How-To Geek

Scan a Windows PC for Viruses from a Ubuntu Live CD

Note: This article is part of our archive and is likely out of date.
(Links may not work, downloads have not been recently tested for safety)

Getting a virus is bad. Getting a virus that causes your computer to crash when you reboot is even worse. We’ll show you how to clean viruses from your computer even if you can’t boot into Windows by using a virus scanner in a Ubuntu Live CD.

There are a number of virus scanners available for Ubuntu, but we’ve found that avast! is the best choice, with great detection rates and usability.


This article was written a while ago, and almost all of the anti-virus applications for Linux aren’t supported anymore. Here are the ones that still work:

You should be able to install Clam from the Ubuntu application center.

The better solution, however, is to use the BitDefender Rescue CD to scan your PC.


Read Below For Archive Purposes Only

Unfortunately, avast! does not have a proper 64-bit version, and forcing the install does not work properly. If you want to use avast! to scan for viruses, then ensure that you have a 32-bit Ubuntu Live CD.

If you currently have a 64-bit Ubuntu Live CD on a bootable flash drive, it does not take long to wipe your flash drive and go through our guide again and select normal (32-bit) Ubuntu 9.10 instead of the x64 edition. For the purposes of fixing your Windows installation, the 64-bit Live CD will not provide any benefits.

Once Ubuntu 9.10 boots up, open up Firefox by clicking on its icon in the top panel.



Click on the Download tab, and then click on the link to download the DEB package.


Save it to the default location.


While avast! is downloading, click on the link to the registration form on the download page. Fill in the registration form if you do not already have a trial license for avast!.


By the time you’ve filled out the registration form, avast! will hopefully be finished downloading.

Open a terminal window by clicking on Applications in the top-left corner of the screen, then expanding the Accessories menu and clicking on Terminal.


In the terminal window, type in the following commands, pressing enter after each line.

cd Downloads
sudo dpkg –i avast*


This will install avast! on the live Ubuntu environment.

To ensure that you can use the latest virus database, while still in the terminal window, type in the following command:

sudo sysctl –w kernel.shmmax=128000000


Now we’re ready to open avast!. Click on Applications on the top-left corner of the screen, expand the Accessories folder, and click on the new avast! Antivirus item.


You will first be greeted with a window that asks for your license key. Hopefully you’ve received it in your email by now; open the email that avast! sends you, copy the license key, and paste it in the Registration window.


avast! Antivirus will open. You’ll notice that the virus database is outdated.


Click on the Update database button and avast! will start downloading the latest virus database.


To scan your Windows hard drive, you will need to “mount” it. While the virus database is downloading, click on Places on the top-left of your screen, and click on your Windows hard drive, if you can tell which one it is by its size.


If you can’t tell which is the correct hard drive, then click on Computer and check out each hard drive until you find the right one. When you find it, make a note of the drive’s label, which appears in the menu bar of the file browser.


Also note that your hard drive will now appear on your desktop.


By now, your virus database should be updated. At the time this article was written, the most recent version was 100404-0.


In the main avast! window, click on the radio button next to Selected folders and then click on the “+” button to the right of the list box. It will open up a dialog box to browse to a location.


To find your Windows hard drive, click on the “>” next to the computer icon. In the expanded list, find the folder labelled “media” and click on the “>” next to it to expand it. In this list, you should be able to find the label that corresponds to your Windows hard drive.


If you want to scan a certain folder, then you can go further into this hierarchy and select that folder. However, we will scan the entire hard drive, so we’ll just press OK.


Click on Start scan and avast! will start scanning your hard drive.


If a virus is found, you’ll be prompted to select an action. If you know that the file is a virus, then you can Delete it, but there is the possibility of false positives, so you can also choose Move to chest to quarantine it.


When avast! is done scanning, it will summarize what it found on your hard drive. You can take different actions on those files at this time by right-clicking on them and selecting the appropriate action. When you’re done, click Close.


Your Windows PC is now free of viruses, in the eyes of avast!. Reboot your computer and with any luck it will now boot up!


