Advice: Virus on Win2k

Leo J Mauler webgiant at juno.com
Thu Mar 11 14:20:40 CST 2004 

On Wed, 10 Mar 2004 06:50:54 -0600 Greg Kedrovsky
<greg at iglesia-del-este.com> writes:
> I have a machine on my LAN that must have
> gotten infected by a virus. My wife opened an
> e-mail yesterday that looked like it was addressed
> from me. As soon as she did, the machine locked
> up. She pulled the plug and cut the power to shut it
> down, then booted again. It boots into the pale blue
> Win2k screen and stops. The hdd light flickers. I'm
> thinkin the thing is hosed nicely.
>
> It's Win2k Pro on a Dell Latitude CPx notebook.
>
> I would like to get as much stuff off the hdd as possible,
> or even clean it up, rather than reformatting. There are
> documents, address book, etc. on there that I'd like to
> save. No, no current back up exists.
>
> I've tried booting from my install disk and doing repairs.
> Nothing works. I slept on it last night, and this morning
> I had a thought: Knoppix. I have never used Knoppix
> before, so I would a bit of a learning curve to climb. But,
> would I be able to boot Knoppix (BIOS allows CDROM
> booting), mount the hdd and transfer any and all info
> I want to my server via a pcmcia lan card?

Yes you can.  Linux supports NTFS enough to read NTFS volumes (writing is
another matter, but you don't need to write to a NTFS volume).

The Linux NTFS project states that the only distro which doesn't come
with NTFS support preinstalled is RedHat.  KNOPPIX is made with Debian so
you should be all right.

First open a root shell.  This is an option on the menu, System I think.
Within the root shell you have all the powers of the su command.

Use the dmesg command to find out the drives on the laptop and which
drives need to be mounted to back them up.

Mount it like any other partition: boot KNOPPIX, (there's an icon in the
menu), make a directory in /mnt, such as /mnt/windows, and mount it like
this:

mount /dev/hda1 /mnt/windows -t ntfs -r

Use vfat in place of ntfs for any FAT32 partitions.

Then copy files off the partitions and copy them over the network to your
server.

More information about the Kclug mailing list