Using Linux to Remove Viruses
The best and safest way to remove computer virus and malware infections is to do so from “outside the box”. If you decide to try this by slaving the infected drive to a known good machine that machine could become infected unless very well protected and newer infections are very dangerous until security firms such as McAfee and Kaspersky have caught up (this is a normal state of affairs). What can be done is to scan the computer by using a live Linux disc (CD/DVD or USB) which runs without activating the target system’s infected hard drive.
By using the Clam antivirus program as part of a live Linux disk OS you would be doing exactly that: Thinking and operating “outside the box” and giving yourself a very good chance of eradicating any infections on that machine without endangering any other system. One might ask if this is a difficult task or if they could even do it; but, that’s why I’ll explain how it’s NOT difficult and exactly how you can do it. There is no need to use the Linux CLI (command line interface); in fact this procedure is very much like using the Windows GUI (graphical user interface) with which most people have become fairly accustomed.
Start by downloading the Knoppix 7.05.iso file HERE. After that download (4+GB) completes you’ll want to then burn that .iso to a DVD (preferable) or a USB flash drive with more than 4GB capacity. Now you have what can resolve many virus and other malware infections by booting your computer to that newly created disk. To do that, you’ll need to alter your computer’s boot sequence in the BIOS, by hitting either Delete or F2 (for the CMOS setup – right arrow over to BOOT) or F9 or F12 for the Boot device selection. These settings vary by machine so you’ll have to see which works in your case (please note what you did because you will be changing it back). Once you get in choose the device that you put the disk in (CD/DVD ROM drive or USB if it’s supported) and save that setting so you can boot to it instead of the infected hard drive.
When the computer starts it will look quite different than what you are used to seeing, but let it complete until you see the Knoppix desktop. Once there, point your mouse to the lower left corner and the furthest left icon there (equivalent to the Windows START button). Go up to Accessories then up to choose ClamTk. When that opens the first thing to do is update the virus signature files by choosing Help – Update.
Once current, set preferences to scan all files and directories within a directory and all you need to do now is scan the computer’s hard drive. To do that hit Scan and choose Scan a Directory, and you can choose the hard drive you have to scan. You’re not likely to see as much as in that screenshot (mine is the 419GB), more likely one that equals the size of your one drive (if more than one the smaller is likely the recovery partition you have and you want the larger). Now run the scan and let Clam clean your machine!
Once the scan completes (this will take a while),it might find many items you DO NOT WANT TO QUARANTINE. Note the files listed and Google the items to see if they're legit. You can always register and post in the forums if you wish. Then go back to the "Start Button" in the lowest left then choose Logout. It will then ask what you want to do (choose Shutdown {or Reboot}). Confirm the Shutdown as the screen will state, remove the DVD from the tray and hit Enter. Next go back to your BOOT menu and change back to booting to your hard drive as you were before.