[opensuse] Live-CD and Vista (NTFS) Partitions
Hi Folks, I'm on travel visiting my brother and noticed that his Vista Pea Sea was flashing its disk light continuously. He also observed that it seemed to be sluggish of late. So he started a full McAfee scan yesterday that never finished, it turned itself off. In aggregate, both he and I are smelling a virus/trojan/root-kit/etc of some sort. So I offered the concept of booting off of a Live Linux cd to get an independent clamav scan of his NTFS Windows partition. I've used Knoppix in the past, but after a download/burn it didn't have clamav or even gcc. So I tried an openSuSE 11.1 Live CD download. Using yast2 I was able to load clamav without issue. Then, I tried to mount the main NTFS partition and failed miserably! I did a mount -r /dev/sda3 /mnt and all I got was a hang so hard that a power cycle was needed. Was I doing something wrong? Or does openSuSE have issues with Vista's version of NTFS? Regards, Lew (I'm here with an Apple MacBook and so am hamstrung a bit...) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2009-04-18 at 07:19 -0700, Lewis Wolfgang wrote: ...
Then, I tried to mount the main NTFS partition and failed miserably! I did a mount -r /dev/sda3 /mnt and all I got was a hang so hard that a power cycle was needed.
Was I doing something wrong? Or does openSuSE have issues with Vista's version of NTFS?
Assuming the live can mount ntfs (ie, it contains the necessary modules), Linux can not mount an ntfs filesystem that was not closed properly by windows. Ie, in any case, you'd have to at least boot windows, and close it "normally". ntfs-3g can not mount an ntfs filesystem with data in the journal, so that it has to be closed first by windows. And I suppose it can not be broken in any way... meaning you can run the antivirus in Linux, but not repair an ntfs partition, AFAIK. Try as root "fsck[tab][tab]", and you see the list: nimrodel:~ # fsck fsck fsck.cramfs fsck.ext2 fsck.ext3 fsck.jfs fsck.minix fsck.msdos fsck.reiserfs fsck.vfat fsck.xfs There is no ntfs there. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknp6ZkACgkQtTMYHG2NR9W/IwCfd7o3MAUbsm+JTrpvUeoJYYpU zPUAn2KVq0KGj29hKsBi3PKl4krrmlPI =+sWU -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 04/18/2009 10:54 PM, Carlos E. R. wrote:
On Saturday, 2009-04-18 at 07:19 -0700, Lewis Wolfgang wrote:
...
Then, I tried to mount the main NTFS partition and failed miserably! I did a mount -r /dev/sda3 /mnt and all I got was a hang so hard that a power cycle was needed.
That doesn't look like the correct command. Either ntfs-3g /dev/sda3 /mnt, or mount -t ntfs-3g /dev/sda3 /mnt.
Was I doing something wrong? Or does openSuSE have issues with Vista's version of NTFS?
Assuming the live can mount ntfs (ie, it contains the necessary modules), Linux can not mount an ntfs filesystem that was not closed properly by windows. Ie, in any case, you'd have to at least boot windows, and close it "normally".
Though closing it properly is best, it isn't a requirement.
ntfs-3g can not mount an ntfs filesystem with data in the journal, so that it has to be closed first by windows. And I suppose it can not be broken in any way... meaning you can run the antivirus in Linux, but not repair an ntfs partition, AFAIK.
You cannot repair an ntfs partition in linux, but you can mount it by adding -o force, i.e. mount -t ntfs-3g /dev/sda3 /mnt -o force. As you correctly assume, this should not be the first option, but is available when Windows cannot shutdown properly. -- Joe Morris Registered Linux user 231871 running openSUSE 11.1 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2009-04-19 at 06:36 +0800, Joe Morris wrote:
On 04/18/2009 10:54 PM, Carlos E. R. wrote:
Assuming the live can mount ntfs (ie, it contains the necessary modules), Linux can not mount an ntfs filesystem that was not closed properly by windows. Ie, in any case, you'd have to at least boot windows, and close it "normally". Though closing it properly is best, it isn't a requirement.
It is, unless you want to take some risks.
ntfs-3g can not mount an ntfs filesystem with data in the journal, so that it has to be closed first by windows. And I suppose it can not be broken in any way... meaning you can run the antivirus in Linux, but not repair an ntfs partition, AFAIK. You cannot repair an ntfs partition in linux, but you can mount it by adding -o force, i.e. mount -t ntfs-3g /dev/sda3 /mnt -o force. As you correctly assume, this should not be the first option, but is available when Windows cannot shutdown properly.
It is available, but it has risks. Per the manual: force Force the mounting even if the NTFS logfile is unclean. The logfile will be unconditionally cleared. Use this option with caution and for your own responsibility. It should be mounted in that case ro: ro Mount filesystem read-only. Useful if Windows is hibernated or the NTFS journal file is unclean. But mounting ro does not help if the OP wants to clear a possible virus. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknqZO4ACgkQtTMYHG2NR9UHrQCfbJxOpsQVEn9zd2X1P2VIR9eV mDMAn0BRxAJWvuNzB7GmZkVpuN74YHuR =5Qkx -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Carlos E. R. -
Joe Morris -
Lewis Wolfgang