AnimeSuki Forums

SeijiSensei · 2008-02-04, 13:41

I really haven't a clue how you are scanning something like C:>; it just doesn't exist in Linux. The only thing I can think of is that you are again somehow looking at the Wine setup.

Up above you report that /dev/sda2 is mounted as /media/sda2. You need to scan that, as in "clamscan -r /media/sda2", which uses the -r switch to recurse down through the directory tree.

Before doing that, I suggest that you run the "freshclam" command to update your virus definitions to the most recent available. You may need to do this as "root" (see above).

Chrono Helix · 2008-02-05, 07:10

I did a clamscan of the entirety of my Windows folder, and it found one infected file. Unfortunately I wasn't watching the scanning process, so I don't know which one it was. Is there an easy way to check?

SeijiSensei · 2008-02-05, 08:04

Run it again with the -i switch to list only the infected files, e.g., "clamscan -i -r /media/sda".

Chrono Helix · 2008-02-05, 10:44

It identified /media/sda2/windows/system32/drivers/etc/hosts as an infected file. It's a 5.6kb text document. I removed it from the computer and put it into my HDD, but I still can't login to the computer.

SeijiSensei · 2008-02-05, 11:47

The hosts file contains a list of hostname<-->IP address mappings that overrule the results obtained from standard domain name lookups. It's a common hack since you can direct attempts to visit www.yourbank.com to some phony page designed to look like yourbank.com but is really a site designed by criminals to obtain your banking credentials.

That said, the hosts file doesn't have anything to do with logging in, so that's not the root of your problem. I really think you should try one of those Windows-based rescue disks and see if you do better with them. ClamAV isn't really designed to detect the sorts of malware that's affecting you. For that, you need things like Spybot Search and Destroy and AdAware, and they run on Windows.

When you say you can't log in, does that also mean you can't boot up in "Safe Mode" (hit F8 I believe during the Windows startup)? If you can enter Safe Mode, then get yourself copies of Spybot and AdAware and run them from safe mode. (A quick Google search will locate both pieces of software, and they're both free.) That may be all you need to do.

Chrono Helix · 2008-02-05, 12:57

I've tried Windows-based rescue disks, but I'm unable to access my hard disk with any of them. That's why I was forced to try out Knoppix, which worked.

Safe Mode doesn't prevent help, unfortunately.

2008-02-04, 13:41	Link #21
SeijiSensei AS Ojiisan Join Date: Nov 2006 Location: Akutabe Detective Agency Age: 63	I really haven't a clue how you are scanning something like C:>; it just doesn't exist in Linux. The only thing I can think of is that you are again somehow looking at the Wine setup. Up above you report that /dev/sda2 is mounted as /media/sda2. You need to scan that, as in "clamscan -r /media/sda2", which uses the -r switch to recurse down through the directory tree. Before doing that, I suggest that you run the "freshclam" command to update your virus definitions to the most recent available. You may need to do this as "root" (see above). __________________ Avatars

2008-02-05, 11:47	Link #25
SeijiSensei AS Ojiisan Join Date: Nov 2006 Location: Akutabe Detective Agency Age: 63	The hosts file contains a list of hostname<-->IP address mappings that overrule the results obtained from standard domain name lookups. It's a common hack since you can direct attempts to visit www.yourbank.com to some phony page designed to look like yourbank.com but is really a site designed by criminals to obtain your banking credentials. That said, the hosts file doesn't have anything to do with logging in, so that's not the root of your problem. I really think you should try one of those Windows-based rescue disks and see if you do better with them. ClamAV isn't really designed to detect the sorts of malware that's affecting you. For that, you need things like Spybot Search and Destroy and AdAware, and they run on Windows. When you say you can't log in, does that also mean you can't boot up in "Safe Mode" (hit F8 I believe during the Windows startup)? If you can enter Safe Mode, then get yourself copies of Spybot and AdAware and run them from safe mode. (A quick Google search will locate both pieces of software, and they're both free.) That may be all you need to do. __________________ Avatars

2008-02-05, 07:10	Link #22
Chrono Helix Senior Member Join Date: Jan 2008	I did a clamscan of the entirety of my Windows folder, and it found one infected file. Unfortunately I wasn't watching the scanning process, so I don't know which one it was. Is there an easy way to check?

2008-02-05, 08:04	Link #23
SeijiSensei AS Ojiisan Join Date: Nov 2006 Location: Akutabe Detective Agency Age: 63	Run it again with the -i switch to list only the infected files, e.g., "clamscan -i -r /media/sda".

2008-02-05, 10:44	Link #24
Chrono Helix Senior Member Join Date: Jan 2008	It identified /media/sda2/windows/system32/drivers/etc/hosts as an infected file. It's a 5.6kb text document. I removed it from the computer and put it into my HDD, but I still can't login to the computer.

2008-02-05, 12:57	Link #26
Chrono Helix Senior Member Join Date: Jan 2008	I've tried Windows-based rescue disks, but I'm unable to access my hard disk with any of them. That's why I was forced to try out Knoppix, which worked. Safe Mode doesn't prevent help, unfortunately.