It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
NEED HELP with Window.Old (reinstall from Vista) :(
page: 1share:
UGH~! & double UGH~!
A friends PC with Vista 32 Home Premium got infected with malware~BAD (500,000 malware/spyware infections according to Kaspersky) and now is unable to access ANY of the data on that partition/location...
I'll try and be as through as possible in my steps below..
1. Went to Safe Mode w/ networking, downloaded/update/ran MalwareBytes~Clean.
2. Installed ComboFix (which is compatible for Vista 32 off their website)
a. locates and deletes 1 found virus
3. Reboot back to desktop (normal)
a. Unable to get to Desktop after 3mins
b. Hard boot
c. Back to Desktop but SUPER slow
i. Blue Screen of death stating Kernnel *something something not found*
ii. Unplugged power cord immediately.
4. Friend comes over (previous Vista IT help desk Support experience at previous job site but, 5 yrs back) a. Can’t find the Product Key
b. Re-installs Vista with another command (unknown)
c. A window pop’s up with “there is data on the disk; do you want to retain this data if so, click Next. Window will move the old data to a location on the hard drive labeled ‘Windows.old’ you can access previous data from that location.
5. Fresh install/updates is good and everything seems ok
a. Desktop is active after updates and able to get on the internet.
6. System begins to slow down again.
7. IT friend comes over to look at the files in ‘Windows.old’
a. Vista states that the file is corrupted
b. Some files in the folder are not located.(gone/invisible? )
So, what I was trying to do in the first place was kill the infections, move the data to a backup drive, wipe C:/ & reinstall Vista. He has critical files in the location which absolutely needs to be recovered.
Is there a way to recover ANY of the data in that location w/out taking it to an expensive data recovery shop? If so, how?
Yes, there are free s/w recovery programs I can use on the net, I'm asking those who've worked in IT extensively (PhoenixOD & ZOMBIEMASTER to name a few) that have used any data recovery programs before and can they be trusted in light of the disaster created above?
(Needless to say, I feel worst than horrible due to the fact that my best friend data over 5 years might be un-recoverable)
A friends PC with Vista 32 Home Premium got infected with malware~BAD (500,000 malware/spyware infections according to Kaspersky) and now is unable to access ANY of the data on that partition/location...
I'll try and be as through as possible in my steps below..
1. Went to Safe Mode w/ networking, downloaded/update/ran MalwareBytes~Clean.
2. Installed ComboFix (which is compatible for Vista 32 off their website)
a. locates and deletes 1 found virus
3. Reboot back to desktop (normal)
a. Unable to get to Desktop after 3mins
b. Hard boot
c. Back to Desktop but SUPER slow
i. Blue Screen of death stating Kernnel *something something not found*
ii. Unplugged power cord immediately.
4. Friend comes over (previous Vista IT help desk Support experience at previous job site but, 5 yrs back) a. Can’t find the Product Key
b. Re-installs Vista with another command (unknown)
c. A window pop’s up with “there is data on the disk; do you want to retain this data if so, click Next. Window will move the old data to a location on the hard drive labeled ‘Windows.old’ you can access previous data from that location.
5. Fresh install/updates is good and everything seems ok
a. Desktop is active after updates and able to get on the internet.
6. System begins to slow down again.
7. IT friend comes over to look at the files in ‘Windows.old’
a. Vista states that the file is corrupted
b. Some files in the folder are not located.(gone/invisible? )
So, what I was trying to do in the first place was kill the infections, move the data to a backup drive, wipe C:/ & reinstall Vista. He has critical files in the location which absolutely needs to be recovered.
Is there a way to recover ANY of the data in that location w/out taking it to an expensive data recovery shop? If so, how?
Yes, there are free s/w recovery programs I can use on the net, I'm asking those who've worked in IT extensively (PhoenixOD & ZOMBIEMASTER to name a few) that have used any data recovery programs before and can they be trusted in light of the disaster created above?
(Needless to say, I feel worst than horrible due to the fact that my best friend data over 5 years might be un-recoverable)
edit on 19-7-2012 by Komodo because: (no reason given)
edit on 19-7-2012 by Komodo because: (no reason
given)
edit on 19-7-2012 by Komodo because: (no reason given)
Sounds like the hard drive is shot. There are some free and inexpensive data-recovery programs if you Google it. If the hard drive is too far gone,
there really isn't anything that can recover the data.
