Virus: need help

[Arpan]

above command resulted like this....

root@ubuntu:~# sudo mount /dev/sda1 /media/disk -t ntfs -o nls=utf8,umask=0222
mount: /dev/sda1 already mounted or /media/disk busy
mount: according to mtab, /dev/sda1 is already mounted on /media/disk
root@ubuntu:~#

I meant even after hitting enter or clicking open after doing right click on that drive, it does not display the contents of that drive.

[Arpan]

There is no icon available on the desktop for any of the hard disk drives.

[guestolo]

Close down all open windows

The go to PLACES>>COMPUTER
Can you see the drive you want to access?
Try opening them through there

[Arpan]

Till now I was opening it from places->computer itself but it was not doign any actions.Now after closing down all windows when i tried to double click on the drive through places->computer, it is giving error stating...


The folder contents could not be displayed.

You do not have the permissions necessary to view the contents of "disk".

[guestolo]

How many disks do you have related to XP in Computer
You can only open the one we mounted

Do you see the ones related to your C: and D: drive?

Edit>>Arpan, I see your veering off and reading another topic right now, I'm not going to be online much longer tonight, so stay with me

Edit again, I'm probably checking out fairly quick for the night, in the meantime
Why don't you try knoppix instead
If you have your own burning software that will burn ISO (Image files), you won't need burnatonce

Here's a copy/paste of instructions I posted earlier
download and install
[color=\"#0000ff\"]burnatonce 0.99.5[/color]
Onto a working computer

I'm assuming you have high speed internet, you'll need it
Go to the following link
http://www.knopper.net/knoppix/index-en.html

At the link, you can read the info about knoppix if you want
Click on the DOWNLOAD button
Next page you will want to choose a mirror to download from
Just because a location may be closer to you, it may not always be the fastest connection
I find that the download location from
ftp.kernel.org   [rsync]   [ftp]   [http]   Kernel.Org (California, USA)
is very good speeds if your in North America

You can select it by Clicking  on ftp as eg..
At the new page click on ACCEPT
This will bring you to an Index of what you can download
Scroll down to KNOPPIX_V5.1.1CD-2007-01-04-EN.iso>>713064 KB and click on it
Choose SAVE TO DISK and OK
Select the location to download, such as desktop

After download is complete you will want to burn the ISO as is

Fire up Burnatonce, put a blank CD into the drive>>again, you don't need Burnatonce if you have your own burning software
In burnatonce, select Setting>>Device Settings, this will show you the options
Ensure the speed of write is correct, you can lower it a bit to ensure a good burn
Afterwards, click on the WRITE button or FILE>>New Image
Navigate to KNOPPIX_V5.1.1CD-2007-01-04-EN.iso
and double click on it to Select it
Then click on the WRITE button again
Let it complete the burn process, after it is successful you are ready to try it in the nonbootable computer

[Arpan]

I am sorry about that. I do understand the importance of your time.

Well i have only 1 hard drive which divided into 3 partitions containing
1. 50GB - XP drive
2. 90GB - D drive - normal data
3. 90GB - E drive - recently formatted to eliminate viruses from atleast one partition but i dont think it helped.

I tried opening the 50 GB drive and we mounted this drive only.

[guestolo]

I edited my last instructions, as I'm limited on time tonight
Can you try my instructions with Knoppix, if it loads to desktop, it should be much easier to mount drives
Simply right click a drive and give it Read and Write access

[Arpan]

I guess it will take little longer to download this file and as you are leaving for the day, why dont you just post next instructions such as what needs to be done  to retrieve data after i can see the contents of D: with this knoppix one.

This will be really helpful if you can stay for few more minutes.

[guestolo]

I'm leaning towards knoppix, as you have an older copy of Ubuntu
But try this
In Computer, right click on your drive and choose to UNMOUNT volume

When it's be unmounted, close Computer
Then open Terminal

Type the following in

sudo /bin/bash

Hit Enter

Then the following
sudo mount /dev/sda1 /media/disk -t ntfs -o nls=utf8,umask=0222

Hit Enter

close Terminal afterwards
Open Places>>Computer>>and try and open the drive

If that doesn't work, try the Knoppix route, you'll have it done a lot quicker than I can reply back

[guestolo]

Also, do you think your Pictures are still on your D: drive?
I don't know why, but I thought you said Avg moved them to quarantine, funny it would move Pictures?

