Friday, December 11, 2009

Killing a Windows Virus From Linux Using F-Prot

While I enjoy using Linux every day, most of my family continues to use Windows (mostly WinXP) and relies on me for tech support. I have done the usual things such as installing Firefox and MalwareBytes, but they still get some infections. That usually involves running a scanner over and over and some virii evade detection.

F-Prot makes commercial virus scanners and has a free home version available for Linux.

Download the tar.bz2 file and extract it to /usr/local/share. Then, from the /usr/local/share/f-prot directory, run:

# ./

and accept the defaults. The /usr/bin/fpscan link to the program will be created and teh virus database will be updated.

To scan a Windows drive, remove it and attach it to your Linux computer using a USB adapter, then mount the drive rw (read,write) at, for our example, /media/windows.

The run the scanner with:

# fpscan --disinfect /media/windows

As it progresses, any corrupted or infected files are listed. Any that cannot be cleaned can always be dealt with using rm -f.

Other options can be viewed with:

# fpscan --help

It would be nice to have this available in a bootable Linux-based CD that can be run on the infected machine. And there is one available at TRK that not only scans with several virus scanners, but includes an admin password bypasser and several other useful tools, including the mc file browser.

No comments: