Trying to help a friend
Moderator: Forum Moderators
-
- Sir Didymus
- Posts: 354
- Joined: December 9th, 2006, 1:12
Trying to help a friend
A friend of mine has gotten in to a pickle trying to 'fix' another friends laptop, here is what he's posted on another forum but not got any helpful hints yet
Hi, a friend of mine recently asked me to look at her windows xp home laptop which was running very slowly and had all sorts of pop-ups. After using the usual hijack this etc to clean out the spyware i saw she hadn't updated windows at all and wasn't running an anti-virus. The laptop was running nicely at this point and so i installed AVG and ran windows update. The usual 'windows needs to restart' bit popped up so obviously i did, only on rebooting there was nothing, just a black screen. I couldnt get into safe mode either, all it gave me was the "load needed dlls kernel" error. first step to try and fix this was to run chkdsk /r /p from the windows disc, but it got to around 25% and gave me an error message, saying that the file system is too damaged. Likewise the bootfix's from the windows disk did nothing. Next thought was this would need a reinstall of windows over the top of the old version to get into windows without loosing everything, but windows does not recognise an installation on either partition (there is one main partition and another 6GB one which is the usual packard bell 'recovery partition'). So i can't reinstall windows without formatting and it turns out she doesn't have any of her work backed up, important stuff which she 'needs'. I would leave this as a lesson for her to backup but as it was me who ran the windows update i can't help but feel partly responsible there.
Obviously i want to try and get the data off the main partition before formatting and i've used knoppix a number of times on computers to do just that, however when i boot from the cd on this laptop the only disk that is available is the 6GB 'recovery partition' and there is no sign of the main disc within the system. I'll be honest here my linux knowlage is pretty pathetic, i have ubuntu on my main pc but i rarely venture into the more technical side of things. It seems like i need to mount the other partition but i'm unsure where to find out the name of the other partition to mount it, i thought they were meant to just appear on the desktop and then you could mount them from there but as far as knoppix is concerned there is no other partition, only the rescue one. The tool testdisk sounds like a possible solution but when i try and run it i get "error loading shared libraries: libntfs.so.9: cannot open shared object file: no such file or directory. I assume this is because it is ntfs, can knoppix not read that at all?
I've read a ridiculous amount of guides in the last few days trying to sort it out but she needs some of the data for tomorrow and i'm really running out of ideas so any help would be really appreciated. I have large external hard drives i can copy the data accross to but the fact that even knoppix can't see the partition really worries me.
Thanks a lot in advance for any help or advice you can offer me!
The only thing i can think of myself is to replace the drive with a new one and stick the dodgy one in a usb enclosure and see if it can be recognised and recovered that way, but if knoppix won't recognise the drive it seems that may not work. any help i can pass on would ebe VERY much appreciated , as usual
Hi, a friend of mine recently asked me to look at her windows xp home laptop which was running very slowly and had all sorts of pop-ups. After using the usual hijack this etc to clean out the spyware i saw she hadn't updated windows at all and wasn't running an anti-virus. The laptop was running nicely at this point and so i installed AVG and ran windows update. The usual 'windows needs to restart' bit popped up so obviously i did, only on rebooting there was nothing, just a black screen. I couldnt get into safe mode either, all it gave me was the "load needed dlls kernel" error. first step to try and fix this was to run chkdsk /r /p from the windows disc, but it got to around 25% and gave me an error message, saying that the file system is too damaged. Likewise the bootfix's from the windows disk did nothing. Next thought was this would need a reinstall of windows over the top of the old version to get into windows without loosing everything, but windows does not recognise an installation on either partition (there is one main partition and another 6GB one which is the usual packard bell 'recovery partition'). So i can't reinstall windows without formatting and it turns out she doesn't have any of her work backed up, important stuff which she 'needs'. I would leave this as a lesson for her to backup but as it was me who ran the windows update i can't help but feel partly responsible there.