You don't have to take it to a data recovery tech.The permissions probably need to be changed in the windows.old folder. Go to the following page and
follow the directions to install "Take Ownership". Once installed, go into the windows.old folder, and find "users", then your friends user account.
Right click on it, and select take ownership. It may take a while depending on how many files and folders are in there. When it is finished, you
should have access to everything in his user account folder.
Take Ownership
Do not use this program on a functional Windows unless you know what you are doing. Changing permissions can be serious enough to crash your system. Only use it in the Windows.old folder.
Oops, forgot to add. Do a chkdsk FIRST on that machine by right-clicking on c: > properties> tools> error checking> check now. This hopefully will fix the errors inside the windows.old folder.
Take Ownership
Do not use this program on a functional Windows unless you know what you are doing. Changing permissions can be serious enough to crash your system. Only use it in the Windows.old folder.
Oops, forgot to add. Do a chkdsk FIRST on that machine by right-clicking on c: > properties> tools> error checking> check now. This hopefully will fix the errors inside the windows.old folder.
edit on 7/19/2012 by Klassified because: (no reason given)
edit on 7/19/2012 by
Klassified because: (no reason given)
Originally posted by _BoneZ_
Sounds like the hard drive is shot. There are some free and inexpensive data-recovery programs if you Google it. If the hard drive is too far gone, there really isn't anything that can recover the data.
Doesn't Vista check check the HD before it re-installs?
I thought it did .. but, not sure.. since I still use XP
reply to post by Klassified
can you plz clarify a bit more
...and what are the chances of this crashing the HD?
Do not use this program on a functional Windows unless you know what you are doing. Changing permissions can be serious enough to crash your system. Only use it in the Windows.old folder.
can you plz clarify a bit more
...and what are the chances of this crashing the HD?
edit on 19-7-2012 by Komodo because: (no reason given)
Install ubuntu linux alongside windows. boot into linux and mount windows partition. that will give you complete access to all windows files. Move
them onto usb drive. Job done.
Ubuntu can be downloaded onto a usb stick (2 gig) then boot from usb. As for mounting windows partition, there is loads of info on line how to do this.
Once done remove windows and use linux.
Ubuntu can be downloaded onto a usb stick (2 gig) then boot from usb. As for mounting windows partition, there is loads of info on line how to do this.
Once done remove windows and use linux.
Originally posted by Komodo
reply to post by Klassified
Do not use this program on a functional Windows unless you know what you are doing. Changing permissions can be serious enough to crash your system. Only use it in the Windows.old folder.
can you plz clarify a bit more
...and what are the chances of this crashing the HD?
edit on 19-7-2012 by Komodo because: (no reason given)
Just don't use it on anything but the windows.old folder, and you will be OK.
Next to nil as long as you follow the directions carefully. If you are hesitant, call someone you trust to do it. I have never crashed a machine with this little program/registry entry.
edit on 7/19/2012 by Klassified because: (no reason given)
I reload computers all the time and have never had a problem like this. But then again when Windows goes bad on me and I need the data I address the
data problem first. When Windows goes bad thru virus related bs you can usually recover user data if the drive itself isn't cooked.
I never use the windows.old function and especially not if I need the data. I usually load any kind of windows on an old hard drive just to get a machine running and then slave the main drive in and copy what you want back or to another place of storage. So either add a new/old separate drive and either slave up the main one or stick it in an external. Reloading the windows.old way with critical data should be avoided.
Now that that's done though you're gonna have to Google that one for help. Someone has encountered this problem I'm sure, sorry I can't be of any help.
If you run Hiren's Boot Disk there's a program on there called HD Regenerator - Hard Drive Regenerator. It will scan the drive and attempt to bring back sectors that are bad including access to the data that was there.
Also I use Easeus Data Recovery for the times I need to recover from a format or when a disk loses its partition information.
I've used both these programs with good success, hope that helps.
But Google is your best option with this.