If there still on D:
If so, you can clean install XP to C:
Then access D:

Backup what you need, Format all disks and clean install once again to ensure that Virut infection is gone

[Arpan]

I have unmounted the volume. By closing the computer, I hope you meant to restart the computer because i have done so.

One weird thing happens when i try to restart or shut down this ubuntu, it ejects the cd but does not close down. One brown screen is constantly visible not doing anything even if it is kept for 45-50 min just like it is frozen. When this happened yesterday i had to continuously hold the power button on my laptop to shut it down so that i can start it again. Do you understand the cause of this problem?

[guestolo]

Computer was a location on Ubuntu, didn't mean for you to restart, didn't ask you to?

It ejects the cd but does not close down. One brown screen is constantly visible not doing anything even if it is kept for 45-50 min just like it is frozen

That's by design, they usually supply additional instructions

Take out the Cd from the tray, close the tray, Hit Enter on your keyboard

[Arpan]

See the pictures on D: were stored in a folder and that folder is missing after AVG virus scan. So I think it has moved the entire folder to quarantine because i cant see that folder as my windows is not working as i mentioned earlier and i still have to try knoppix to find out whether that folder is still available in D:

For the option of backing up that folder, I have already it. After taking backing up when i tried to open it, that folder did not open at all same like it happened to me in ubuntu right now. I guess it was because of that virus. You know bcoz of this virus every single file and folder was showing as of 132 KB individually whereas D: drive properties showed around 35GB of data.

I am worried that installing fresh copy of windows may wipe out pictures in the quarantine folder, does it happen this way?

[Arpan]

[quote name=\'guestolo\' post=\'463033\' date=\'May 25 2009, 10:54 AM\']But try this
In Computer, right click on your drive and choose to UNMOUNT volume

When it's be unmounted, close Computer
Then open Terminal

Type the following in

sudo /bin/bash

Hit Enter

Then the following
sudo mount /dev/sda1 /media/disk -t ntfs -o nls=utf8,umask=0222

Hit Enter

close Terminal afterwards
Open Places>>Computer>>and try and open the drive

If that doesn't work, try the Knoppix route, you'll have it done a lot quicker than I can reply back[/quote]

This trick did not work. After executing the second command, error stated drive could not be mounted and so the places->computer also showed unable to mount the selected drive.

Just to remind you I did this after restarting the computer.

[guestolo]

I hope your download Knoppix as we speak
You could of had a good portion of it downloaded already

Did you do the following?
mkdir /media/disk

P.S. I'm off to bed

[Arpan]

Hey sorry, couldnt reply yesterday.

Im ready with knoppix. I inserted the cd and it worked well. I can see the drives on desktop itself. I can even see the contents of these drives(folder containing those pictures). No problem of mounting and all exactly as you said but i cant access them. Tell me how to retrieve them..

[guestolo]

[quote name=\'Arpan\' post=\'463060\' date=\'May 26 2009, 01:08 AM\']Hey sorry, couldnt reply yesterday.

Im ready with knoppix. I inserted the cd and it worked well. I can see the drives on desktop itself. I can even see the contents of these drives(folder containing those pictures). No problem of mounting and all exactly as you said but i cant access them. Tell me how to retrieve them..[/quote]

Not sure what you mean by you can't access them?
What errors are you getting, if any/
Where are the files located that you need to backup? What partition?
Right click on the drive and give Read and Write Access

[Arpan]

When i double clicked on the sda5 icon on desktop, it displayed all the contents of then D: including folder containing those pictures. I didnt get any virus as such but i could not see contents of the folder containing pictures on the D: i.e. sda5. There are in all 3 partition.

The read and write permissions should be given to everyone or the owner only??

[guestolo]

Close down ALL open Windows so your on the Desktop of Knoppix

RIGHT CLICK on the Drive your trying to access
Select "Change Read/Write mode"

You should get a prompt asking if your sure you want to change to this mode
Select YES

Not sure why you would get a prompt to Everyone or Owner, but if you do, choose Owner
See if that helps

[Arpan]

I have taken back up of all imp data including those pictures. Thank you very very much for helping me retrieve those pictures.

Now, shall i format the whole hard drive and do a clean installation of win xp??
Is this enough or do i have to take any other measure before installing xp?