Linked by David Adams on Fri 25th Sep 2009 16:17 UTC
Bugs & Viruses A non-OSNews-reader asks: "I've got 5 PCs that I'm trying to use to train disadvantaged young people. The problem is they are riddled with viruses and a firewall blocks me from updating them. The people in charge of maintaining the PCs won't fix them or give me the admin password (Win XP) to let me install a new or updated antivirus. The centre is being shut down in a few months. If they were working, I could still do a lot with them, so I've been looking for a good online virus scan - but they all try to download a little .exe onto your PC first, and the settings on the PCs won't allow that. Suggestions? Solutions? Links?" Read on for our recommendation. Update: It appears that this question is part of an elaborate email scam designed to propagate malware. See here for details.
Thread beginning with comment 386268
To read all comments associated with this story, please click here.
Clamav
by F_u_X on Fri 25th Sep 2009 16:57 UTC
F_u_X
Member since:
2007-10-15

I'd recommend burning "clamav-livecd 2" and scanning the effected computer with it. It's a linux "live OS" that doesn't install itself on your computer, but that loads and runs from cd.

It's free and - depending on your past exposure to linux - very easy to use.

Once you have loaded the cd,

1 Issue "dhclient3 eth0" as root to bring up networking (I'm assuming you have a running DHCP server on the network, which hands out leases that enables your computers to access internet).

2 Update the virus-definitions by issuing "freshclam" as root.

3 Mount the hard-disk (if it isn't already mounted, check with "mount" first) with the "mount" command Depending on your computer it's something like:
"mkdir ~/tmp"
"mount /dev/sdaX ~/tmp" or "mount /dev/hdaX ~/tmp"

Now you can scan your computer using clamAV . More info on how to scan: http://www.clamav.net/ | http://www.volatileminds.net/projects/clamav/

Download link to clamAV-livecd : http://www.volatileminds.net/projects/clamav/ClamAVLiveCD2.0.iso

You need to boot from cdrom, which means you might have to ask for a bios-password. clamAV most of the times doesn't get "everything" removed from your computer, but it's certainly worth a try.

Quite frankly: They should trust you or enter the password for you. Not trusting the guy you are giving access to your computer to, is just plain dumb (unless they are the network admins...). Hope this helps.

Edit: Somebody "beat" me ;)

Edited 2009-09-25 16:58 UTC

Reply Score: 2

RE: Clamav
by Supp0rtLinux on Fri 25th Sep 2009 17:19 in reply to "Clamav"
Supp0rtLinux Member since:
2009-09-25

This is actually quite simple. Get another system... any system and put a clean copy of Windows on it, update it, and put current AV s/w on it. Then take the hard drives from the other machines and put them into this one as secondary drives or even through an external USB enclosure and scan 'em. In fact, this helps to remove boot resident items that typically require a reboot to remove anyway. If any system files get quarantined or removed, copy them from your clean system to the same path on the other drive. Then put the drives back into their original systems and let 'em go.

If you want to keep them current after the cleansing, install a tool that tracks every change made when installing s/w. Run it while installing the AV s/w on your clean system and get a log of everything changed (new files/dirs, registry changes, etc). Then, after the other systems drives have been cleaned but are still physically attached to your clean system, replicate those changes to them (hint: for the registry, you can export the changes and import them). Now when you put them back they will be clean and have current AV s/w on them. Hopefully the f/w won't stop them from being updated, but if it does, hopefully it will also stop them from getting newer malware.

Reply Parent Score: 1

RE[2]: Clamav
by kenji on Fri 25th Sep 2009 18:07 in reply to "RE: Clamav"
kenji Member since:
2009-04-08

Still it would be much easier to use a bootable solution because dismantling the machines as swapping hard discs is much more laborious.

Alwil produces a good scanner that I believe uses FreeDOS:

http://www.avast.com/eng/avast_bart_cd.html

Of course this assumes that the machines are set to boot from CD or you have access to the BIOS.

Reply Parent Score: 1