Requirements:
- Any secondary drive (internal, external, networked) preferably of the same size as your primary or greater (I would recommend an external USB drive of any sort)
- Macrium Reflect Free Edition
- One blank CD-R (to build the Linux Rescue disk)
Drive failures, infections, buddies who think they’re IT technicians… these are the leading causes of data loss.
All, with the exception of drive failure (weighing on the severity), are typically recoverable, at least to some degree. But long before any of this occurs you should implement some safety measures by backing up your system. You can generally find excellent USB drive deals querying google with something like “external usb deals”. If you already have a secondary drive of some sort we’re ready to move on, if not, a purchase (plan on spending around $75.00 for 500GB) would be a worth while investment.
While ntbackup is a great application, I personally prefer imaging solutions over conventional backup methods for their all around superiority. An image, in essence, is a snapshot of your machine from the moment the backup was taken. This backup can then be restored at any point, typically in under an hour. Imaging software generally provides an option to view and restore single files, which makes for an excellent archive.
For this we’ll use Macrium Reflect Free Version found at the link above. This software lives up to it’s claim, “The fastest disk imaging software…”, and has proven itself one of the best backup solutions in my opinion. The Full Edition provides a list of additional features, including support for Windows Server 2003 (details are at the bottom of the page from the link above). Download your copy, install, register (automatic on the first run), and follow the prompts to begin your image backup. Note – I recommend building a Linux rescue disk when prompted as you’ll need it just in case your system refuses to boot for you.
A restore can be performed through the application interface within Windows or via the Linux Rescue CD by following the prompts as the procedure is laid out very well.
There are a vast number of infections out there and a catch-all virus/malware scanner most likely will never exist. With that in mind, there are however, numerous tools available, and if used in conjunction, will resolve most everything. In our research we have quite often referred to Bleeping Computer. I figured I’d mention it as it has to be one of the best informational resources we have run across to date.
Where to begin? The process of rectification is similar to that of an MD as it all depends on the symptoms. Although there are some best practices/general procedures we like to start with.
The first of which is a malware scan utilizing a program called Malwarebytes’ Anti-Malware. This is an excellent all around malware scanner, probably the best on the market. If your machine is able to access the Internet and your able to install applications properly. It may be as simple as downloading a copy or their Free version from the website, installing and running a full scan.
If you can’t access the Internet you may have a proxy set for all of your outbound connections. To fix this issue Open Internet Explorer, click on Tools -> Internet Options, then click on the Connections Tab, then the LAN Settings button at the bottom right. Under “Proxy server” remove the check mark in the box next to “Use a proxy server for your LAN”, click OK, click Apply, and click OK. Close Internet Explorer and reopen it. Hopefully you now have Internet access to perform the procedure above.
If your symptoms include the inability to install applications (e.g. The file “such-n-such” is infected and cannot be executed or The file “such-n-such” is corrupted…, etc.), you may have better luck in Safe Mode (Vista Safe Mode). To get into Safe Mode you will need to press and hold the F8 key at the top of your keyboard as the computer is booting to reveal an Advanced menu from which you would want to select “Safe Mode with Networking”. This will boot the machine with minimum overhead and a network connection to access, download, and install the application. Note – Not all applications can be installed in Safe Mode.
If for some reason Malwarebytes’ has trouble removing any of your issues, whether in normal or safe mode (Safe Mode w/Networking is preferred if available), the next move would be to run ComboFix. As I take it, this application was created by sUBs from Bleeping Computer and runs a multitude of custom scripts in conjunction with third party applications to provide a thorough malware scan complete with removal and reporting.
For any remaining issues another great tool to try is SmitFraudFix.
Take a look at their links for directions as these applications are well documented.
If Safe Mode is not an option (as I have seen in many cases) the easiest move might be to perform an external OS scan follow this article “Windows will not boot, regular nor safe mode, what to do?“
Puppy Linux is one of my favorite distributions for multiple reasons. The main being that it is very easy to install to a USB flash drive, as well it’s also very easy to get acquainted with, especially for simple day-to-day use such as Internet surfing, document writing, CD/DVD burning, media viewing, etc… I personally carry my Linux USB drive for A.) repairing machines and B.) accessing secured information, such as banking, email, username/password protected sites, etc. from just about any computer with the ability to boot from USB.
