Knoppix

From Admin-SIG

Knoppix is a LINUX distro that can boot off the CD-ROM. It has been used for things like an Internet Kiosk, and a recovery disk.

I think I used it once to monkey with the registry on a Windoze box once, and cleared a forgotten admin password.

I hope people can add other uses.

[edit]

Windows System Recovery

My step daughter lost use of her machine from Trojans and Viruses. Unbootable.

I was able to boot it up in Knoppix, use pump to get it set up for my LAN, then use mount to mount an NFS share on my server, and back up the data files.

Now that we have little to loose, I did an apt-get update then apt-get install f-prot-installer.

I then ran this to download and install from the internet. I think it got a recent viris and trojan database (i hope).

Interesting options for virus removal look like: 

-ai   neural-net virus detect
-archive=2  dig two-levels deep into archive files
-auto   automatic virus removal
-delete  delete infected files
-disinf  disinfect whenever possible
-packed unpack comressed executables
-rename rename infected com/exe to vom/vxe
-removenew  Remove new variants of macro viruses by
               removing all macros from infected documents.
-saferemove Remove all macros from documents, if a known
               virus is found.

I'm running f-prot -ai -archive=2 -auto -delete -disinf -packed -removenew -saferemove /c as I type this, with /c the mount point for the Windows C: drive. It cannot delete file. Looks like the stock Knoppix 2.6 kernel does not have ntfs write support! Guess I'll need to just make a log, then try to remove things later after I boot from a Windows rescue disk...

f-prot -ai -archive=2 -packed /c

[edit]

Writing to NTFS

Hopefully somebody may come around later with recommendations for a Windows rescue disk which can mount NTFS RW and I can nuke suspect files... before attempting a re-install, without removing existing data. I only want to wipe the disk and start over as a last resort.

---

I tried Damn Small Linux, and had similar problems trying to mount /c as rw. No luck.

My recent copy of KNOPPIX does not seem to have the captive-install tools. I see them on the WWW, but don't see them on my KNOPPIX 4.0.2 anywhere. Still can't figure out how to mount NTFS rw.

Any suggestions for Windows based recovery tools that might allow me to mount the old disk?

BartPE, a windows-based bootable recovery disk seemed to work to allow me to delete suspect files. It does seem to be a fairly useful tool to have around. I could have used it to share the disk for backup using samba, instead of having the broken machine mount the server for backup

Retrieved from "http://www.nmosug.org/admin-wiki/index.php/Knoppix"