Re: malware infesting windows part of dual-boot

To: debian-user@lists.debian.org
Subject: Re: malware infesting windows part of dual-boot
From: Lorenzo Sutton <lorenzofsutton@gmail.com>
Date: Mon, 16 Jan 2012 09:00:22 +0000
Message-id: <[🔎] 4F13E726.30802@gmail.com>
In-reply-to: <4f1084c6.82250e0a.1c06.0e6fSMTPIN_ADDED@mx.google.com>
References: <4f1084c6.82250e0a.1c06.0e6fSMTPIN_ADDED@mx.google.com>

Hi Charles,

On 13/01/12 19:04, Charles Blair wrote:

    I have the lenny release of debian and windows XP as a dual-
boot using grub 0.97.  The debian system (of course) seems to
be working fine, but I've gotten some malware (of course) on
the windows side.

     Can somebody recommend software (preferably free) that
will deal with the bad windows stuff without trashing the
linux system?  I'm concerned that running standard-issue
diagnostic and treatment stuff will tamper with the boot
sector, among other things.

In the past I have sometimes found it more effective and overall lesstime-consuming to simply re-install the system on malware-infestedwindows installations, than try to 'clean' them. I say this becausesomething like the Trinity live cd may take up to 1 day or even more toscan with all the available antiviruses.If you do decide to go this route the following cautions and drawbackscome to mind:

- Be sure to back-up any valuable data both on the Windows and Debianpartitions (you never know when playing around with partitioning-enabledsoftware), this would typically include the Documents and Settingsdirectories for the various users on the windows side, /homepartition/directory on debian maybe something in /etc. - YMMV- This can usually be done by running any Live CD and attaching themachine to an external hard-disk but your mailage may vary depending onthe size of data you need to backup.- Consider the fact that for the windows side any infected file youback-up still remains so, although copying it off on an external harddisk, even better if on a dedicated partition *should* reduce the riskof reinfection if you take some sanitisation measures such as having anupdated, un-compromised antivirus, treating with suspicion .exe, .com,.dll, office files etc.- Reinstalling Windows XP *will* surely overwrite the MBR, thus if grubstarts from there it will be unusable. But, this can easily becorrected, again through using more or less specific live CDs andgoogling around will provide many links.- IIRC Windows installer will offer to use whole disk thus potentiallydeleting your debian partition(s) too! Check *very* carefully thepartitioning options of the windows installer.- In windows you will have to re-install all software. This is thebiggest bummer, as it will be much more painful than e.g. re-installingall packages in debian because each software will have to be reinstalledmanually. This especially applies to software with fussy authorisationmethods such as sending emails, hardware snapshoting etc. A naive yetuseful tip might be to print out the dir of the c:\Programs directory(or similar). In some enterprises windows machines bootstrapping isusually done to certain extent.


Good luck,
Lorenzo.

Reply to:

Prev by Date: Re: Stripping down Debian Squeeze
Next by Date: Re: changing bootup parameters
Previous by thread: Re: malware infesting windows part of dual-boot
Next by thread: ptrace suid?
Index(es):
- Date
- Thread