The purpose for installing this OS to a flash drive is to have the ability to carry a read/write copy of an entire Operating System anywhere you travel.
To get started you will need a copy of Puppy Linux and a USB flash drive (512MB or larger). For the OS I prefer NOP (Nearly Office Pup) due to the replacement of JWM with the XFCE desktop and it’s stability. You can find our customized version(s) in the Downloads section.
There are a couple of ways to go about installing to a USB drive, but for this article we will focus on the easiest method. This method utilizes a two step process. 1.) Burning a Linux liveCD and 2.) Installing to a USB drive from a Linux liveCD. So to get started you can begin by following the post “How to burn an ISO file to CD from within Windows“.
Boot from the Linux liveCD you created from the steps above. You can select the defaults along the way. Once you reach the desktop you will want to plug in you USB flash drive (Note – Make sure your have backed up any contents you want to save as this method will format your drive and delete all existing files). You should see a new icon appear on your desktop.
Formatting the USB flash drive
We will begin the process by clicking on Menu -> Setup -> BootFlash install Puppy to USB. We will leave the defaults and click OK. Click OK again on the BootFlash window. In the next window make sure your on the correct drive (make sure the icon from the desktop reads the same as in the “BootFlash: choose drive” window (e.g. My icon from the desktop reads “sdb1″ and my “BootFlash choose drive” window reads “sdb Flash memory…”). Click OK to continue. As long as everything is listed properly click OK in the confirmation window. After your drive is formatted the “BootFlash: install Puppy” window will appear, close this out by clicking on “Exit, finish” as we will want to pickup with the Universal installer.
Installing Linux to the USB flash drive
Click on Menu -> Setup -> Puppy universal installer. Click OK as USB flash drive should be highlighted by default. Make sure your icon and the drive match as before then click OK. In the new window that appears click the button next to “Install Puppy to sdb1″ (sdb1 is our USB drive in this case) at the top. Click OK to confirm and begin the installation wizard. Click on CD when asked “Where are the Puppy files?”. Click OK as we have booted from the CD we will be using to install from. Pick the defaults by clicking OK through the next two prompts. Press the Enter key when prompted to continue. To make sure we are creating a pristine copy type the letter “p” (any letter will work fine though) and press Enter to wipe all files. At the next prompt we will want to type the letter “p” again and press Enter to force the OS into memory running on any PC with 256MB or more of RAM. The last prompt will read “Finished, press ENTER key to continue:”, go ahead and press Enter and you should now have a Linux bootable USB flash drive. You should remove the CD from the tray that most likely opened automatically after the wizard completion and reboot by clicking Menu -> Log Out -> Restart. This time around you want to choose “DO NOT SAVE” at the prompt. If everything went well your now booted into Puppy Linux via your USB flash drive, if not you may have to adjust the machine’s BIOS to allow booting from USB. Take a look at Enabling BIOS Support for more information. If your sure it’s not as issue with BIOS you should repeat the process by starting back at Formatting the USB drive.
Reboot to initiate automatic saving to your USB flash drive
Click on Menu -> Log Out -> Restart
Upon the first Shutdown or Restart you will be asked if you would like to save your session to a file. Leave the default (SAVE is highlighted) and press Enter. You will next be asked if you would like to customize the file name. You can leave this blank, unless you plan on running multiple customized sessions (we can touch on this later if need be), and press Enter. Next we will be asked about the encryption level, it is best to leave this option as default (<NORMAL (no encryp.)>) and press Enter. You will then be asked to choose a size for your personal save file. I generally choose the largest size available which at the time of this writing is 1.25GB and press Enter. The last prompt is the “FINAL SANITY CHECK:”, this is where you have the option to change the file location or stop the save process all together. Leave the default “YES, SAVE” and press Enter to begin the save process and ultimately begin the reboot process. Note – the save file creation process may take a while (up to 5 minutes or so) depending on your machine specifications.
Setup the Network connection
Once your back at the desktop we will want to setup the Internet connection.
Click on Menu (bottom left corner) -> Setup -> Network Wizard
Depending on your interfaces, you selection may vary. For most will select eth0 by clicking the button conveniently labeled eth0; click the Auto DHCP button to acquire an IP address. You will have the option to save the settings to automatically establish a connection on the next boot (so long as your on the same machine). Click Done and if all went well, you now have Internet access.
