OT (sort-of): Linux used to virus-check Windoze computers? (was Re: LiveCD list)

[Brian Kelsay]

Hopefully my comments inline will work.

Brian Kelsay

>>> Leo J Mauler <webgiant> 02/23/04 02:08PM >>>
>I was over at a friend's house a few days ago, trying to figure out why
>his Internet connection (TimeWarner RoadRunner cable modem, >Ethernet
>connection, WinXP Home, Internet Explorer 6) suddenly would break >from
>time to time.

>Initially it was one of those Stupid Customer Service Questions: the
>cable modem wasn't plugged in.  But then it got weird.  You'd reboot the
>computer, and the connection would work fine.  Internet Explorer would
>come up and load web pages just fine.  Then Internet Explorer would
>suddenly be unable to connect to anything, about fifteen minutes into >web browsing.
>
>I dropped into a CLI.  Ran ipconfig, and the internal networking seemed
>fine.  I successfully pinged yahoo.com.  I even managed to telnet into >my
>shell account on www.freeshell.org. 
>
>I rebooted, and the same thing happened with Internet Explorer: no >web
>pages on Internet Explorer, but text-based Internet working fine.  I
>wasn't doing anything more complex than Google.
>

Did you try another browser Like Mozilla?   May need to reload IE, not always a simple task.  I had 
to reload Winsock on an ME box and I found very specific directions on Experts Exchange or a 
similar site.

>So this time I rebooted with KNOPPIX v3.2.  I opened a Mozilla browser,
>loaded a page, and then played Frozen Bubble for twenty minutes.  >Mozilla continued to work after 
I stopped playing the game.  I was able to >ssh into my www.freeshell.org account, and lynx worked 
fine too.  >Pinging
>yahoo.com worked fine.
>
>So in view of the fact that I haven't worked with WinXP much, I still
>have to conclude from the observed data that the Internet Explorer
>Browser has a serious cock-up.  I started to consider causes, but at that
>point my friend had to go to bed and I had to leave.  On the drive home,
>I thought a virus might be the problem (well, my first thought was
>"internal M$ bug which hadn't been patched yet").
>
Could have been a recent patch that caused the new problem.  Usually you have to rule all that 
stuff out before the cable company will mess with hardware.  I don't really blame them as they 
could be running all over town over a M$ bug.

>So I'm curious: has anyone created a Linux LiveCD which boots up and >>then has an application 
which can virus-scan Windoze systems?  It >would have been handy at his home, as he refuses to give 
up WinXP for >anything (even though the only Windoze-specific app he runs is "Spider >Solitaire") 
and I didn't have a virus-scanner handy.  It also gets around >the age-old problem of running 
Windoze virus-scanners in Windoze: you >boot up the computer, all the viruses load themselves into 
memory and >cloak themselves, and the virus  scanner you run from CD fails to find the
>viruses in memory.  With a Linux LiveCD booting, the viruses on the hard
>drive fail to load and are picked out easily by any anti-virus software
>on the Linux LiveCD.

The http://www.systemrescuecd.org CD that I tried has Clam AV on it, but I haven't figured out how 
to use it yet.  The CD is based on the Gentoo LiveCD.   Check out that list I sent that started 
this thread and see if there is one that fits your situation.   Looks like Trinity Rescue Kit 
contains F-Prot (http://trinityhome.org/trk/usage.shtml#scripts ).  Looks like there is a kludgy 
workaround to clean virii on NTFS volumes, but should be doable.   

Do your friend a favor, if he won't switch away from XP, at least get him to load the free for home 
use AVG Antivirus and set the scanning and update schedule for him.  http://www.grisoft.com/  I 
have it on my wife's PC, my brother's and a couple of other people I have done work for.

>I know that it is a horrible crime against nature to use Linux to
>virus-scan a Windoze computer, but I'm wondering if anyone out there >has
>done it yet, with a combination of a Linux LiveCD and a Linux app to >scan
>Windoze computers for viruses.
>
>Incidentally, his roommate was impressed by the KNOPPIX >demonstration,
>especially with the browser not crashing, but also with the multiple
>desktops and Frozen Bubble.  Roommate very sad that Frozen Bubble >not
>written to run anywhere but Linux.  Perhaps another convert?  :)

I have run Frozen Bubble on NT 4.  It is not supported by the developer, but some brave souls have 
ported FB to work on several Winders versions.  If nothing else, you could get your friend "clued 
in" to some GPL and free software.  Frozen Bubble, AVG, Mozilla, Knoppix would be a good start.  I 
would give his roommate a copy of Knoppix to explore around with.  It can't hurt any.