Cheers
I never use the windows.old function and especially not if I need the data. I usually load any kind of windows on an old hard drive just to get a machine running and then slave the main drive in and copy what you want back or to another place of storage. So either add a new/old separate drive and either slave up the main one or stick it in an external. Reloading the windows.old way with critical data should be avoided.
Now that that's done though you're gonna have to Google that one for help. Someone has encountered this problem I'm sure, sorry I can't be of any help.
If you run Hiren's Boot Disk there's a program on there called HD Regenerator - Hard Drive Regenerator. It will scan the drive and attempt to bring back sectors that are bad including access to the data that was there.
Also I use Easeus Data Recovery for the times I need to recover from a format or when a disk loses its partition information.
I've used both these programs with good success, hope that helps.
But Google is your best option with this.
Cheers
Originally posted by Klassified
Originally posted by Komodo
reply to post by Klassified
Do not use this program on a functional Windows unless you know what you are doing. Changing permissions can be serious enough to crash your system. Only use it in the Windows.old folder.
can you plz clarify a bit more
...and what are the chances of this crashing the HD?
edit on 19-7-2012 by Komodo because: (no reason given)
Just don't use it on anything but the windows.old folder, and you will be OK.
Next to nil as long as you follow the directions carefully. If you are hesitant, call someone you trust to do it. I have never crashed a machine with this little program/registry entry.edit on 7/19/2012 by Klassified because: (no reason given)
He claims he's getting a Corrupt message though so likely does not relate to Taking Ownership, if it was it would just say Do you want to take ownership? etc.
Cheers
reply to post by NWOwned
Yeah, he needs to let windows fix the corruption before using "take ownership". It's hard to explain something this technical in a post where it can be understood by someone who doesn't understand this facet of how file systems and permissions work.
Yeah, he needs to let windows fix the corruption before using "take ownership". It's hard to explain something this technical in a post where it can be understood by someone who doesn't understand this facet of how file systems and permissions work.
reply to post by Komodo
Get some low level hardware diagnostics (preferably with a boot disk so malware is not likely to be a problem) and run some *non-destructive* diags on the Hard Disk Drive (HDD).
If there are errors, get a new hard drive (quite large ones are available quite cheaply). Do a clean OS install to the new HDD (If you don't have a Windows key, use Linux & bite the bullet on getting rid of Windows). Note, create separate partitions on the new HDD. One for the OS and then after you have installed it, one for SWAP, then one for DATA (add these afterward. Note with Linux, install of the OS will have already created a SWAP). The reason for this is that you can later blow away the OS partition and reinstall without loosing your documents & personal files.
Ensure you install the correct drivers for the OS & hardware (with modern versions of Linux, this is normally automatic anyway).
After installing some good anti-malware, plug in the old drive and see if you can recover files, copying them from the old drive to the new DATA partition. When you have moved all you can. Unplug the old drive & you'll have a usable system.
You will have to install the programs that were used on the old system. With Linux this is normally free, with Windows, you may have to find the original disks.
Even if there are no errors on the HDD, and you can afford a new drive, then getting a new one is a good idea, too.
Get some low level hardware diagnostics (preferably with a boot disk so malware is not likely to be a problem) and run some *non-destructive* diags on the Hard Disk Drive (HDD).
If there are errors, get a new hard drive (quite large ones are available quite cheaply). Do a clean OS install to the new HDD (If you don't have a Windows key, use Linux & bite the bullet on getting rid of Windows). Note, create separate partitions on the new HDD. One for the OS and then after you have installed it, one for SWAP, then one for DATA (add these afterward. Note with Linux, install of the OS will have already created a SWAP). The reason for this is that you can later blow away the OS partition and reinstall without loosing your documents & personal files.
Ensure you install the correct drivers for the OS & hardware (with modern versions of Linux, this is normally automatic anyway).
After installing some good anti-malware, plug in the old drive and see if you can recover files, copying them from the old drive to the new DATA partition. When you have moved all you can. Unplug the old drive & you'll have a usable system.
You will have to install the programs that were used on the old system. With Linux this is normally free, with Windows, you may have to find the original disks.
