Seeing the hard drive from live cd? - Debian

This is a discussion on Seeing the hard drive from live cd? - Debian ; Hi all, I just booted a Dell 9300 with Knoppix. I need to delete a file called c:\windows\system32\vtstq.dll on the system partition of the hard drive that has Windows XP Home on it. The /mnt directory has sda1 sda2 and ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Seeing the hard drive from live cd?

  1. Seeing the hard drive from live cd?

    Hi all,

    I just booted a Dell 9300 with Knoppix.
    I need to delete a file called c:\windows\system32\vtstq.dll
    on the system partition of the hard drive that has Windows
    XP Home on it. The /mnt directory has sda1 sda2 and sda3
    in it. I think there are 3 partitions on the drive and the one
    I want access to is the second one. I know I need the mount
    command but what would the rest of it be to get to and delete
    the vtstq.dll file that has a trojan attatched to it?

    thanks,
    charles.....



  2. Re: Seeing the hard drive from live cd?

    On Fri, 16 Dec 2005 03:24:45 +0000, ***** charles wrote:

    > Hi all,
    >
    > I just booted a Dell 9300 with Knoppix. I need to delete a file called
    > c:\windows\system32\vtstq.dll on the system partition of the hard drive
    > that has Windows XP Home on it. The /mnt directory has sda1 sda2 and
    > sda3 in it. I think there are 3 partitions on the drive and the one I
    > want access to is the second one. I know I need the mount command but
    > what would the rest of it be to get to and delete the vtstq.dll file
    > that has a trojan attatched to it?
    >
    > thanks,
    > charles.....


    The mount syntax is: "mount -t filesystem-type /dev/partition
    /mountpoint". If the filesystem is NTFS (and your kernel supports NTFS),
    you would type in "mount -t ntfs /dev/sda2 /mnt/sda2". For a FAT32 drive,
    replace "ntfs" with "vfat" to mount.

    Then just cd to /mnt/sda2/windows/system32, then "rm vtstq.dll" to delete
    the file.

    Be warned though, that manipulating files on NTFS with a non-Microsoft OS
    *can* wreak havoc on the filesystem. Use at your own risk.

  3. Re: Seeing the hard drive from live cd?

    "Renegade" wrote in message
    news:9fCof.33196$6e.19281@tornado.tampabay.rr.com. ..
    > On Fri, 16 Dec 2005 03:24:45 +0000, ***** charles wrote:
    >
    > > Hi all,
    > >
    > > I just booted a Dell 9300 with Knoppix. I need to delete a file called
    > > c:\windows\system32\vtstq.dll on the system partition of the hard drive
    > > that has Windows XP Home on it. The /mnt directory has sda1 sda2 and
    > > sda3 in it. I think there are 3 partitions on the drive and the one I
    > > want access to is the second one. I know I need the mount command but
    > > what would the rest of it be to get to and delete the vtstq.dll file
    > > that has a trojan attatched to it?
    > >
    > > thanks,
    > > charles.....

    >
    > The mount syntax is: "mount -t filesystem-type /dev/partition
    > /mountpoint". If the filesystem is NTFS (and your kernel supports NTFS),
    > you would type in "mount -t ntfs /dev/sda2 /mnt/sda2". For a FAT32 drive,
    > replace "ntfs" with "vfat" to mount.
    >
    > Then just cd to /mnt/sda2/windows/system32, then "rm vtstq.dll" to delete
    > the file.
    >
    > Be warned though, that manipulating files on NTFS with a non-Microsoft OS
    > *can* wreak havoc on the filesystem. Use at your own risk.


    Tried your instructions. It mounted the filesystem as "read only" so
    couldn't
    delete the file. Am looking into how to get around this problem. Tried the
    -w option, didn't work, tried chmod 777 all up to mnt, didn't work.
    root is owner of everything but -r-------- comes up as file attributes.
    can't change, I am logged in as root, gave up.

    At this point, the linux manipulation is an academic exercise since the
    machine
    is so compromised, I will just wipe the drive and reload from scratch.

    For the future, if you have an idea, please respond, I will check back
    later
    in case I have to deal with this in the future.

    thanks,
    charles.....



  4. Re: Seeing the hard drive from live cd?

    On Fri, 16 Dec 2005 23:07:29 +0000, ***** charles wrote:

    > Tried your instructions. It mounted the filesystem as "read only" so
    > couldn't
    > delete the file. Am looking into how to get around this problem. Tried
    > the -w option, didn't work, tried chmod 777 all up to mnt, didn't work.
    > root is owner of everything but -r-------- comes up as file attributes.
    > can't change, I am logged in as root, gave up.


    Oops, I forgot about that little gotcha. I haven't used Knoppix for a
    while. Knoppix mounts as read-only the first time. The way around that is
    to remount. Then it gives write permissions.


+ Reply to Thread