Restore all Windows files quarantined using Debian clamtk
Posted: 2019-06-12 17:39
I am not proud of this story because, as a dedicated free software guy I'm not at all comfortable about restoring anyone's broken proprietary system. Anyway, here goes: I don't know if this will be of interest to anyone who used clamtk and dual boots Debian and some version of Windows but I recently agreed to try and fix a non-functioning Windows 7 system on a Toshiba laptop, which has long dual-booted the Microsoft OS and Debian 8. I would've gladly installed Debian to the whole disk but its owner needs some Windows program for work which isn't available in Debian. While Debian's always worked like the first day, the stuff on the Windows side got worse and worse. It was obvious that, even though the system still booted, it was riddled with malware so I thought I'd have a go at removing them from the Debian partition with ClamTk, described as "a graphical front-end for Clam Antivirus. It is designed to be an easy-to-use, lightweight, on-demand antivirus scanner for Linux systems." Easy-to-use? Well, not exactly in this case.
After hours of scanning the partition it informed that there were "498 threats" so I started to eliminate them. I deleted several but then I thought better of it and continued to laboriously "quarantine" them, one-by-one, so as to be able to restore, if necessary, the files.
I at least took the precaution of copying all the owner's files before doing the above. I must admit I didn't have a clue what files I was deleting because I know very little about Windows, something I suspect I have in common with most Windows users.
Windows did not boot and entering the recovery modes just led to endless waiting --which went on for hours--for something to happen.
Solutions?
I tried getting a downloaded replacement from the Windows site but, because it was a pre-installed OEM version, it was not available so you had to contact the manufacturer.
I concluded that my best bet was to try and restore all the quarantined files and then simply use the option to reinstall the entire system with the factory defaults from the recovery partition. So I started to copy some of the files back which I quickly decided was too time-consuming. And what if some of the files I'd unthinkingly eliminated were essential? Well, I started searching for a way to restore all the files and came across this HOWTO from March 2014: /clamtk/+question/245615. I modified the bash script as required for the user, executed it and in seconds the Windows system was back to its previous state barring the few files I had removed.
After that, I kept my finger crossed, rebooted and it worked except the system whined about a few missing "dll files" but I was able to enter the Windows recovery utility which reinstalled the whole system lock, stock and barrel. Problem solved. Something I might mention is that reinstalling Windows did not affect the Debian partition or grub menu, which I had expected.
On the reinstalled system I installed a gpl'd antivirus program called clamwin to give some protection as a substitute for the pre-installed out-of-date program which required payment for updates.
On reflection and mindful of the saying that "the cobbler should stick to his last" I think I'll steer clear of such tasks in the future but it's not so easy sometimes to refuse help to close friends or relatives.
Thank you for reading.
After hours of scanning the partition it informed that there were "498 threats" so I started to eliminate them. I deleted several but then I thought better of it and continued to laboriously "quarantine" them, one-by-one, so as to be able to restore, if necessary, the files.
I at least took the precaution of copying all the owner's files before doing the above. I must admit I didn't have a clue what files I was deleting because I know very little about Windows, something I suspect I have in common with most Windows users.
Windows did not boot and entering the recovery modes just led to endless waiting --which went on for hours--for something to happen.
Solutions?
I tried getting a downloaded replacement from the Windows site but, because it was a pre-installed OEM version, it was not available so you had to contact the manufacturer.
I concluded that my best bet was to try and restore all the quarantined files and then simply use the option to reinstall the entire system with the factory defaults from the recovery partition. So I started to copy some of the files back which I quickly decided was too time-consuming. And what if some of the files I'd unthinkingly eliminated were essential? Well, I started searching for a way to restore all the files and came across this HOWTO from March 2014: /clamtk/+question/245615. I modified the bash script as required for the user, executed it and in seconds the Windows system was back to its previous state barring the few files I had removed.
After that, I kept my finger crossed, rebooted and it worked except the system whined about a few missing "dll files" but I was able to enter the Windows recovery utility which reinstalled the whole system lock, stock and barrel. Problem solved. Something I might mention is that reinstalling Windows did not affect the Debian partition or grub menu, which I had expected.
On the reinstalled system I installed a gpl'd antivirus program called clamwin to give some protection as a substitute for the pre-installed out-of-date program which required payment for updates.
On reflection and mindful of the saying that "the cobbler should stick to his last" I think I'll steer clear of such tasks in the future but it's not so easy sometimes to refuse help to close friends or relatives.
Thank you for reading.