Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Manipulating Windows Files From LinuxLiveSession


  • Please log in to reply
17 replies to this topic

#1 pcpunk

pcpunk

  • Members
  • 5,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:19 AM

Posted 04 September 2017 - 09:48 AM

Hey guys, I was trying to manipulate some Windows System Files to fix a windows computer but got the message below.  I didn't have time to fiddle with it to long and was pretty confident I could do it in Windows via Docking Station so I did it that way.  I would prefer to do it in a LinuxLiveSession so as not to have to remove the HDD next time if someone would help me.

S8xaWMe.png

 

Thanks, pc


Edited by pcpunk, 04 September 2017 - 09:51 AM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,260 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:19 AM

Posted 04 September 2017 - 10:40 AM

Looks like that message is telling you to boot into Windows and be sure to shut it down...not to hibernate or put in sleep mode.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:19 AM

Posted 04 September 2017 - 03:11 PM

Yes buddy, but the Windows OS was password protected and could not be accessed to Turn Off Fast Boot or anything else.  This was done from a LinuxLiveSession USB.  So I don't understand what the Error actually means, all I know is I want to manipulate the Windows OS File sytem to fix it, which I've done in Windows via Docking Station.  But next time don't want to pull the HDD if I don't have to, just boot Linux and fix it, if possible.

 

Thanks, pc


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#4 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:19 AM

Posted 04 September 2017 - 03:32 PM

I wonder what would be the consensus of this article, not familiar with the Author or the site.  Checked it at Virustotal, but don't know how well that is serving me.  

https://www.mkyong.com/linux/ubuntu-status-14-the-disk-contains-an-unclean-file-system/


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#5 JohnC_21

JohnC_21

  • Members
  • 24,295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:19 AM

Posted 04 September 2017 - 03:33 PM

What was the OS that was password protected. You can enable the hidden Administrator Account and work through that.

 

Download and install Lazesoft password recovery home (free) and create the bootable media. 

 

http://www.lazesoft.com/forgot-windows-admin-password-recovery-freeware.html

 

http://www.lazesoft.com/how-to-reset-administrator-password.html

 

Edit: I have used ntfsfix but I would hesitate using it on a drive with a hibernation file.


Edited by JohnC_21, 04 September 2017 - 03:35 PM.


#6 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:19 AM

Posted 04 September 2017 - 03:47 PM

It was a Windows 7 machine Upgraded to Windows 10 OS.  It was a "syskey" lockout, will Lazesoft Recover My Password work for syskey?  I didn't see anything about syskey John, but I've been meaning to download that and try it out at your prior recommendations.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#7 JohnC_21

JohnC_21

  • Members
  • 24,295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:19 AM

Posted 04 September 2017 - 03:52 PM

Was the lockout the result of a malware of phishing Microsoft support scam? For a syskey password there is another software but I will have to go back in my records to find. If the syskey password is long I don't think it will work. You could try deleting the hibernation file using a Windows 10 install disk and the command prompt. Then do a ntfsfix. 

 

Before I did that though I would mount the drive read only and copy the personal data.

 

The offline registry editor may work but I am not sure it would work for Windows 10

 

https://www.top-password.com/blog/how-to-reset-forgotten-syskey-startup-password-with-freeware/

 

Edit:

As you can see, with Offline NT Password & Registry Editor you’re able to reset forgotten syskey startup password in minutes. However, the utility can just as easily destroy a Windows system’s data. For that reason, the tool should only be used as a last resort.


Edited by JohnC_21, 04 September 2017 - 04:06 PM.


#8 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:19 AM

Posted 04 September 2017 - 04:08 PM

Yes it was.  

 

Ahh, I gotcha!  Deleting the hibernation file using a Windows 10 install disk seems like it is then getting more complicated and then taking longer than just removing the hdd, but I appreciate the idea.

 

Yes, all was backed up using LinuxLiveSession before hand, and that all worked fine without any special mounting.

 

I'll keep hoping I can boot Linux and fix it that way.  Maybe someone will come along and have a fix for this "Unable To Mount" issue, that will make it quite nice to fix it all with a Linux USB.

 

Thanks guys, pc


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#9 JohnC_21

JohnC_21

  • Members
  • 24,295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:19 AM

Posted 04 September 2017 - 04:14 PM

You can force mount the drive in linux if the warning says to mount the drive read only.

 

https://askubuntu.com/questions/296331/how-to-mount-a-hard-disk-as-read-only-from-the-terminal



#10 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:19 AM

Posted 04 September 2017 - 04:16 PM

John, I guess your feelings are that this "ntfsfix "command is risky?  I certainly don't want to risk the OS, because the whole purpose of this was to save time, not cause myself more work LOL.  Those darn Scammers!  

 

I just wonder why it would work from windows and the Docking Station and not Linux?


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#11 JohnC_21

JohnC_21

  • Members
  • 24,295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:19 AM

Posted 04 September 2017 - 04:22 PM

It's not risky when dealing with a drive without hibernation. I have never used it on a drive with a hibernation file. If the drive does have a hibernation file ntfsfix will not solve the problem. 

 

Create a bootable disk with this software package. See if it can determine the Syskey password. A while ago the password was a simple 1234 or something similar but I believe that has changed.



#12 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:19 AM

Posted 04 September 2017 - 04:27 PM

You can force mount the drive in linux if the warning says to mount the drive read only.

 

https://askubuntu.com/questions/296331/how-to-mount-a-hard-disk-as-read-only-from-the-terminal

But I need "rw"  to fix things.  I found some ideas but I need to revisit when my brain get's a rest.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#13 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:19 AM

Posted 04 September 2017 - 04:30 PM

It's not risky when dealing with a drive without hibernation. I have never used it on a drive with a hibernation file. If the drive does have a hibernation file ntfsfix will not solve the problem. 

 

Create a bootable disk with this software package. See if it can determine the Syskey password. A while ago the password was a simple 1234 or something similar but I believe that has changed.

Thank you.

 

Yes, there are many passwords they use, I've tried them all to no avail.  The job is done, but need to use my trusty LinuxLiveUSB to fix these things in the future if possible.

 

This link is interesting, but all over the place, to much for my ADD.

 

Thanks till later, pc


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#14 JohnC_21

JohnC_21

  • Members
  • 24,295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:19 AM

Posted 04 September 2017 - 04:33 PM

It seems you can unlock a hibernated partition using ntfsfix.

 

https://computingforgeeks.com/how-to-fix-unable-to-mount-windows-ntfs-filesystem-due-to-hibernation-on-ubuntudebian-and-kali-linux/



#15 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:19 AM

Posted 04 September 2017 - 04:38 PM

If I can get the proper command to do this I'll give er a go in practice on another one of my computers.  That's if the same condition exists.  In this particular case via msconfig, Under the Boot Tab, the system was set to "safe boot", and "Timeout" was set to 4sec, instead of 30sec.  I wonder if this was causing the Unable to Mount issue, though it would seem not.  


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users