Running avast! from a Ubuntu Live CD can clean the vast majority of viruses from your Windows PC. This is another reason to always have a Ubuntu Live CD ready just in case something happens to your Windows installation!

Trevor is our resident Linux geek, but always keeps his eyes open for neat Windows tricks too.

  • Published 04/6/10

Comments (60)

  1. Ronny

    “a” Ubuntu?

    Is this the Ghetto Geek?

  2. Steve O

    HAHA its sad that Linux has to be used to rescue windows. I find it insulting

  3. whiplash55

    Great tip, I use the Kaspersky Rescue Disc, which is also a Linux build.

  4. markus

    even if i’m great fan of ubuntu, but there are some rescue discs from major AV company available, which i prefer. or the use of XP PE, with some up-to-date removal tools on an USB-Stick.
    i love really the howtogeek site, but is it really necessary to post that much screenshots? i mean, how to launch firefox, visit a website, download something and to start the shell?
    what’s next? some photos showing how to press the power button on the computer case, and how to insert the CD?

    markus ;-)

  5. Sherm

    Great tutorial. And it shows how easy it is to use Ubuntu. I thought the screenshots were a great plus for a newbie. I found that my eyes were able to edit them out because I use Ubuntu regularly, but I see where they could bother people without that talent.

  6. Trevor Bekolay


    I agree that there are a lot of screenshots, but understand that this article is aimed at Windows users who are using Linux for, possibly, the first time. The screenshot that you can easily pass over without a second thought may be indispensable to someone who is struggling to find their footing in this new and unfamiliar environment.

  7. Ivan Kolevski

    This is a very good tutorial, but come on, there is about 10 different websites that suggest to do exactly the same or similar thing. If you dual boot this is OK, you can choose so many AV for linux that are able to scan and remove windows viruses and malware, but these days almost every single AV company has bootable AV rescue CD that works a lot faster and better than Ubuntu. We all understand that Ubuntu has made linux to be more more popular desktop OS, but not everything evolves around ubuntu.

    Just to mention some, Kaspersky, Avira, Avast, even AVG, BitDefender, Norton and more “live” rescue AV cd’s. To sumit up, I totally agree with Marcus.

  8. Ivan Kolevski

    One more thing, the statement “This is another reason to always have a Ubuntu Live CD ready just in case something happens to your Windows installation!” is completely out of line !!! Why ?
    As a How-To-Geek writer Trevor you should know that most of your readers will appreciate unbiased tips and tricks or suggestions. Don;t get me wrong, I do use Linux Mint and OS X and Win 7 on a daily basis, but I’m not “*nixgeek” of “apple fanboy” or “diehard micro$soft dude” If fact, in regards to your “conclusion” you can always use WinPE “liveCD” to fix ANY windows installation MUCH better than with ANY linux CD. Same applies with OS X, even easier…..

    Ivan K.

  9. calebstein

    Too bad avast is proprietary, closed source software :(

    To install clamav in FreeBSD, just type “sudo pkg_add -r clamav” (without the quotes).

  10. Trevor Bekolay

    @Ivan Kolevski

    Thanks for the list of rescue CDs; hopefully someone finds them useful. For just virus cleaning, then you’re right, those rescue CDs may be better and easier to use.

    However, this article is one of several that offer various ways that a Ubuntu Live CD can save you if you run into problems with a Windows installation. If you get a bad virus, yes, it would be great to have one of these rescue CDs available. But what we’re hoping to get across in these articles is that a Ubuntu Live CD (or flash drive) is a versatile tool to have around just in case one of a number of things goes wrong with your Windows installation (not necessarily a virus). Burning the Ubuntu Live CD or preparing a flash drive is not a huge hassle, and can really save your hide if a lot of things go wrong; preparing a different “optimal” solution for each problem would take much more effort.

    My statement in the conclusion is a reference to the previous articles that show how to solve various problems with the Ubuntu Live CD. Unfortunately, I don’t have any experience using WinPE to fix Windows installations, so I will admit my ignorance in that respect. I actually wasn’t even aware of its existence, so thanks for that — I will take a look at it and see what it can do, and write about it if I think it’s useful.

