6 replies to this topic

[MrCharlie]

Hi, I'm working on a tutorial for Avira AntiVir Rescue System:

"Avira is a Linux based CD which can help you in to repair a damaged system, to rescue data or to scan the system for virus infections. The Avira AntiVir Rescue System is updated several times a day (contains the current virus definitions VDF) so that the most recent security updates are always available."

I have everything figured out except how to save the log.

The system is has midnight commander bundled with it.

Here's some tutorials on using it:

http://www.trembath....mctutorial.html
http://www.thegeekst...nager-for-unix/

I found the log from the scan and it's located at /var/log/antivirlog.txt, (this is as far back as I can trace, I don't know what's before /var)

This is how they say to copy it to your hard drive: (it doesn't work)
copy the logfile:

type cp /tmp/avlogfile /mnt/hda1/log.txt. This will copy the log file to C:\log.txt. In case your C drive is mounted to another directory, like /mnt/sda1 or /mnt/hda2, you should change the command accordingly.

From here:
http://forum.avira.c...;threadID=82163
http://forum.avira.c...;threadID=94935

Any suggestions on how to do this, I know nothing about Linux.


--------------------------------------------------------------

If you wanted to make and install the disk:

Avira AntiVir Rescue System .iso can be downloaded HERE.
It is also be located on ThisPage, look for Avira AntiVir Rescue System .iso not the .exe.
Make note of where you downloaded it to.

Next....download and install Active@ ISO Burner
Click HERE for ISOBurner Instructions.
Install the program, and follow the next set of steps.

After you install Active@ ISO Burner, double click on the Avira AntiVir Rescue System .iso you downloaded.
Active@ ISO Burner should automatically open up.....now click BURN.

After the rescue cd is made, remove it from the computer and boot-up the sick computer up using it.
Note : In order to do so, the computer must be set to boot from the CD first.
For information on how to do that....click HERE.

The default language is German, but you can change it to English anytime by clicking on the English flag on the lower-left side of the screen.

Leave the default setting except for Scan Mode:
Change it to Scan Boot Sectors Only

Then run the scan, it will only take seconds and won't make any changes to your system but will create a log.

To get to Midnight-Commander, just run Command from Avira then alt + F5 to get to it.

Thanks...........MrC

Edited by MrCharlie, 21 May 2010 - 04:27 AM.

[jpshortstuff]

Hi MrC,

If you want to use the copy from /var, this command works for me:
cp /var/log/antivirlog.txt /mnt/Devices/sda1 (replace sda1 with whatever your target HD is)

Also, if you navigate in the left-hand pane of MC to the location of the log, then navigate in the right-hand pane to the target location, I believe you can select the log and hit F5 to initiate a copy.

In any case, its probably best to navigate to the target directory using one of the panes to make sure it exists and is the correct one.

I found the log from the scan and it's located at /var/log/antivirlog.txt, (this is as far back as I can trace, I don't know what's before /var)

Just so you know, any path in Linux/Unix starting with a / is from the root of the drive. Unix doesn't have the drivename-colon notation that Windows uses, a forward slash is sufficient.

Hope that helps, let me know if you need more info.

-jp

[MrCharlie]

Great it finally worked after about 20 tries!

I missed the spaces between [cp and /] , [.txt and /] and the capital D in Devices, do it any other way and it doesn't work.

cp /var/log/antivirlog.txt /mnt/Devices/hda1


My hard drive is hda1 and yours is sda1, so there's no standard code that I could give the person?

I could have them identify the hard drive like this and have them fill in their drive information into the code:

After the Avira AntiVir Rescue screen loads.......
Click on Configuration
In the Directory Window at the bottom, click the box on the right with the 3 dots in it.
In the window that comes up, you'll see some folders, one of them is your hard drive.
It will most likely will be hda1 or sda1.
Double click it to open it up.
Look for the Windows folder.
If you see it, then you know you have the right one.
If not, use the blue arrow to go back and try another one.
When you do find it, please make note of it and right it down, we'll use it later.
After you find it, click on Cancel to exit the window, DON'T (never) click on OK.

Thanks again............MrC

[paws]

Hi Mr C.
it might be worth taking a look here:
http://www.howtogeek...ubuntu-live-cd/
There's a useful tutorial on using Ubuntu Linux to download, update and scan with Avast.....there's nothing there on saving a log file.... just how to use the apps to kill some bad stuff...it may be of some use as part of your background work ...hope so anyway...

I've used a similar approach to the one linked above.... on customers machines that won't even boot into Windows and had good successes.....however I did note that the virus databases used for Avast Linux is different from the Windows ones (numerically several versions "behind" the Windows data bases...however the scanner and disinfection regimes seem to be very effective, so perhaps this numerical difference is not all that relevant..
Some folks like the screen dumps shown in the linked tutorial...other's hate them.....
Regards
paws

[MrCharlie]

Hi Paws, I read about that one last night but couldn't find it....Thanks for the link.

There's a bunch of these rescue disks out there, so far Avira looks good.
It will try to disinfect the malware files and if it can't it will rename them to .XXX.
It also can produce a log and it updates as long as you have a connection.

AVG is very good also, updates, gives you a choice of what to do with the malware, I didn't see any way to get a log.

BitDefender is another good one, all though if I remember correctly...it just deletes the malware...you have no choice, be careful!

I'm testing them all to see what would be the safest for users to use and maybe we'll post them in the self-help section.

Most of them give false positives, they took out a some of my tools and even the HJT installer.

This one has some use also:
VIPRE Rescue Program

Thanks for the input........MrC

[jpshortstuff]

Hi MrC,

I missed the spaces between [cp and /] , [.txt and /] and the capital D in Devices, do it any other way and it doesn't work.

Yes, I probably should have mentioned that Unix, unlike Windows, is case-sensitive. My apologies.

My hard drive is hda1 and yours is sda1, so there's no standard code that I could give the person?

Well, you could use this:
cp<space>/var/log/antivirlog.txt<space>/media/Disks/C*

This way you only have to change 'C' to whatever drivename your Windows installation is using.

Hope that helps.

-jp

[MrCharlie]

Yes, that's what I'm going to have them do, identify the hard drive and then just add it to the code and then run it. That's going to work, it's not that hard fpor the average user to do.

Thanks for the help, it was much appreciated, MrC