Download the word processor and spreadsheet SFS file (AbiWord and Gnumeric):
Click on Menu -> Utility -> Terminal
Then type the following on the command line:
cd /mnt/home; wget http://slighpcs.com/downloads/puppy/spc431/goffice-43.sfs
If everything went as planned you should see output at the bottom of the Terminal window stating “… ‘goffice-43.sfs’ saved…”. Next you will want to close the Terminal window by either typing “exit” and pressing Enter or by clicking the X in the top right hand corner of the Terminal window.
Add the SFS file to boot
Click on Menu -> Setup -> BootManager configure bootup
Then click on the icon to the right of “Choose which extra SFS files to load at bootup”. In the “BootManager: SFS files” window you should see “goffice-43.sfs” in the left hand pane. Click on it (it will highlight in dark blue once chosen), then on the “Add” button to move it to the right hand pane, and then the OK it, and finally QUIT from the bottom right corner.
Last we will reboot the OS to allow the gOffice applications to automatically load during the boot sequence. Click on Menu -> Log Out -> Restart.
I run into this issue quite often, and with all of the username/password combinations that people acquire, it’s bound to happen at one point or another. Depending on the OS (Operating System), there are a couple of ways to go about removing or changing a user’s password.
For example, on a Windows Home computer there is a hidden Administrator account. The secret to accessing it is a reboot into Safe Mode. Of course, there en lies the problem that this password was forgotten as well. Reason being that the Administrator password on a Windows Home PC is created during the OS installation. If your lucky, the password was left blank by the original installer. If this is the case, I would highly recommend changing this to something that is easy for you to remember, but difficult for others to guess. This is to place your first line of defense for all of the hackers and bots that flood the Internet.
For both Windows XP and Vista Operating Systems you can use another account to change the password so long as the account used has administrative rights.
And then there’s the alternative method I like to use when none of the other options are available. For this you will need our custom Linux liveCD. Follow the post “How to burn an ISO file to CD from within Windows” to download and burn the CD.
Boot from your Linux liveCD
Insert the CD in your CD or DVD-ROM and reboot your computer. You may have the option to select your boot device without changing the BIOS (e.g. Dell machine boot device selection is typically tied to the F12 key). As the OS is booting you will be asked to select your keyboard and video settings (keyboard layout is self-explanatory and the video selection should work fine under Xorg… if you have issues choose Xvesa).
Resetting a Windows user password from the liveCD
We will first need to locate your Windows partition. Depending on the make and model of your machine you will most likely have multiple partitions. For example, newer Dell models typically house three separate partitions (a tiny utility partition, a Windows partition, and an image restore partition). The easiest way to locate the correct partition is by mounting each drive labeled sda1, sda2, sda3, etc. (for IDE drives your labels would be represented as hda1, hda2, hda3, etc.) from your desktop and searching for the ‘OS’, ‘Program Files’, and ‘User Profiles’ folders. For Windows XP and Windows Vista installs we would generally be searching for a ‘Windows’ OS (Operating System) folder. For Windows upgrades this may be labeled as Winnt. The ‘Program Files’ directory should be housed in the same location for both XP and Vista. The User Profiles directory should be labeled ‘Documents and Settings’ for XP and ‘Users’ under Vista. Once you have located these three folders you more than likely have the correct partition mounted and ready to go.
Click on Menu -> Utility -> Terminal
Note – Keep in mind that Windows does not recognize case sensitivity while Linux does, to speed up matters you can utilize the auto complete feature within Linux by using the TAB key to display commands or directory/file names; an example is listed below to help you familiarize yourself with this feature.
Linux BASH (Terminal) auto complete TAB key example:
Type in the partial command: “chn” (without the quotes) and press the Tab key. You’ll notice that the command “chntpw” is automatically filled in for you. If there are multiple commands/file/directory names beginning with the syntax you have typed all relevant entries will be displayed. For example, typing in “lsp” and pressing the Tab key will add the letter “c” to the end of the command spelling out the next possibility in all the commands starting with “lspc. Now hit your TAB key again and you will see the two commands “lspci” as well as “lspcmcia”. Note that if you hit the TAB key and nothing shows up that there are at least two commands that start with that letter combination.