    The choice of using a Ubuntu Live CD over a different Linux distribution is a more arbitrary one, because pretty much all Linux/Unix/BSD variants can do the things that I describe in these articles (with varying levels of user-friendliness). However, the choice of Ubuntu is not without reason: Ubuntu is easy to use and sufficiently familiar for a Windows user.

    I’m not personally biased towards an operating system either; I use Ubuntu and Windows 7 in equal proportion, and favour each for different things. These articles are designed to help in case a user has problems with Windows, and Ubuntu just happens to be the environment that I am comfortable enough in to provide adequate assistance. Of course, if someone find Ubuntu to be palatable and switches to it permanently, I don’t think it’s a bad thing!

    In any case, thanks for reading and for your comments. I hope this sheds a bit of light on the motivation behind this and other similar articles.

  11. PC-Pete

    Nice idea.
    Your presupposition is that the Linux version of Avast is at least as capable of detecting and removing Windows malware as is the Windows version. Is this true?

  12. calebstein

    @Trevor Bekolay: You know, you write so many articles about using the Ubuntu live cd to fix Windows, that you should write, or link to the article on how to easily dual boot Windows and Linux, and tell the readers that their changes won’t be lost when they restart the computer, so it would save them the trouble of having to install all the programs all over again every time Windows crashes.

  13. Trevor Bekolay


    I didn’t claim that the Linux version of Avast is on even keel with the Windows version. The version numbers are certainly different, with Windows being on version 5.x and Linux being on version 4.x, though I’m not sure if they have separate virus databases or not.

    I haven’t done extensive testing myself — were I able to do such testing I might look for work with a security firm — but I can say that according the secondary research I did for this article, the Linux version of Avast performs favourably to other Linux virus scanners, like the open source ClamAV.


    That’s certainly a good idea; from what I’ve seen, it’s also possible to permanently install programs to the flash drive, which might be a less intrusive way to have these packages persist without having to clear space for a Linux partition.

  14. calebstein

    @Trevor Bekolay: Thanks for taking my idea into consideration. I’d like to see an article on permanently installing programs to a live cd or live flash drive. I would like to know how it would work.

  15. calebstein

    @Everyone who uses BSD ;) : To install and use ClamAV on FreeBSD, type “sudo pkg_add -r clamav” (without quotes), then “sudo freshclam” (without quotes), then “sudo clamscan -r /” (without quotes) to run a full scan. The first command only needs to be run once. And “freshclam” updates ClamAV, so it should be run before “clamscan”.
    Note that this will only scan your FreeBSD partition, and to scan Windows, I believe you would type “sudo clamscan /dev/ntfs/[windows partition name]” (without the quotes, and substituting “[windows partition name]” with the name of your Windows partition, though I haven’t tested that).
    Also note that you need to have sudo installed. If it is not installed, type “pkg_add -r sudo” (without quotes, and you must run it as root).

  16. Star River

    I cannot understand this step:sudo sysctl –w kernel.shmmax=128000000
    Anyone can tell me?

  17. Trevor Bekolay

    @Star River

    That line is necessary for avast! to run properly. If you don’t enter that into a terminal window, then avast! won’t run.

    See more details on the problem here.

  18. Binaryboy

    Great tutotial. I used it to save my windows 7 (bootcamp) partition in my mac notebook. Thanks for these great screen shots!!!! Kudos!!!!!

  19. arakelov

    That was great, Trevor, and very useful for me (specially the screenshots! xD)

  20. arakelov

    Just one comment (and sorry for the double-post): I’ve just tested the method with old Ubuntu 8.10 for x86 and with the new Ubuntu 10.04 LTS for x86 (both Desktop and Notebook Editions).

    Ubuntu 8.10: works fine
    Ubuntu 10.04: both versions fail at the end of the scan, with a blank results window, that hungs when trying to close it. Surely, avast! for linux is not yet fully compatible with 10.04


  21. Trevor Bekolay


    No worries about the double post! Thanks for letting us know that it doesn’t seem to be working with 10.04; hopefully they’ll update soon!