Even if there are no errors on the HDD, and you can afford a new drive, then getting a new one is a good idea, too.
reply to post by Komodo
I don't mess with windows.old but find out how it works. Does it copy and set aside data then copy over old location with fresh windows? If so, if what you're trying to access is corrupt there may be a second copy of it on the drive. Load up another drive with windows and install Easeus Data Recovery on it and simply slave the main one up to it and see what you get when you run the recovery wizards.
Or simply slave main drive to another computer running Easeus etc.
Is it a laptop or a tower? May have to use an external laptop usb device. But you can slave a laptop drive into a tower.
Don't screw too much with the main drive or the corrupt file folder, or at all. Research options and try working it from the slaved up to another machine option first. Using Easeus or similar or checkdsking the HD or using something like HD Regenerator.
Cheers
I don't mess with windows.old but find out how it works. Does it copy and set aside data then copy over old location with fresh windows? If so, if what you're trying to access is corrupt there may be a second copy of it on the drive. Load up another drive with windows and install Easeus Data Recovery on it and simply slave the main one up to it and see what you get when you run the recovery wizards.
Or simply slave main drive to another computer running Easeus etc.
Is it a laptop or a tower? May have to use an external laptop usb device. But you can slave a laptop drive into a tower.
Don't screw too much with the main drive or the corrupt file folder, or at all. Research options and try working it from the slaved up to another machine option first. Using Easeus or similar or checkdsking the HD or using something like HD Regenerator.
Cheers
reply to post by NWOwned
The Windows.old folder is his best chance for recovering his data. That folder has a complete backup of everything on the c: drive before the new install of Windows. The corruption can most likely be fixed, and the personal files recovered from it. I do this for a living. I'm not doing guesswork here.
The Windows.old folder is his best chance for recovering his data. That folder has a complete backup of everything on the c: drive before the new install of Windows. The corruption can most likely be fixed, and the personal files recovered from it. I do this for a living. I'm not doing guesswork here.
Originally posted by Klassified
reply to post by NWOwned
The Windows.old folder is his best chance for recovering his data. That folder has a complete backup of everything on the c: drive before the new install of Windows. The corruption can most likely be fixed, and the personal files recovered from it. I do this for a living. I'm not doing guesswork here.
Yes I understand that and agree. The trouble though is why does it give a corrupt error? Surely every time it's used it is not necessary to use chkdsk on the folder in order to access the files. I agree that something like a check disk might fix it, I've seen it fix some stuff I didn't think it would and was relieved that it did. But when it's corrupt why is it corrupt? It's not normal for it to be corrupt upon access. Guess we're just waiting so see if a chkdsk pass can clear it.
Cheers
Originally posted by NWOwned
Originally posted by Klassified
reply to post by NWOwned
The Windows.old folder is his best chance for recovering his data. That folder has a complete backup of everything on the c: drive before the new install of Windows. The corruption can most likely be fixed, and the personal files recovered from it. I do this for a living. I'm not doing guesswork here.
Yes I understand that and agree. The trouble though is why does it give a corrupt error? Surely every time it's used it is not necessary to use chkdsk on the folder in order to access the files. I agree that something like a check disk might fix it, I've seen it fix some stuff I didn't think it would and was relieved that it did. But when it's corrupt why is it corrupt? It's not normal for it to be corrupt upon access. Guess we're just waiting so see if a chkdsk pass can clear it.
Cheers
The OP said the original install was severely infected. So that's a possibility. The other possibility is bad sectors on the drive. Hopefully that isn't the case, because then he may have to do as you and others have suggested, try and recover from the overwritten install. At this point, the likelihood of losing a fair amount of data with that method is high. There are too many variables we can't know in helping someone on a forum like this. When it comes to the potential loss of valuable data, I'd much rather see the OP get it fixed in person by a qualified tech than from suggestions on a forum.
But as you said, it's a waiting game now...
Originally posted by Klassified
Originally posted by NWOwned
Originally posted by Klassified
reply to post by NWOwned
The Windows.old folder is his best chance for recovering his data. That folder has a complete backup of everything on the c: drive before the new install of Windows. The corruption can most likely be fixed, and the personal files recovered from it. I do this for a living. I'm not doing guesswork here.
