# Windows Viruses!! (emergency)

## deorozco

My Windows partition is infected with viruses, trojans, spyware ant dont know what more...

That  is FAT, that means that LINUX may access the files....

Is there an antivirus that running from gentoo may clean up the windows system??

Thansk in advance

----------

## UberLord

clamav may help

----------

## Underdone

 *Quote:*   

> Is there an antivirus that running from gentoo may clean up the windows system??

  I think you would be better off using some antivirus while in windows. Unless of course you have some reason not too. If not i would download NOD32, spybot and adaware. Then pray to the gods, ie Microsoft that it works.

----------

## BlueFusion

Use your linux install to get the files you need to salvage from Windows, wipe your Windows partition, and reinstall.  To prevent it from happening again, repeat steps 1 and 2 and disregard step 3  :Wink: 

----------

## pele_smk

Ouch, first off even Microsoft says the only way to recover from a virus is to reformat and reinstall. Take everyone's advice and never turn that darn machine on again. Grab all of your must have files from the drive and then burn it in hell, then take the first step to insuring quality....install Gentoo. Have fun with your predicament.

----------

## madisonicus

Once compromised at the root level, no system is secure.  Grab what you must save.  Reformat.  Reinstall.  Do it right this time though.

----------

## kernelOfTruth

have a look at the free avast! Linux Home Edition:

http://www.avast.com/eng/avast-for-linux-workstation.html

I'm using it here, too, to scan my windows-system for viruses; this software can also be dowloaded for windows, so it's windows-specific & should detect the most known viruses ...

you might also find bitdefender-console interesting (it's in portage)

----------

## i92guboj

If he wanted a preacher he would have gone to the church  :Razz:  Seriously, this person only wanted to know if there is some kind of AV software that can work from linux. Sometimes I notice that, sadly, we are not happy unless the rest of the world thinks the same way than we do.

To the topic: as someone above, I recommend you clamav, it is in portage and so  you should have no problem to install it. You also have klamav, a kde frontend that should be comfortable for you if you are not familiar with the command line. Clamav should not need much setup, the defaults are safe enough. You can however use "rc-update add clamd default" to add clam to the default services at startup, and "/etc/init.d/clamd start" to start it right now. You might want to run "freshclam" as root to make sure you have the latest updates to the virii database. Then, emerge klamav, I am positive that you will be able to work with that frontend like you would do with any Windows AV.

Notice, though, that there is no way to know if something is going to be damaged thru this operation. Clamav is not windows specific, and it might remove or modify a vital system file without any notification (I don't really know, but that is a possibility), so, there is a possibility that you will have to reinstall. In the future a advice you to run something like spybot and some resident av software in  your windows box. Or, alternatively, use a linux or bsd box as a gateway, running clamav on it. That will make harder for all that crap to reach your windows box. But that is another story. 

Regards.

----------

## madisonicus

 *6thpink wrote:*   

> If he wanted a preacher he would have gone to the church  Seriously, this person only wanted to know if there is some kind of AV software that can work from linux. Sometimes I notice that, sadly, we are not happy unless the rest of the world thinks the same way than we do.

 

Unfortunately, all the virus scanners in the world aren't going to help if someone has a rootkitted system or continues with the same activities that caused the original compromise.

Virus scanners are nice, but totally historical--they only check for known vectors.  For an idea of how effective they are, Joanna Rutkowska (designer of the blue pill) doesn't even use any virus scanning software.  The popular virus detection software has a miss rate of 80%... I.e., they miss 80% of malware.

Anti-virus software like ClamAV may be ok for helping prevent a compromise (although, again, changing behavior, rather than software is the real solution) and essential for mail servers, but since even virus checking software can be compromised by a virus or someone with root-level access to your system, they're not much good for an already compromised machine.  Since most Windows boxes are run as admin without a password, literally any file could be compromised in any way.

My point wasn't evangelization, but to point out that it is ineffective (and irresponsible) to wait until an installation (Windows or otherwise) has been stuffed full of malware/keyloggers and adopted into a spambot/DoS/password-cracking network to try to fix things.

My advice, again, is to grab what you absolutely must have from your old computer (nothing executable).  Scan those files.  Then, reinstall Windows.  Keep in mind that Windows survives being attached to the internet about 10 minutes before it's been attacked and compromised (Google that for multiple demonstrations).  Not just probed, or whatever, but attacked and compromised.  Watching my WAN firewall is enlightening: a dozen probes a minute is average.

How to survive the first few minutes of a Windows installation: http://www.sans.org/reading_room/whitepapers/windows/1298.php?portal=b317b11adcb4ad076544cfe718929b26

Other useful information for securing Windows:

http://www.theregister.co.uk/security/security_report_windows_vs_linux/

http://www.cert.org/homeusers/HomeComputerSecurity/

http://www.sans.org/top20/

GL,

m

----------

## i92guboj

 *madisonicus wrote:*   

>  *6thpink wrote:*   If he wanted a preacher he would have gone to the church  Seriously, this person only wanted to know if there is some kind of AV software that can work from linux. Sometimes I notice that, sadly, we are not happy unless the rest of the world thinks the same way than we do. 
> 
> Unfortunately, all the virus scanners in the world aren't going to help if someone has a rootkitted system or continues with the same activities that caused the original compromise.
> 
> Virus scanners are nice, but totally historical--they only check for known vectors.  For an idea of how effective they are, Joanna Rutkowska (designer of the blue pill) doesn't even use any virus scanning software.  The popular virus detection software has a miss rate of 80%... I.e., they miss 80% of malware.
> ...

 

True.

 *Quote:*   

> 
> 
> My point wasn't evangelization, but to point out that it is ineffective (and irresponsible) to wait until an installation (Windows or otherwise) has been stuffed full of malware/keyloggers and adopted into a spambot/DoS/password-cracking network to try to fix things.
> 
> 

 

I know, that response was directed to those that offer solutions in the line "format that crappy thing and install linux instead".

 *Quote:*   

> 
> 
> My advice, again, is to grab what you absolutely must have from your old computer (nothing executable).  Scan those files.  Then, reinstall Windows.  Keep in mind that Windows survives being attached to the internet about 10 minutes before it's been attacked and compromised (Google that for multiple demonstrations).  Not just probed, or whatever, but attacked and compromised.  Watching my WAN firewall is enlightening: a dozen probes a minute is average.
> 
> 

 

That is what you would do, and what I would do if I used windows at all, cause it is by far the fastest solution, and cause in windows there is no customization that can't be made in 5 minutes after a reinstall (for those that really change anything in windows other than the colours, you can just save a .reg and then apply it). The rest is to insert - wait - accept, or even less work if you were smart enough to make a ghost image.

Still, if he wants AV's, I think it is good to provide that info, besides the alternative solutions.

----------

## madisonicus

 *6thpink wrote:*   

> That is what you would do, and what I would do if I used windows at all, cause it is by far the fastest solution, and cause in windows there is no customization that can't be made in 5 minutes after a reinstall (for those that really change anything in windows other than the colours, you can just save a .reg and then apply it). The rest is to insert - wait - accept, or even less work if you were smart enough to make a ghost image.
> 
> Still, if he wants AV's, I think it is good to provide that info, besides the alternative solutions.

 Apologies.  I hadn't considered the context of the whole thread.  I'm with you 100% on this.

@OP What did you decide to do, and how did it turn out?

----------