  22. zackattack

    Why all the hateing on this artical? I think it was greatly helpfull and the screen shots make it alot easier for us NON-GEEKS to understand. Trevor did a fantastic job and gave out a great tute.. Its so sad that people who are “in the know” would rather complain about an artical that is so obviously designed to help those who do not know, than actually try and help out. I mean, if this artical doesnt fit your ideas of Virus cleaning with Ubuntu, then either dont read it or at least keep your know-it-all-negativity to yourselves.

    Sorry Trv..I HAD to..

  23. arakelov

    Hi again!

    Sorry I was wrong in my previous post… Also with 10.04 works FINE. The problem was that I was doing a Quick scan (not the Standard one), and when you do so, at the end of the scan a window shows all the files that have not been scanned due to the configuration, that is, all the files with “non dangerous” extensions, which can be a bunch of thousands if you a performing a full scan :p
    So, it was not hunging at the end: it was consuming 100% CPU to show that looong list of unscanned files into that window (issuing a “top” on a terminal shows an “avastgui” process consuming almost all the CPU).

    In short: performing the Standard scan, all the tested Ubuntu versions seem to work OK ;)


  24. Trevor Bekolay


    Very cool! Plus I won’t have to edit the article ;)

  25. Trevor Bekolay


    Thanks, bro. Can I call you bro? Well, I just did.

    Even if they complain that means they read it — or at least skimmed it — so it doesn’t bother me. Indeed, I’ve taken their comments into account in articles that are geared to a more experienced Linux user, but yeah, this article is definitely for the novice.

  26. robsablah

    will that scan the WIN user reg hives also? – this is where alot of viruses hide………..

  27. Ayo Fakunmoju

    Thanks for the length you went to make the features on the Ubuntu live cd clear. That was my first time of reading anything on Ubuntu as I have been particularly glued to windows for most of my computing life. The hate mails even made things a bit clearer as I now could understand better the controversies on the divide between Linux and Windows. From the discussions, it is now very clear to me that the world’s next computing habit will be portable applications, I am zeroing in on that. Mucho gracias, Bro!

  28. Kevin Kearns

    To install the programs permanently on a USB Livecd would the persistence option work with Universal USB installer?

  29. Steve

    Thanks for a great tutorial! Are there any nuances of which I need to watch for in terms of running a 32 bit version of the Live Ubuntu CD against the 64bit Win 7? I do have the drive imaged, so can recover if I trash it, but I’d rather avoid that particular PITA (long story). Thanks again!

  30. Trevor Bekolay


    There’s nothing to worry about for virus scanning — in fact, even if you’re running 64bit Win 7 I would recommend using a 32bit version of the Live CD. The files you store on a hard drive will be exactly the same whether you stored them in a 32 or 64 bit operating system.

  31. Dan

    I disagree with Ivan and Markus.
    This has been the most helpful, easy to follow tutorial that I’ve found that teaches me how to scan for viruses on my computer that Windows wont boot on.
    While I skipped over a few of the screenshots I can understand why they are all there: for people who know even less about Linux and technology in general than me. It would be more difficult to follow without the screenshots.

    Thanks for the great article Trevor. The only thing I’m upset about is how much crap I had to weed through before this tutorial!

  32. Trevor Bekolay

    @ Dan

    Thanks for the kind words Dan!

  33. Art

    Great tutorial! I followed it step by step and got XP up and running again. Thanks for the effort to put this together.

  34. Bob

    Alot of the links for AVs at the bottom of the article now 404. Can you please update them?

  35. Trevor Bekolay

    @ Bob

    Updated them, thanks for the heads up!

  36. Cam

    Great work! I already had my Ubuntu Live CD built and was specifically looking for instructions to do this very thing. Much appreciated … scanning now … we’ll see!

  37. klek


    I’ve set up an Ubuntu Live installation on a flash drive, and installed Avast per instructions. And everything worked.

    Now, weeks later, I need to use it again, and I cannot get the virus database to update.
    I’ve attempted just a regularly Update Database, and also followed the instructions from step “sudo dpkg -i avast*”… but received the same result when updating the Virus DB: “Failed writing body”.

    Any hints you can offer? Do I need to download Avast from scratch again?
    Many thanks.

