Clean Windows virus from Linux

Yesterday we noticed in our windows samba share machine that it was infected with virus. This is the kind of virus which became common 2 years back which created an executable file with the name same as the current directory name. In a windows machine, the icon was set in such a way that it looked exactly like a windows directory. If you double click that file (thinking it is a folder), you are sure be infected.

So, I had to delete the files and the shared directory was having numerous folders. I then wrote a bash one liner (not exactly 1 line) to delete the files.

First I used find to get the list of all the exe files in all folders and stored it in a file (exe_files).

This was the command I then used to delete all the files.

cat exe_files | while read line;do l=`ls -lh "${line}"`;size=`echo $l| cut -d' ' -f5`;if [ $size = "604K" ]; then rm "`echo $l| cut -c"47-"`" ;fi; done

What it does is reads each line in the file and finds the size of each file and if the size is ‘604K‘  then remove the file.

Deleting based on the filesize was not that good, as we might have lost some original file which was correctly 604K. If you wanted a better solution, you would have to write one more if clause to check if the filename is the same as the folder name – better to create a shell script instead of trying a one liner.

Thanks to linux, we could delete all the ~6000 virus files in a simple command without the fear of infection.

7 thoughts on “Clean Windows virus from Linux

  1. Anish

    Hey even i had the same virus in my pen drive abt 9 months back .Got it from one of the ESSAR (an India Industry where i worked) system their whole network is infected with that. But It dint get into my linux pc. But as for windows system it does though it did no harm .

    Reply
  2. cnu Post author

    @Anish:
    That virus was very common in my college during the final years. People would be running around with their thumb drives fully infested with viruses. Sometimes setup programs will be rewritten with this virus. We used to delete it using a Mac at that time.

    Reply
  3. Gabriel Thomas

    Hello,

    I have writing a blog about computer(http://computerblog-gab.blogspot.com) and my PR is 0. Now I attempt want to increase my PR so i want to change link with you.

    if you interested with my link exchange, plz contact me on :-

    [email protected]

    I would appreciate if you deign to exchange link with me.

    Thank you.

    Reply
  4. Robin Rejin

    My external harddisk has been affected with a virus…. the icon of the hardisk folder is changed…what should i do to bring back the old icon…. and none of the antivirus is able to detect it…plz help

    Reply
  5. Girish S

    find /media/New Volume/ -size 1132193c -name *.exe -exec rm {} ;

    Use this short version to find exe files in “New Volume” with size 1.1MB (in my case) and delete them.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>