• Welcome to Computer Association of SIUE - Forums.

Linux Spyware Scanner

Started by Michael Kennedy, 2006-12-07T21:18:43-06:00 (Thursday)

Previous topic - Next topic

Michael Kennedy

I'm working on an Ubuntu install on an external HDD that I recently picked up and I'm looking for some ideas on what to install on it for repair purposes.  The drive will hopefully replace my book of boot CDs that I use for repairing Windows installs once they've become infested with viruses, spyware, etc.

I have the obvious- Nessus, ClamAV, etc but one app I'm looking for is a spyware scanner for Linux.  I'm looking for something that'll scan mounted FAT/NTFS partitions.

Does anyone know of any?  Google isn't turning up any results.  I haven't messed with Wine- can I run something like Adaware or something similar in Wine and accomplish what I need?

"If it ain't busted, don't fix it" is a very sound principal and remains so despite the fact that I have slavishly ignored it all my life. --Douglas Adams, "Salmon of Doubt"


I have never used a linux install to run anti-spyware software.  I have used live boot cd's suck at knoppix and puppy to do repair work to infected windows machines (data recovery drive recognition etc).

 I believe most anit-spyware apps have to be installed on the actualy OS they are scanning though.  Most of them scan registry enteries as well as actual files  And i can't say I've seen an option where you can tell it to scan a specified drive. (since you will be running from an external drive). I usually boot in safe mode to do something of this nature.  This way there are as few as possible processes running when I do the scan.  If you have any more questions get ahold of me sometime and I can elaborate a bit more.

President of CAOS
Software Engineer NASA Nspires/Roses Grant

Michael Kennedy

I'm very well versed in spyware and removal techniques, I just didn't know if any Linux software existed that would help in my quest to make my job easier.

FYI- I do have quite a bit of luck doing scans with Microsoft Defender/Adaware when plugging the infected machine's HDD up to my laptop via a USB-to-IDE/SATA connector.  It'll leave registry entries, but with no files I at least get a great jump on eradicating all the spyware with minimal effort.

I need to see if something like ClamAV picks up some spyware and if so, how much.
"If it ain't busted, don't fix it" is a very sound principal and remains so despite the fact that I have slavishly ignored it all my life. --Douglas Adams, "Salmon of Doubt"


As I see it, running Spybot S&D or Adaware through Wine is probably your best bet.  I doubt that there is any native Linux software.

One thing to consider:  going with a linux-based solution deprives you of the ability to scan the infected system's registry (which may or may not be a problem for you).  I believe, however, that something like Bart's PE environment has addons that allow you to work with the target installation's registry (but don't quote me).  

Do you have the software you need to mount NTFS?  If not, I'd go take a look at captive-ntfs ...

I hope I helped.  If not... I tried, heh.