Type the following into the Terminal Window (replace “sda2″ with the partition you located from above and use the auto complete feature to help with directory names and the correct case, as well replace “tdurbin” with the username you wish to change. Also note that this method will NOT work for users in a Windows Domain environment.):
chntpw /mnt/sda2/WINDOWS/System32/config/SAM -u tdurbin
You will be presented with a wealth of information before the “User Edit Menu”. Note – You’ll have to use the scroll bar on the right to view the entire contents.
Here your given 5 options, of which you will want to select the 1st “Clear (blank) user password”. So type “1” without the quotes and press Enter.
You should now see a message stating “Password cleared!” and underneath that the manipulated Windows Registry Hive path asking the question “Write hive files?” In which we will respond with a “y” for yes and press Enter.
If everything went well you will receive a message similar this:
0 </mnt/sda2/WINDOWS/System32/config/SAM> – OK
In which case you can reboot your machine back into Windows and should now be able to utilize your account without a password.
There are a great number of reasons why a Windows PC won’t boot ranging from hardware malfunction to virus/malware infections. Generally Windows hardware and software issues are proceeded by a Blue Screen of Death or BSoD to provide technical information regarding the crash. This error code can then be used to formulate a possible resolution.
Here at slighPC’s, we deal primarily with Windows XP mainly due to the fact that we believe this OS to be the most sufficient and stable OS Microsoft has released to date. And this is our recommendation when asked. Microsoft has made numerous revisions to their latest OS’s Vista and Windows 7. One such revision was the removal of the Recovery Console. Not to worry as your media should provide access to the commands necessary to follow this guide. In a first attempt to rectify the situation, provided the BSoD doesn’t list a well laid out solution, we like to start with a file system and hard disk integrity check.
Windows XP File system and hard disk integrity check
Requirements:
Windows XP media CD/DVD, Recovery Console pre-installed, or you can use one of our Recovery Console ISOs to burn a CD (we recommend that you use a media relevant to your Operating System’s specific Service Pack level).
Performing the Windows XP integrity check
To perform this operation you will first need to either boot from the Windows XP or provided media CD or select the pre-installed Recovery Console from the boot menu just after your computer restarts (This menu is generally only displayed for a brief moment during boot, so be sure to catch it in time).
When booting from the media CD/DVD you will be prompted with the message “Press any key to boot from CD”. At this point press any key to begin the media boot process. The OS will attempt to boot from hard disk if no key is pressed within the allotted time frame. After the initial CD/DVD load you will be brought to a “Welcome to Setup” screen in which you will have three options, Continue, Repair, or Quit.
From here we want to press the “R” key to begin the repair process initiation. After the disk is searched for Microsoft Operating Systems you should be prompted with yet another screen listing all of your Windows partitions preceded by a number asking “Which Windows installation would you like to log onto”. *Note – Different manufacturers utilize differing partition schemes, so determining the correct partition can be tricky depending on the scenario. Typically you’ll be looking for the partition labeled “1: C:\WINDOWS”.
At this point you would key in the number “1″ and press the Enter key to proceed. Next you will be asked to “Type the Administrator password:”. The password is dependent on your setup (Note – Windows XP Home does not include a true Administrator account and is generally left blank by most manufacturers). If you have no Administrator password, you can press the Enter key to continue. If you have forgotten your Administrator password you may follow the article “I lost my windows password…” to either blank or change it.
If your still with me up to this point you should be looking at a DOS prompt waiting for a command to be initiated “C:\WINDOWS>”. Time to start the integrity check… Type in the command:
chkdsk /r
and press the Enter key. You will notice the output displayed informing of the current action as well as the percentage completed. Run time will vary depending on your hard disk size and the number of issues processed. After the process is completed a summary is displayed. You can verify that corrections have been applied if you receive a message stating “CHKDSK found and repaired one or more errors on the volume.”
Note – If you receive the message “The volume appears to contain one or more unrecoverable problems.” Your generally looking at a unrecoverable disk with corrupt/bad sectors, although this is not always the case.
After the chkdsk command is successfully run type “exit” (without the quotes) on the command line and press Enter to reboot your computer and hopefully boot back into Windows.
More to come soon…
Previous Entries
Categories
Tag Cloud
Blog RSS
Comments RSS
Last 50 Posts
Back
Void 
Life 
Earth 
Wind 
Water 
Fire