Obviously i want to try and get the data off the main partition before formatting and i've used knoppix a number of times on computers to do just that, however when i boot from the cd on this laptop the only disk that is available is the 6GB 'recovery partition' and there is no sign of the main disc within the system. I'll be honest here my linux knowlage is pretty pathetic, i have ubuntu on my main pc but i rarely venture into the more technical side of things. It seems like i need to mount the other partition but i'm unsure where to find out the name of the other partition to mount it, i thought they were meant to just appear on the desktop and then you could mount them from there but as far as knoppix is concerned there is no other partition, only the rescue one. The tool testdisk sounds like a possible solution but when i try and run it i get "error loading shared libraries: libntfs.so.9: cannot open shared object file: no such file or directory. I assume this is because it is ntfs, can knoppix not read that at all?
I've read a ridiculous amount of guides in the last few days trying to sort it out but she needs some of the data for tomorrow and i'm really running out of ideas so any help would be really appreciated. I have large external hard drives i can copy the data accross to but the fact that even knoppix can't see the partition really worries me.
Thanks a lot in advance for any help or advice you can offer me!
The only thing i can think of myself is to replace the drive with a new one and stick the dodgy one in a usb enclosure and see if it can be recognised and recovered that way, but if knoppix won't recognise the drive it seems that may not work. any help i can pass on would ebe VERY much appreciated , as usual
-
- Site Owner
- Posts: 9597
- Joined: May 16th, 2005, 15:31
- Location: Coventry, UK
- Contact:
Make a Bart CD, boot from that and wang everything off to an external drive. Then you're free to format/replace the internal drive. It does sound a little bit like the disk has failed though - which wouldn't be your mates fault, just unlucky.
In any case, it's a useful tool to have - I usually go in with one first when I don't know what I'm dealing with and a machine is particularly fucked up with nasties.
In any case, it's a useful tool to have - I usually go in with one first when I don't know what I'm dealing with and a machine is particularly fucked up with nasties.
-
- Sir Didymus
- Posts: 354
- Joined: December 9th, 2006, 1:12
-
- Weighted Storage Cube
- Posts: 7167
- Joined: February 26th, 2007, 17:26
- Location: Middle England, nearish Cov
Hmmm, drastic solution is to open up the laptop, remove the 2.5" HDD, get a converter cable (iirc it IS a smaller cable, I could be wrong however) and wack it in a normal windows pc as a slave, you might then be able to save the data, format the drive, and do a fresh install once it's back in the lappy.
However, as you've run chkdsk /r and it's complained, you might just be able to get away with running from the XP Recovery Console command "fixmbr", which'll redo the master boot record and maybe restore enough to allow a chkdsk /r.
But I'd only do that as a last ditch after attemtping a backup.
However, as you've run chkdsk /r and it's complained, you might just be able to get away with running from the XP Recovery Console command "fixmbr", which'll redo the master boot record and maybe restore enough to allow a chkdsk /r.
But I'd only do that as a last ditch after attemtping a backup.
-
- Morbo
- Posts: 19676
- Joined: December 10th, 2004, 21:53
- Contact:
-
- Sir Didymus
- Posts: 354
- Joined: December 9th, 2006, 1:12
buzzmong wrote:Hmmm, drastic solution is to open up the laptop, remove the 2.5" HDD, get a converter cable (iirc it IS a smaller cable, I could be wrong however) and wack it in a normal windows pc as a slave, you might then be able to save the data, format the drive, and do a fresh install once it's back in the lappy.
However, as you've run chkdsk /r and it's complained, you might just be able to get away with running from the XP Recovery Console command "fixmbr", which'll redo the master boot record and maybe restore enough to allow a chkdsk /r.
But I'd only do that as a last ditch after attemtping a backup.
d "fixmbr", which'll redo the master boot record and maybe restore enough to allow a chkdsk /r.
