Got a virus that just wants to stay?
Virus removal happens to be the one topic most computer newbies are most afraid of. The fact that different viruses are floating around in the news world only functions to heighten the anxiety of the threat they post to your computer and beloved family photos you took on some vacation somewhere. Most of the time, if you run an antivirus software like Microsoft Security Essentials or Kaspersky, or some other virus removal software, you should be fine about 99% of the time when it comes to detecting and deleting viruses.
However, on some occasions, the virus is able to actually mess with your anti-virus (av) software, thus preventing your av scanner from knowing that it’s there! This basically allows the virus to continue to function as a back-door to your computer, allowing hackers to come in and browse through your collection of lolcat memez, whenever they want.
So how do you get rid of a virus that just doesn’t want to go away? Thankfully, there’s a way…
No matter if your running Windows or MAC OS (I know, I know, but sometimes MAC OS does get viruses), the answer remains the same; Linux.
Linux is a different system from Windows and MAC OS, making it immune to viruses that affect those systems. This is good news, because this means you can have an install of Linux, either on a Live CD (a CD that you can boot to and run an OS from) or a USB (about 16GB should be enough) or an external HDD (for speed, go SSD /w eSATA connector (if your computer has an eSATA port)). When you boot to Linux on your computer, Linux is able to mount and read all the files on your internal HDD, and thus, it can scan for viruses.
This is how computer pro’s prefer to scan for viruses, because you can be certain that, since neither Windows nor MAC OS, there’s no chance of the infecting malware running in the background, messing with the av/scanner. Theoretically, you should be able to get rid of any virus by using this method. The virus can only hide if it’s running… but Windows and Mac viruses can’t run in Linux… so they can’t hide either!
Virus Removal Method Using Ubuntu Linux
Simple steps to scan your computer using Linux:
Note: Be sure to read the caution at the bottom of this article before trying this.
- Download a Linux distro (I recommend Ubuntu), choose desktop, then choose 32bit if you are unsure which CPU you have
- Burn the .iso file to a CD-R disc, I suggest using Alcohol 120%, or just use the default Windows ISO burner
- Boot to the CD using the Boot menu (different for each computer, try pressing F12, ESC, or Delete key if you are unsure)
- Say you want to, “Try Ubuntu“
- Once Ubuntu has loaded, go to Dash Home and type Terminal in the search
- In the Terminal, type in the following commands
- First we need to get ClamAV
sudo apt-get install clamavIt’ll ask you if you’re sure you want to install, just press “y” and then hit, Enter
- Now update the virus definitions using;
- In order to run a scan from the terminal, you need to know where your internal HDD is mounted, or whatever drive it is you want to scan.
If you do not know where your internal HDD is mounted;
- Go to Home -> Look under the Root or base directory
- Find the Media folder & double click it
- You should see a folder bearing the name of your HDD (So if your HDD is named “HP-WIN C” the folder will be named likewise)
- Double click the folder to mount the drive, then remember the location
To scan for viruses from the terminal
- To run the scan from the terminal,
clamscan --quiet -r -i /media/winWhere, /media/win is the mounted location of your Windows or Mac HDD
The option, –quiet, tells ClamAV to scan for viruses in the background and to only report back if it finds any, otherwise it won’t say/report anything at all.
Of course not everyone likes to run ClamAV from a terminal (such as moi). Plus, when you run ClamAV from the terminal, it just kind of sits there… it won’t actually tell you what it’s found (if anything) until after it’s all done; which could be a long time! So if you want to have something to click on and look at, we need to install the GUI for ClamAV, called, ClamTK.
To run ClamAV with a GUI front-end; clamtk
- Make sure you followed ALL of the previously mentioned steps, except for the very last one; the scan via terminal
- Now type;
sudo apt-get install clamtkThis is the Graphical front-end for ClamAV
- After that’s done, just type, sudo clamtk
- Click Preferences & check, “Scan all files and directories within a directory”
- Go to Scan -> A Directory (or press CTRL+D)
- Navigate to your root directory, and under the media folder, click on your HDD
- When it’s all done, go to Quarantine -> Maintenance (CTRL+M) remove the “threats” it found.
You should probably look through the list of Quarantined items and remove them one-by one, because ClamAV can be a little over sensitive, and not everything in there may actually be a virus.
You can enable other options, like quarantining, or moving the virus by reading the ClamAV manual, here.
Note of caution when using ClamAV:
ClamAV is extremely sensitive about detecting possible threats. When you scan a directory on your computer, you may find that it’ll say it’s found 40 or so threats. These are, possible threats, not actual threats. If you wait until the end of the scan, in the case of ClamTK, a window will pop up with all the possible threats found. If you know which one is the virus, then go ahead and delete it, otherwise you may notice that many of the detected, “threats” are actually often Windows or Mac OS system files. Often ClamAV will assume that just about any .exe file capable of doing or installing or changing anything is a possible threat. So be careful which “threats” you actually remove or you may end up in worse shape than you were before.