If you are careful and knowledgeable when it comes to computers, you do not need to have an anti-virus program clogging up you system. But for most people this is a bad decition. Because people do get viruses. And once you do, perhaps because you failed to update your anti-virus program, chances are high that you’re fucked. No matter what anti-virus program you use, the virus won’t go away, and wont let itself be deleted. So what do you do?
What you need is to start up your computer without Windows (and thus the viruses) being loaded into memory. There are various ways you can do this, among those are a Windows Live CD with anti-virus (which I would like to write about later), but my solution to the problem is Linux and Frisk’s mailserver/workstation package, F-PROT Antivirus.
At the time being, the only graphical user interface (gui) for f-prot’s linux version is for the old version 4. Version 6 find almost twice the amount of viruses compared to version 4, and is therefore what I use. Therefore I assume you know your way around the command line and have used some form of Unix before. I might make a GUI myself in the future (let me know if you have a need for this!), in which case I will make an updated posting.
Anyway, divertions aside, what you need is a Linux distribution. For our purposes no hard drive install is necessary (as would be the case with Ubuntu, for instance), and thus you could download one of the many Linux distributions that are installable on a usb stick. Search around for either PuppyLinux, Damn Small Linux, Knoppix (big!), or my personal favorite; SLAX. Go their respective sites to learn how to install these. In SLAX case you should be able to simply download und uncompress to your usb stick, and then run the script \boot\bootinst.bat as someone with Administrator rights. Your mileage may vary, so try asking around for help in the forums for the different distros if things don’t work as planned either when it comes to installation, configuration, or something else.
After rebooting, starting up Linux from the usb stick, and configuring your internet connection, go to the download page for F-Prot. Download the Linux version and unpack it your home drive. Using SLAX, this would mean the /root directory.
Using the command line, go into the f-prot directory, run the ./install-f-prot.pl script, register (for this you need to be online, or otherwise the install will fail), and answer the questions.
If all is good, the anti-virus daemon program (fpscand) should be running, and you can now try scanning for viruses using the
fpscan --help will bring up an array of options you can use. I assume you just want to scan and disenfect (that means deleting!) all infected files on your local drives. I then issue the following command from the console:
fpscan --disinfect --adware --applications --all
If you want a little more control of what you are deleting, leaving out the «–disinfect» option will prompt you in each case. You can then choose to delete (Y), keep (N), delete all (A), or quit (Q).
fpscan --adware --applications --all
The output will be something like this
root@slax:~/f-prot# fpscan --report --adware --applications --local F-PROT Antivirus version 220.127.116.1152 (built: 2008-04-28T16-44-10) FRISK Software International (C) Copyright 1989-2007 Engine version: 18.104.22.168 Virus signatures: 200805081637f6efa427cfaf0a586fa821a351621cde (/root/f-prot/antivir.def) [Unscannable] /mnt/sda1/D2D/PATCH/FINGER/INSTALL/DRIVERS/SETUP.EXE->(CAB)->WindowsInstaller-KB893803-v2-x86.exe->(CAB) Scanning: /