|< Day Day Up >|
Ridding a network of Windows computers of a virus or worm can seem impossible . Viruses may cause computers to reboot and infect new machines while you are in the process of removing them. Through the use of the live-software installer, Knoppix provides a solution to this catch-22 .
Viruses and worms are a common problem in the computing world today. It seems every other day a new virus or worm comes out, and anti-virus vendors must quickly update their signatures to block the new outbreak. Unfortunately not everyone has a virus scanner installed on his system, or if he does, it might not be kept up to date. When the worst happens, you must make sure that the virus doesn't spread to other computers on the network or damage your files. If you install a virus scanner, you must be sure that the virus can't find a way to infect, disable, or hide from it.
There are several advantages to using Knoppix as a virus scanner over the alternatives:
F-Prot is a free virus scanner that you can run under Linux. You can install F-Prot with Knoppix's live-software installer, covered in [Hack #27] . The live installer needs a working Internet connection to download the program, and the program itself needs to be able to download updates as well.
Click K Menu KNOPPIX Utilities Install software, select f-prot, and click OK to start the installation. Once the installation finishes, click K Menu KNOPPIX Extra Software f-prot to start the F-Prot GUI.
After you launch F-Prot, immediately select option 4, "Do Online Update," to make sure that you have the latest list of virus definitions (see Figure 7-2). Once the update is finished, choose "Select partition(s)" from the F-Prot GUI, or if you have already mounted the partition, you can choose "Select a directory/file" to pick the directory to scan. Once you choose a directory, you are dropped back to the main menu where you can then choose Scan to start the scanning process. A progress meter appears, and the length of the virus scan varies, depending on the size of the directory you are scanning.
Figure 7-2. The F-Prot GUI
Once the process is finished, F-Prot displays a report that lists the different files it has scanned. The information you are probably most interested in, whether you are infected or not, is listed at the very bottom of the file. There, you should see how many files F-Prot has scanned, and under that, you should see whether F-Prot has found any viruses. If you are clean, you should see "No viruses or suspicious files/boot sectors were found."
Once you have a list of suspicious or infected files, you can mount the partition read/write and delete or rename the files. If you are a Windows expert who is comfortable with registry edits, you can follow the steps in [Hack #76] to remove any registry keys the virus might have left behind. You might also want to view advisories on the viruses that F-Prot finds on http://www.cert.org or other security sites, and see if perhaps there is a patch you can download to protect your system from this virus or worm in the future. Now is a good time to save any patches you might need to your hard drive, so you can boot back to your computer without having to connect to the network, and install the patch as covered in [Hack #79] .
|< Day Day Up >|