  38. Johnno

    Can you please date these articles? A great article and other articles are of a great standard as well.
    If someone was to turn of the ability to turn of graphics, they wouldnt have to complain, but I reckon theyre great. He’s not copying your articles is he, and computer illiterate?

  39. Brian

    I’ll never understand why people take the time to b*#ch about anything free! If you’re paying for it, then complain away. Otherwise, SHUT UP, please!

  40. FeaolPlay


    Regarding the WinPE research you were going to embark upon. Any updates on this? I’ve been using WinPE since it first came to light as a recovery environment way back when, and has NEVER failed me once. Quite a pretentious claim, but true nonetheless.

    The main benefits of a PE environment is the ability to use the vast majority of stand alone apps already available for Windows systems, simpleness of updating installed plus adding new apps and widespread compatibility.

    All I can say is once you have a working PE with everything you need, you will wonder how you got through without it (that is if you’re an experienced Windows user with previous but now resolved hardware/software problems).

    Good luck with your endeavor :)

  41. AppleBlows

    The instructions above dont work. Ubuntu cant find the downloads directory. WTF?



  43. shuggy hughes

    Brilliant bit of info. Scanned with avast and it found loads of viruses. Unfortunately, when I tried to boot back into Windows xp, it won’t boot – last known config, safemode, nada… any advice would be appreciated as it’s small radio station computer and if I have to reformat – i’ll lose tonnes of stuff. I can boot into ubuntu to back up the files – but the set up for the radio takes HOURS…HELP!!!

  44. mcwbr

    Excuse me, but aren’t viruses specific to the OS? Would the virus database for a Linux virus scanner include Windows viruses? If both Windows and Linux viruses are in the same database, wouldn’t that increase the possibility for false positives? If they are in separate databases, don’t you have to make sure to install the one for Windows? Or, perhaps the AV is smart enough to recognize an NTSF partition and change its scan accordingly.

    What about the registry? Some viruses will reinfect the moment you reboot if you don’t clean the registry, the startup menu–and the other 400 ways Windows starts a program at bootup.

    This article doesn’t address these questions, but presumes the reader already knows what it proposes to teach.

  45. Trevor Bekolay


    You raise some interesting and important questions that, yes, could have been made more clear in the article.

    Virus scanners typically use hash codes to check for viruses. What that means is, any piece of data, or arbitrary length, can be represented by a number, perhaps 64-bits long, or even longer. Whenever a new virus is created — whether it be for Windows or for Linux — the hash code is calculated, and that code is added to the database. There’s no particular reason to keep the databases separate, and from what I know of these scanners, they do not keep them separate.

    Does this increase the possibility of false positives? It does, yes, but consider that there are a total of 2^64-1 possible hash codes if the hash is 64-bits long. That’s around 1.8 x 10^19 — something like a million trillion possible hash codes. So the possibility of false positives is still quite low.

    Now, this is a gross oversimplification of what virus scanners do; scanning through hash codes is only one method, and most scanners use a combination of methods. However, in almost all cases, they look at pieces of data agnostic of the underlying operating system. It’s just a sequence of 1s and 0s that the virus scanner recognizes as being malicious to some type of computer.

    I’m not sure about the registry.

  46. Jess

    Any suggestions on what to do if my computer screen keeps freezing up during this process? First it froze during the scan and now if freezes sooner during the download. Any suggestions?

  47. Dave M

    Comment to Jess: if you freeze on scan and also on download I’d suspect the hardware or a virus on the machine. You’re running two different processes. Can you run a few other applications under the Live CD? If other apps freeze you have problems outside this process.

    Relative to the issue of a Linux virus scanner cleaning up the Windows directory – just an educated speculation on my part. The Windows registry does not include any “executable code”. Rather it references files on the hard drive. So a virus will place links in the registry to launch executable programs when you boot. So running Avast or any other will not remove the registry references. However the target code those registry entries are trying to launch will hopefully all be removed by an effective virus scanner with the most up to date virus definitions. It does not harm the registry to have these dangling references. But what I would strongly suggest is running a Windows native virus scanner once you get the windows environment booted after the Linux Live CD scan. Second clean up step would be to run a registry cleaner that removes those broken references to non-existent virus files your scanner has removed. There’s several of these available as freeware, Eusing has worked consistently for me.

