DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 15th July 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Default how to remove boot sector viruses?

You right I did not say.

Well I was thinking that I could take out the drive, mount it on a USB cradle and read it with a fresh install of Windows to get the data out. How can I do this with open BSD? Is that possible? Perhaps is something that is reserved OBSD Gurus.

Thank you for your response.
Reply With Quote
  #2   (View Single Post)  
Old 15th July 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
How can I do this with open BSD?
The ramdisk kernel (bsd.rd) functions without mounting any physical drives. This is why it's called the "ramdisk kernel". Using it, an admin can reinstall or upgrade, including an upgrade-in-place of the installed system, which replaces boot blocks, kernels, and userland libraries and executables (/bin, /sbin, /usr/bin, /usr/lib, /usr/sbin, /usr/libexec, and I'm sure a few other structures I've forgotten).

An admin can also use the ramdisk kernel to restore a complete system from backup, assuming of course, that the admin has invested the time to learn how to do so. Learning how restore a complete system to a "bare" computer should be at the top of your priority list, if you have one. HINT: If you don't have a spare computer, virtual machines are an easy way to practice and learn. You may find the qemu package helpful, if you want to run a virtual machine with OpenBSD as the host.

Obviously, you could boot the installed bsd.rd kernel, or, boot the ramdisk kernel from standard installation media: diskette, cd, or network.
Reply With Quote
  #3   (View Single Post)  
Old 15th July 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Default

Thanks again jggimi,

This is very interesting and you are right I should learn to do this. As you can probably surmise, I am at the bottom of the OBSD logarithmic curve. I really appreciate your constructive comments and will take them to heart.

I learn something new every time I log into this great forum and it's members.

Again thank you.
Reply With Quote
  #4   (View Single Post)  
Old 15th July 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by jggimi View Post
The ramdisk kernel (bsd.rd) functions without mounting any physical drives. This is why it's called the "ramdisk kernel". Using it, an admin can reinstall or upgrade, including an upgrade-in-place of the installed system, which replaces boot blocks, kernels, and userland libraries and executables (/bin, /sbin, /usr/bin, /usr/lib, /usr/sbin, /usr/libexec, and I'm sure a few other structures I've forgotten).
Also of note is /usr/mdec/mbr which is a copy of the master boot record constructed at installation. If you have concerns about the presence of boot sector infection, you can always diff(1) the boot sector against this file.

CyberJet, you will find useful information in the boot_i386(8) manpage, & Section 14.7 of the FAQ.

Last edited by ocicat; 16th July 2011 at 12:27 AM.
Reply With Quote
  #5   (View Single Post)  
Old 15th July 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

This thread was forked from its parent:

http://www.daemonforums.org/showthread.php?t=6121

...due to digressing into OpenBSD-specific questions.

Please, if threads happen to invoke questions which are not in the same direction as the tone set by the thread's originator, start a new thread.

Most of the activity seen on this site is members searching old threads. Whether they take advantage of vBulletin's search facility or search manually ("I remember something was asked about this in this subforum some time ago, so I'll just read through the thread titles until I find it..."), please keep discussions to:
One thread, one topic
It will help the next guy.
Reply With Quote
  #6   (View Single Post)  
Old 15th July 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

When you find you have questions about backing up and restoring, please start a new thread...if Ocicat hasn't split this off to another thread by then.

Some things for you to think about, as you wind your way to self-sufficiency...

Where would you go first to find out about backing up, and restoring? And then where would you look?

Why would jggimi recommend restoring /etc or /var before any other partition? What's in there that its critical to restoring a system? (Yes, I would make that recommendation.)

The ramdisk kernel has restore(8) included, but it will not run on the ramdisk kernel until you provision something. You will get an error message telling you something is missing. You should try this, get the error message, and see if you can figure out what is needed, and what to do.

How do you install boot blocks on your architecture? Why would you need to know how? Where would you go to find out what to do?
Reply With Quote
  #7   (View Single Post)  
Old 15th July 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Default

Wow!

I think jggimi recommendation is very sound. From what I know there are very important files in etc, network, pf, etc. As for var I know logs and message files.
I'll continue reading and trying climb the curve.


Thanks jggimi!
Reply With Quote
  #8   (View Single Post)  
Old 15th July 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by CyberJet View Post
From what I know there are very important files in etc, network, pf, etc. As for var I know logs and message files.
No, think about what you would need to have if you were starting with empty hard drives.
Reply With Quote
  #9   (View Single Post)  
Old 15th July 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Default

Thanks ocicat,

Sorry for the extra work. I was reading Sec 14- Disk Setup when I saw your post, thanks for the specifics.

I will comply! One thread, one topic.

Thanks again
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to remove a word and everything after? bigb89 Programming 7 31st August 2014 01:47 AM
Backwards Unicode names hides malware and viruses J65nko News 0 13th May 2011 05:56 PM
NY Times - History of Computer Viruses shep News 0 27th January 2011 09:17 PM
Can OS X viruses infect BSD? RogueAI OpenBSD Security 9 15th December 2009 04:31 PM


All times are GMT. The time now is 11:51 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick