Using system rescue CD to scan and delete virus in Windows
System rescue cd from http://www.sysresccd.org/ include clam anti virus, during our standard operating procedure process I use this cd as one of virus detector.
How I use it :
1. Download latest version from http://www.sysresccd.org/
2. Burn into CD
3. Start Computer and set BIOS to load CDROM as first loader :
4. Enter default menu by hit Enter, after everything loaded you’ll see this screen :
5. Setting Ip, gateway and dns for resolving address.
ifconfig eth0 inet 192.168.12.107/24
route add default gw 192.168.12.1
echo ‘nameserver 192.168.12.1′ > /etc/resolv.conf
6. Try network connection using ping
ping yahoo.com
PING yahoo.com (206.190.60.37) 56(84) bytes of data.
64 bytes from w2.rc.vip.re4.yahoo.com (206.190.60.37): icmp_seq=1 ttl=47 time=373 ms
64 bytes from w2.rc.vip.re4.yahoo.com (206.190.60.37): icmp_seq=4 ttl=47 time=356 ms
64 bytes from w2.rc.vip.re4.yahoo.com (206.190.60.37): icmp_seq=6 ttl=47 time=414 ms
64 bytes from w2.rc.vip.re4.yahoo.com (206.190.60.37): icmp_seq=7 ttl=47 time=408 ms
64 bytes from w2.rc.vip.re4.yahoo.com (206.190.60.37): icmp_seq=8 ttl=47 time=353 ms
64 bytes from w2.rc.vip.re4.yahoo.com (206.190.60.37): icmp_seq=9 ttl=47 time=363 ms
^C
— yahoo.com ping statistics —
10 packets transmitted, 6 received, 40% packet loss, time 9457ms
rtt min/avg/max/mdev = 353.667/378.221/414.335/24.191 ms
7. Checking windows partition
fdisk -l
Disk /dev/sda: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0×6f656f65
Device Boot Start End Blocks Id System
/dev/sda1 * 1 1043 8377866 7 HPFS/NTFS
as you see windows partition in ‘/dev/sda1′
8. Mounting windows partition to /mnt/winc
mkdir /mnt/winc
ntfs-3g /dev/sda1 /mnt/winc
9. Update clam anti virus to latest virus definition
freshclam
ClamAV update process started at Sun Feb 8 10:17:27 2009
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): OK (IMS)
main.cvd is up to date (version: 49, sigs: 437972, f-level: 35, builder: sven)
Reading CVD header (daily.cvd): OK
WARNING: getfile: daily-8684.cdiff not found on remote server (IP: 193.1.193.64)
WARNING: getpatch: Can’t download daily-8684.cdiff from database.clamav.net
WARNING: getfile: daily-8684.cdiff not found on remote server (IP: 222.124.18.20 1)
WARNING: getpatch: Can’t download daily-8684.cdiff from database.clamav.net
WARNING: getfile: daily-8684.cdiff not found on remote server (IP: 222.124.18.20 1)
WARNING: getpatch: Can’t download daily-8684.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 8963, sigs: 75625, f-level: 38, builder: guitar)
Database updated (513597 signatures) from database.clamav.net (IP: 222.124.18.201
10. Scan windows partition using clamscan
clamscan -vri /mnt/winc
v = verbose, see the process
r = recursive
i = print infected file
The process will take some time depend on how big your windows partition and computer speed.
11. See the summary
———– SCAN SUMMARY ———–
Known viruses: 513111
Engine version: 0.94.2
Scanned directories: 603
Scanned files: 4592
Infected files: 1
Data scanned: 772.54 MB
Time: 657.436 sec (10 m 57 s)
As you see infected files, 1 file.
To delete that file use :
clamscan -vri –remove /mnt/winc
Yes, –remove will remove the file.
- system rescue cd clamav
- system rescue cd virus scan
- systemrescuecd clamav
- clamav rescue cd
- systemrescuecd virus scan
- systemrescuecd antivirus
- clamav systemrescuecd
- systemrescuecd virus
- clamav system rescue cd
- system rescue cd virus scanner
- system rescue cd clam
- sysresccd clamav
- system rescue cd virus
- system rescue cd clamscan
- using systemrescuecd
- system rescue cd update clamav
- system rescue virus scan
- rescue cd windows
- rescue cd clamav
- system rescue cd
- clam rescue cd
- systemrescuecd clamscan
- windows rescue cd
- clamscan windows partition
- system rescuecd clamav
- sysrescuecd clamav
- rescuecd clamav
- system rescue cd clamav update
- systemrescuecd clam
- virus rescue cd
- system rescue cd windows
- clamscan delete virus
- sysrescue cd clamav
- windows system rescue
- systemrescuecd virus scanner
- clamscan delete
- systemrescuecd windows
- system rescue virus
- systemrescuecd anti virus
- clamav rescuecd
- clamav rescue
- sysresccd antivirus
- sysresccd virus scan
- how to use systemrescuecd for virus scan
- systemrescuecd remove virus
- systemrescuecd scan virus
- system rescue cd virus check
- clamscan systemrescuecd
- clamscan ntfs
- system rescue cd scan windows
4 Comments
Pingback & Trackback
Random Post
Leave Your Comments Below
DigitalCamera
Free Services
-->
Hi
I am a user of SystemRescue CD
There are practical difficulties in the following cases :
1. The article assumes that Internet is already available and the userid/password is already embedded in the modem/router (ADSL). Most of the time this assumption fails.
2. Hence the method of passing the userid/password to the ADSL modem/router is required.
3. If we decide to use this method inside an Organization, the Internet may be accessible only via Proxy. And proxy will require userid/password and may be Local DNS/Wins access
4. How do we pass on the Proxy information and userid/password for the Proxy?