  48. Dave M

    Opps – first sentence in second paragraph I meant to say “…cleaning up the Windows REGISTRY”. Senior moment.

  49. Willie A.

    This is a great website to learn new stuff. I don’t worry about my personal computer getting hosed up because I exclusively run Ubuntu 10.10 on my machine (I have run Linux for over a year and a half). But at work this helps make my job a lot easier fixing my coworkers Windows laptops. Right now I’m sitting at my desk with the CEO’s laptop which has a boatload of crap on it I’m fixing. One in particular is redirecting all search engines to fake sites. I love my job in IT :)

  50. Terry Noble

    Great article … thanks for publishing it … I have been looking for something like this for a long while … I have gotten this to work on XP machines but can’t seem to get it to boot on computers running Win 7 … I am supposing that the boot method 7 uses being different than XP is the problem but I don’t know that much about it so decided I would ask you if you had a similar problem. I am trying to rescue a brand new HP TouchSmart computer that has been infected with a rootkit I think. I tried my usb linux live I created using these instructions and it acted as though it booted but all I got on the screen was different color blank screens but I heard it play the start up sounds. So I tried it on another Win 7 machine and couldn’t get to do anything but show a boot error message with no error #. I certainly hope you are still monitoring this page and could help me figure out what I may be doing wrong. Thanks again for the good work you are doing here.

  51. @andresH

    Excellent post man!! it was really useful, I still wonder my self if it use the same database as the windows version…. I have just installed then I’ll let you know… I’m using Ubuntu 10.10 and it works fine. Regards from Colombia

  52. regedit

    You’ve got great insights about cclean, keep up the good work!

  53. Mel

    Thanks for the great tutorial– I’m completely technically challenged, so bear with me.

    Question : Is it necessary to actually install Ubuntu on my computer because Ive just been running it through my flash drive. I’m asking this because for some reason I cannot access the internet to download Avast! and have found that the only way to do so would be by downloading wireless drivers that require rebooting to activate. But rebooting means all downloads are lost since I am using just a flash drive. Anyway around this? I don’t want to install if I don’t have to.

  54. ea

    that way didnt work for me. i just installed the package then later i extraced it and went in to: avast4workstation/data.tar.gz/./usr/lib/avast4workstation/share/avast/desktop/ and copied all the files to the desktop much easier!
    thanks anyway

  55. ea

    oh yeah it downloaded avast to my desktop so i typed in cd desktop

  56. Padraic McGrath

    Waiting on the license key from Avast to arrive… don’t get your hopes up that it will get there soon. If your in a hurry to get rid of viruses this might not be the way for you! I have a windows laptop that needs a scan, I cannot boot it into safe mode or start the machine properly. AVG Rescue disk found 4 viruses but the machine still will not boot properly, forget Kaspersky or Avira rescue disks… they are pants. BitDefender works well so does AVG.

  57. Anonymous

    All I get with sudo sysctl –w kernel.shmmax=128000000 is an error that -w is an unknown key.

  58. progressix

    You saved the day, my friend. Thank you.

  59. Timothy Rayner

    Yes Ronny, “a Ubuntu”.

    The golden rule of being a Grammar-Nazi is to make absolutely sure you have your facts straight before criticising. Whether you use ‘a’ or ‘an’ is determined not by whether a word STARTS with a vowel or a consonant but by whether it starts with the SOUND of a vowel or consonant. Which is why historically people used to write “an historic occasion” because the word historic used to have a silent ‘h’. Similarly many words beginning with ‘U’ actually start with a y-consonant sound (University is pronounced – Youniversity, for example). It’s claimed that the correct pronunciation is actually oo-boon-too (on the forum I read anyway) but all links back to the ubuntu webpage on this subject seem to lead to 404 pages. As ‘You-boon-too’ is also a common pronunciation then, if that’s the pronunciation he (she? what’s with the article writer not giving their name?) heard, then ‘a Ubuntu’ is perfectly acceptable.

  60. Ash

    Excellent reply Timothy!!

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!