Knoppix
Knoppix is an operating system which boots from a CD or DVD without changing the contents of the hard disk. For that reason, it is of particular interest to Microsoft Windows users whose system won't boot or is so slimed with Malware that it is unusable.
In the first case, a Windows computer with a corrupted operating system, Knoppix will configure Ethernet (and USB ports) and your hard disk. Then you can move your precious data files that you should have backed up but didn't to an external device (like an external hard disk or memory stick).
In the second case, a slimed computer, you can mount the Windows partition and then change its status to read/write. Now you can delete those pesky Trojans and virii that your anti virus and spy ware programs could detect but Windows would not let you delete them (you did write down the paths - didn't you).
Knoppix contains an anti virus program - clamav - but it is slow and clunky. Fortunately you can download a copy of f-prot and remove all those pests which lie sleeping in your quiescent hard disk. You can do that by opening "konsole" (the little TV like icon at the bottom of your Knoppix screen) and entering the following commands.
Knoppix is an operating system which boots from a CD or DVD without changing the contents of the hard disk. For that reason, it is of particular interest to Microsoft Windows users whose sytem won't boot or is so slimed with malware that it is unusable.
In the first case, a Windows computer with a corrupted operating system, Knoppix will configure Ethernet (and USB ports) and your hard disk. Then you can move your precious data files that you should have backed up but didn't to an external device (like an external hard disk or memory stick).
In the second case, a slimed computer, you can mount the Windows partition and then change its status to read/write. Now you can delete those pesky trojans and virii that your anti virus and spy ware programs could detect but Windows would not let you delete them (you did write down the paths - didn't you).
Knoppix contains an antivirus program - clamav - but it slow and clunky. Fortunately you can download a copy of f-prot and remove all those pests which lie sleeping in your quiescent hard disk. You can do that by opening "konsole" (the little TV like icon at the bottom of your Knoppix screen) and entering the following commands.
wget http://files.f-prot.com/files/linux-x86/fp-Linux-i686-ws.tar.gz
tar xzvf fp-Linux-i686-ws.tar.gz
cd f-prot/
sudo ./install-f-prot.pl
sudo fpscan /media/hda1 | tee fprot.log
The first line downloads the f-prot installer as an archive (like a zip file). The next extracts the contents to the directory f-prot. The fourth line installs the package on the Knoppix ram disk and the last line does a scan on the first partition of the first hard drive on the primary IDE controller. If you have a newer machine, that might be sda1 and if you have a computer with a rescue partition it might be hda2 or if you have one with the hard disk drive connected to the secondary controller hdc1. Poke around the desktop and you will figure out where your windows partition is located. A scan on a normal machine will take an hour or two.
There is good reason to challenge the presence of any recent executable file. Common Windows executable files modified in the last 7 days can be found from the "konsole" in Knoppix by the following:
find /media/hda1 -name '*.exe -mtime -7
find /media/hda1 -name '*.dll" -mtime -7
Of course, this task is easier if you do the scan from Knoppix before installing a bunch of software in Windows to track down the culprits. Deleting them now with the file browser (click on the hard disk icon) may reduce the chance of having to repeat the operation later. Recovering from the deletion of a recent executable is usually a simple matter of reinstalling the desired program. Of course that may be a Trojan in itself. I've often though it would be clver for a Trojan writer to simply reinfect the system when an uninstall program is run. This procedure should be the first resort; not after a number of attempts to get Windows to do the job.
When finished. shutdown knoppix from the icon on the lower left, remove the CD and boot back into Windows. See the article Antivirus under Software/Windows for advice on continuing the cleanup..
The Knoppix CD is a 700MB download, a daunting task on a dialup connection. Connection challenged people in our neighborhood can stop by the office to pick up a freshly burned copy.
Hats off to Klaus Knopper.