But I'd only do that as a last ditch after attemtping a backup.
already done that, along with tje fixboot commands
-
- Site Owner
- Posts: 9597
- Joined: May 16th, 2005, 15:31
- Location: Coventry, UK
- Contact:
You can make a Bart CD on another computer, it's essentially a self-contained bootable, uncorruptable copy of Windows on a CD. It runs entirely from the CD, you don't even need a working hard disk, just a machine that will get past POST (and set to boot from CD, ofc).The Incredible... wrote:he's had a look at that, but apparently you need to run the Bart CD on the machine BEFORE it dies to create the bootable disc, and he can't get the machine to boot at all
If it's not even getting that far, I guess you do need to get the drive out.
-
- Sir Didymus
- Posts: 354
- Joined: December 9th, 2006, 1:12
-
- Sir Didymus
- Posts: 354
- Joined: December 9th, 2006, 1:12
Hehulk wrote:After the malware was removed, but before you rebooted it by any chance?
didn't say whether he rebooted between getting rid of the spyware and doing the windows update, and he's not around to ask at the minute so not sure, butcould beMy Mate wrote:After using the usual hijack this etc to clean out the spyware i saw she hadn't updated windows at all and wasn't running an anti-virus. The laptop was running nicely at this point and so i installed AVG and ran windows update. The usual 'windows needs to restart' bit popped up so obviously i did, only on rebooting there was nothing, just a black screen
-
- Morbo
- Posts: 19676
- Joined: December 10th, 2004, 21:53
- Contact:
Unfortunately, It seems like this problem would have been best avoided by doing the job properly.
You should never fuck around with an infected machine before taking backups of important data, It's really just asking for trouble.
Depending how fucked it is, it's probably easiest to plug the hdd into another machine and using (if the computer sees it, but windows won't mount it) getdataback to recover stuff.
If the bios won't see the drive, it's probably time to spend money on a proper recovery service.
You should never fuck around with an infected machine before taking backups of important data, It's really just asking for trouble.
Depending how fucked it is, it's probably easiest to plug the hdd into another machine and using (if the computer sees it, but windows won't mount it) getdataback to recover stuff.
If the bios won't see the drive, it's probably time to spend money on a proper recovery service.
-
- Sir Didymus
- Posts: 354
- Joined: December 9th, 2006, 1:12
fair enough. i guess its just one of those things that you don't forsee a problem like that, especially not from just removing spyware and updating windows, but i think he will learn his lesson about backing up before doing anything in the futureDr. kitteny berk wrote:Unfortunately, It seems like this problem would have been best avoided by doing the job properly.
You should never fuck around with an infected machine before taking backups of important data, It's really just asking for trouble.
Depending how fucked it is, it's probably easiest to plug the hdd into another machine and using (if the computer sees it, but windows won't mount it) getdataback to recover stuff.
If the bios won't see the drive, it's probably time to spend money on a proper recovery service.
-
- Shambler In Drag
- Posts: 780
- Joined: March 16th, 2007, 20:22
- Location: on the sofa
- Contact:
-
- Throbbing Cupcake
- Posts: 10249
- Joined: February 17th, 2007, 23:05
- Location: The maleboge
Especially when you do it to impress a laydee, and even more so when she really needs some work of said machine urgently. I would have been surprised if it didn't fuck up.cheeseandham wrote: having seen machines trashed with just one of those (and even less) you should expect problems when making any change, particularly on a system that isn't your own!
To be fair, I wouldn't have known what best policy was on recovering a machine left completely defenceless was either. Even on the ECDL (which is supposed to be a European standard on computer literacy) they don't teach anything about the dangers of malware, despite my protests. Protecting isn't that difficult, to varying degrees, but recovering I expect is an entirely different matter. Who doesn't have a friend or relative who AOLs their way through the internet, picking up viruses and trojans like an AIDS virus? Aside from my mercurial advice on prevention, I personally couldn't recommend or provide a cure for a case such as this bar flattening the system.
-
- Morbo
- Posts: 19676
- Joined: December 10th, 2004, 21:53
- Contact:
andbuzzmong wrote:To be fair pants, I suspect that if it's been without protection for as long as it has, removing the valuable data (and putting it into quarantine just in case) and doing a full low level format is probably the best way to go.
Proper format: Yes.
Low level format: not in the last 10+ years (and not in the more modern sense of a disk nuke, completely pointless)