Hey everyone my names Rob I'm new to this forum and to knoppix but am enjoying it so far. Now everything so far has worked I've located the infected file using knoppix but now I was told to go into windows safe mode with command prompt under admin. and del the file but I can't boot to windows at all not even the command prompt any other way to get this file off the hd or can it be removed through knoppix?

If it's an NTFS partition, no. There actually has been a rumor that the new 5.0.1 can write to NTFS "in some cases", whatever that means, but I've yet to see any reports that it works or is safe. If you have NTFS partitions I suggest that you read the rescue faq in the wiki and use Knoppix to make backups of what you need, then install fresh.

If it's a FAT partition, yes, if you can find the bad file then you can delete it. See answer #6 (http://www.knoppix.net/wiki/User:Harry_Kuhman) for details.

It's a FAT partition and I'm still unclear on the way I'd go about removing the file through knoppix..

use above link information to mount partition with write access, open partition from desktop icon and browse to the file that you hase identified as the infection. delete it.

Are you saying that you don't know what file is infected? I would have expected whatever identified the infection to tell you that. Or are you saying you are not comfortable navigating through the FAT file system with the Linux tools? Or is it some other issue that I'm missing?

Yea I'm not to comfortable navigationg yet but I was kind of learning as I go, I thought by clicking on the hda1 icon on the kde desktop was just like /mnt from the CLI I didn't see options for deleting the file when I right clicked but I guess I didn't try the del key...is it as simple as that or is there something else

damn I'm an idiot thanks for the support on that Harry, I appreciate getting great support right away I like this forum, the seasoned knoppix users don't rub it in about our new user questions, and thats a classy way to be, I did have one follow up question though..there has been a progress dialog up for a few minutes with no activity and know it looks like the screen might be freezing up..is this normal or do you have any suggestions or comments?

..there has been a progress dialog up for a few minutes with no activity and know it looks like the screen might be freezing up..is this normal or do you have any suggestions or comments?
not normal. A progress dialog on what? deleting a file? Some application that you are running? booting Knoppix (which sounds like you already have working ok)? What is this dialog saying?

yea I hit the delete key when the file was highlighted and a progress dialog box popped up at the bottom of the screen with a progress bar that reads 0% then everything freezes up

Well, I jus went through the steps. Here's my experience:

Coaxed my testbed system to boot the Knoppix 5.0.1 CD. Not sue why it didn't want to this morning; it booted it many times last night without complaint, but it was an effort this morning. But eventually Knoppix booted.

I looked at all of those nice hda icons on my desktop and picked hda5, knowing it was a logical FAT drive with files ripe for deletion.

I right clicked on it expecting to use the actions sub-menu to make it writable, but to my surprise version 5.0.1 has changed this menu! So I'll have to update some documentation. Still, I saw the option to make the mount read/write when I did the right click. I tried it, was informed that I had to mount the partition first.

So I clicked on it, Konquror open and displayed the partition. I confirmed that I could not delete a file (it was still read only access). I right clicked on the hda5 icom and chose to make it read/write. It questioned me about this but then let me do it.

I picked something that I could afford to delete. Rather than just hit delete I looked at the menu and under Edit I found that Delete was "move to Trash" and Shift-Delete was a true delete. Frankly I would feel better about making a true delete, both since it's a virus that you really want to get rid of and because I question how well Linux impliments the Microsoft trash system, but in the end I decided to do the same delete that you are trying to do, so I just hit the delete key while the sacrificial file was highlighted.

I did indeed see the progress bar pop up, but it was so quick that if I wasn't looking for it I would have missed it. So I don't know why you are having the problem that you report. Is this infected file huge? Are you deleting more than one file (an entire directoy and sub-directory structure perhaps)? My best guess is that your file system may not be in very good shape, which I'm also inclined to think is the case since you are trying to delete the bad file with Knoppix rather than just using DOS (wihich obviously deletes files on a FAT system quite well).

I'ts my friends computer and everything about this computer seems bad, file system most of all.. the file was found by clamscan as hiberfil.sys: worm.Bagle.BB-gen I'm not sure if it's the computer that's the problem or the file that's throwing it off

Certainly seems like a case where rescuing the data with Knoppix while you still can and reformatting and starting over is a better choice than trying to "fix" the data. That's a common situation with NTFS. Less common with FAT, but then again I don't know your friend's or your skills or what all bad has happened to the disk. And it certainly could be a drive going bad as weel (in addition to the infection, not instead of). I have a few drives here that I could format and make look perfect, but in less than a month you would not be able to accurately read the files from them again (and even Spinrite can't help them).

My suggestion: recover all that your friend wants to save (see the resque fac for tips if needed). Repartition and reformat the drive, if it's woth saving at all, but either don't use it for critical data or make very sure that you or he have good backups. Decide in a few months if the drive is still stable and safe enough to depend on, if not erase it throughly and destroy it.

It's a laptop and he apparently has none of the drivers so reformat could become a bit tricky, right?

It's a laptop and he apparently has none of the drivers so reformat could become a bit tricky, right?
I don't see why. Vitrtually any even halfway modern laptop's hard drive should bo on an IDE interface and look like any other IDE drive to formatting and partitioning software, no extra drivers needed beyond what is in Windows or even what is in DOS.

Alright then I think I'll give it a shot and see what happens, since this will be a first for me is there any tips or matters of importance I should know before going through with this.

Without knowing you or your abilities there is not much advice I can give. Backup everything that you need before you start. Have one or more bootable DOS diskettes available, I would start with DOS and your partitioning software of choice. Consier that it is likely that the disk is headed to it's grave anyway, so there isn't much harm you can do as long as you have the critical information backed up. Know what size you expect the disk to be and confirm that it matches what you see in the partition software (or at least comes close). Decide what you would like to put on the disk if everything goes well, Windows, Debian, or something else, and have the needed install software available. Good luck.

Once you've salvaged what you can from the disk, why not pop in a knoppix cd and : dd if=/dev/zero of=/dev/hdx (replace x with the hd as knoppix sees it). I will take a long time , over an hour most likely, but you will have ERASED EVERYTHING ON THE DISK, or more specifically written 0's over the entire disk. Then start from scratch - new partitions etc.. If the drive is going bad - you might hear clicking noises - trash it.

HTH

Good advice, Harry and Rusty I thank you both and I'll keep everyone posted