End Blocks Id System
/dev/sda1 1 5 40131 de Dell Utility
/dev/sda2 * 6 19046 152946832+ 7 HPFS/NTFS
/dev/sda3 19047 19452 3261195 db CP/M / CTOS / …
Mount the windows Partition
sudo mkdir /media/windows
sudo mount /dev/sda2 /media/windows
Make a Quarantine
mkdir /tmp/virus
Run scan (takes a while)
sudo clamscan -v -r –bell –move /tmp/virus –log /tmp/virus.log /media/windows
The switches do the following:
-v: verbose – Print out lots of info
-r: recursive – Check ALL files and directories
–bell: bell – Make a noise when a virus is found
–move: Move the viruses to /tmp/virus/
–log: Save a log of all files to /tmp/virus.log
/media/windows: The directory to scan (The mounted Windows partitoin)
It should move all infected files to your /tmp – You can browse through and see if any should be kept – but you may just want to delete them all!
sudo rm -r /tmp/virus
For those who are lazy
You can just download this script and run it as root – It will install ClamAV, mount the windows partition, and scan all files. It will ask you at the end which files to delete.
Related Posts:
If you enjoyed this article, please consider sharing it!
