Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Data recovery on hard drive w/password protection


  • Please log in to reply
11 replies to this topic

#1 HDScooterBoy

HDScooterBoy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Research Triangle Park area - NC
  • Local time:04:23 AM

Posted 17 March 2009 - 08:57 AM

I have recently had a malware attack, and a friend was able to access my hard drive and disinfect it. When I try to boot to this hard drive now, Windows gets me as far as my wallpaper, but no desktop functionality (no icons, taskbar, etc.). I have put this drive in another computer to try and scavenge data from it, but the data is password protected. Is there a way to either 1) do a Windows repair, or 2) get past this password when accessing this hard drive on another machine? I understand you can change a setting in the registry, but don't know how to change the registry when the drive is in another machine, or change it in my machine when I have no desktop functionality. I do appreciate your wisdom!

Tom

Edited by HDScooterBoy, 17 March 2009 - 04:23 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:23 AM

Posted 17 March 2009 - 10:48 AM

Exact error message, please?

Louis

#3 eastonch

eastonch

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:23 AM

Posted 17 March 2009 - 12:13 PM

a windows repair is by inserting you're original OS disk into the pc before booting and hitting 'repair; when coming to set up i am almost certain you can do this while being on the desktop but might not work in you're situation, it soudns as if your friend has wiped a certain reg entry or file. which the malware had corrupted or latched on to. can you boot up into safe mode or is that whacked aswell?

I would :
(1) Find you're original OS disk and insert it before bootup... http://img.bleepingcomputer.com/tutorials/...-prompt.jpg That is a image that is cut down, it will usually display alot more information but at the bottom say boot from cd, also you will have to change you're bios to boot from CD as its first device. to do this, restart the pc and at the 'POST' screen look to see if it says hit F2 or DEL to enter setup, hit them keys and enter setup. (BIOS) then locate around to the boot menu or something. not to sure on every pc but it varys, kjust look around the bios until you find 'FIRST BOOT DEVICE' and change it to CD-ROM but record the one which says 'HARD DRIVE' and put that to seting 2. also, RECORD ALL DATA ON THIS SCREEN IN CASE IT DOENST WORK AND YOU CAN REVERT IT! after doing the bios, reboot and insert the cd before it boots up. it will say hit any key. hit any key then it will load and then bring you to a screen like this Posted Image hit the button it requests you to for repairing windows installation. and let it do it's magic.
[color="red"]

(Warning) I am not an expert and you're taking of my advice is you're choice. this could be a option to take onboard but not always reliable. i warn you this so that i am not responsible for anything that goes wrong.
[/color="Red]

Edited by eastonch, 17 March 2009 - 12:15 PM.


#4 HDScooterBoy

HDScooterBoy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Research Triangle Park area - NC
  • Local time:04:23 AM

Posted 17 March 2009 - 01:00 PM

Currently I don't get an error message. The wallpaper loads, but no icons, taskbar, etc. load up. I also can't right-click on the desktop. It appears to stall loading up, or perhaps corrupted desktop files were deleted(?) I can boot up in safe mode, but again I think my desktop functionality is gone.
I have tried to modify the BIOS to boot to cd first, and boot with the Windows disk in, but it doesn't seem to want to boot to the disk - don't understand that one.

Edited by HDScooterBoy, 17 March 2009 - 01:34 PM.


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:23 AM

Posted 17 March 2009 - 07:48 PM

I'm certainly no expert...but it sounds to me as if you have (currently) malware problems.

You might reflect on posting at BleepingComputer.com - Am I infected What do I do - http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

Louis

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:23 AM

Posted 18 March 2009 - 07:57 AM

Can you acess the taskmanager (alt-ctrl-del)? If so, just click file»new task, type explorer.exe and press enter.
This should start the desktop

To boot from a CD it is not always necessary to change the boot order in Bios. Most computers have an option (on mine it is f11) to select a boot-device. It may be displayed when starting the computer (press f2 for setup, f11 for bootmenu).

Another thing, you could try to do system file checker (if you can access desktop, either in safe mode or normal mode).

However, if this problem has occured after malware problems, even a repair install might not resolve the problem.

What I dont understand is the password protection you are referring to. If this is your data, the password is yours.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 HDScooterBoy

HDScooterBoy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Research Triangle Park area - NC
  • Local time:04:23 AM

Posted 18 March 2009 - 09:20 AM

elise025 - I will definately try the ctrl+alt+del when I get home, as I hadn't thought about that.
As for boot order, I think I can set the boot order in BIOS, but I think I can select boot source as the computer comes up (F11? can't remember now). I'll try that. My problem so far has been that when I try to boot to the cd-rom drive first (Windows cd within), it doesn't seem to work, although I need to verify again.
As for the password problem, I've put my hard drive in another computer to salvage data off of it before reformatting, but when the drive is a slave in another machine, that machine can't access password-protected files on that hard drive. Specifically if I try to browse to files in My Documents in my pass-protected profile, it says those files are restricted. Someone had suggested I can turn this off in the registry, but I assume you can only change registry settings for that hard drive when the OS on that drive is booted to. And until now I've been able to log on to my profile (get past the password), but unable to access desktop functionality to change registry setting or browse files for salvage. I'm thinking your ctrl+alt+del to get to the task mgr and start explorer.exe (or regedit.exe) sounds like a great suggestion. I'll definately try this later today. Thank you for some great suggestions!

Tom

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:23 AM

Posted 18 March 2009 - 09:27 AM

Oke, now I understand your password-problem. If you can get in explorer, it should not be too hard to rescue your data. As for changing the registry (policies)..... should be careful with that one, you might mess up things worse.

To make sure you have no issues with your XP-cd, you can try to run it after you access your desktop to see if it works as it should. Or try to boot from it on another PC, so you know for sure the CD is good.

Edited by elise025, 18 March 2009 - 09:29 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:23 AM

Posted 18 March 2009 - 09:37 AM

FWIW: The scenario with inability to access Docs & Settings, My Computer, etc. when the drive is moved to a different system...is common. Most of us have experienced that, but there is an easy way to overcome such.

The procedure is summarized in How to take ownership of a file or folder in Windows XP - http://support.microsoft.com/kb/308421

May be useful, PC Hell How to Start Windows in Safe Mode - http://www.pchell.com/support/safemode.shtml

Louis

#10 HDScooterBoy

HDScooterBoy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Research Triangle Park area - NC
  • Local time:04:23 AM

Posted 18 March 2009 - 09:37 AM

elise025 - I'll save the registry modifications for last resort, and try the explorer route. Thanks for the suggestions and I'll keep you posted!

Tom

#11 HDScooterBoy

HDScooterBoy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Research Triangle Park area - NC
  • Local time:04:23 AM

Posted 18 March 2009 - 09:44 AM

hamluis - thank you, as that was exactly what I was trying to do by slaving my drive on another machine for data salvage. I just didn't know how to do it. If I can't browse my files on my computer through explorer, I'll try this. The Safe Mode info will be good too, as I didn't know you could do that through sys-config. Thank you!

#12 hamluis

hamluis

    Moderator


  • Moderator
  • 55,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:23 AM

Posted 18 March 2009 - 09:52 AM

Easily done, keep us posted :thumbsup:.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users