Yes I understand that and agree. The trouble though is why does it give a corrupt error? Surely every time it's used it is not necessary to use chkdsk on the folder in order to access the files. I agree that something like a check disk might fix it, I've seen it fix some stuff I didn't think it would and was relieved that it did. But when it's corrupt why is it corrupt? It's not normal for it to be corrupt upon access. Guess we're just waiting so see if a chkdsk pass can clear it.
Cheers
The OP said the original install was severely infected. So that's a possibility. The other possibility is bad sectors on the drive. Hopefully that isn't the case, because then he may have to do as you and others have suggested, try and recover from the overwritten install. At this point, the likelihood of losing a fair amount of data with that method is high. There are too many variables we can't know in helping someone on a forum like this. When it comes to the potential loss of valuable data, I'd much rather see the OP get it fixed in person by a qualified tech than from suggestions on a forum.
But as you said, it's a waiting game now...
Thx Klassified~still haven't done anything to the PC/HD as of yet, not sure if my friend will even let me at it at this point and he's pretty pissed and told me he was going to have the HDD wiped; to which I hopefully convinced him, over a 15 min period, not to because there a good chance it will recover.
I told him I would buy a new HDD and install XP home on it just to get his PC up and running but, he keeps giving me the "I'm not sure what to do right now"; So, apparently he's not listening and doesn't trust what I say. I dunno, maybe I'll just buy it and tell him I did and see what he says ..
Should I even use Chkdsk command on the HDD at this point? would you?
Thanks all & stay tuned, ( I can hear the biting of nails already)
edit on 20-7-2012 by Komodo because: (no reason given)
new topics
-
Who guards the guards
US Political Madness: 1 hours ago -
Has Tesla manipulated data logs to cover up auto pilot crash?
Automotive Discussion: 2 hours ago -
whistleblower Captain Bill Uhouse on the Kingman UFO recovery
Aliens and UFOs: 7 hours ago -
1980s Arcade
General Chit Chat: 10 hours ago -
Deadpool and Wolverine
Movies: 10 hours ago -
Teenager makes chess history becoming the youngest challenger for the world championship crown
Other Current Events: 11 hours ago
top topics
-
Lawsuit Seeks to ‘Ban the Jab’ in Florida
Diseases and Pandemics: 15 hours ago, 20 flags -
Starburst galaxy M82 - Webb Vs Hubble
Space Exploration: 17 hours ago, 13 flags -
CIA botched its handling of sexual assault allegations, House intel report says
Breaking Alternative News: 12 hours ago, 8 flags -
15 Unhealthiest Sodas On The Market
Health & Wellness: 17 hours ago, 6 flags -
whistleblower Captain Bill Uhouse on the Kingman UFO recovery
Aliens and UFOs: 7 hours ago, 6 flags -
1980s Arcade
General Chit Chat: 10 hours ago, 4 flags -
Deadpool and Wolverine
Movies: 10 hours ago, 3 flags -
Teenager makes chess history becoming the youngest challenger for the world championship crown
Other Current Events: 11 hours ago, 3 flags -
Who guards the guards
US Political Madness: 1 hours ago, 1 flags -
Has Tesla manipulated data logs to cover up auto pilot crash?
Automotive Discussion: 2 hours ago, 0 flags
active topics
-
Scientists Say Even Insects May Be Sentient
Science & Technology • 54 • : seekshelter -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 610 • : Justoneman -
Lawsuit Seeks to ‘Ban the Jab’ in Florida
Diseases and Pandemics • 24 • : VariedcodeSole -
23,000 Dead People Registered Within a Two Week Period In One State
US Political Madness • 40 • : IndieA -
whistleblower Captain Bill Uhouse on the Kingman UFO recovery
Aliens and UFOs • 7 • : pianopraze -
CIA botched its handling of sexual assault allegations, House intel report says
Breaking Alternative News • 6 • : watchitburn -
They Killed Dr. Who for Good
Rant • 63 • : grey580 -
House Overwhelmingly Passes Funding for Ukraine, Israel and Taiwan
US Political Madness • 58 • : IndieA -
A Better Choice I Think
2024 Elections • 30 • : SchrodingersRat -
Michael Avenatti Says He Will Testify FOR Trump
US Political Madness • 60 • : Justoneman