Busted Laptop Hard Drive : Caused by Virus?

[Heofz]

Evening chaps/chappettes, this may be a long post so please bear with me:

My father approached me with a problem, in the form of laptop which refused to load windows, whose hard drive contains a lot of precious data which he (in)conveniently has not backed up.

He remembers opening an email attachment and all of a sudden was bombarded with porn popups which would not stop coming, so he powered down his machine. From this point on, it would only ever reach the windows xp loading screen and then immediately throw a blue-screen error.

It even managed to get to the safe mode options menu however no matter which option was chosen the blue screen would still happen.

Tried reinstalling windows, but this didn't work (some random error I never saw before - 99% sure it was caused by the problem mentioned above), and for some reason the recovery console could not detect a windows installation at all.

I have since removed the laptop hard drive, bought a LaptopHD-to-ide adaptor and tried running data recovery software (GetDataBack™ NTFS - worked wonders for me in the past) on my own pc as the surrogate with this hard drive connected via IDE. When trying to examine the contents of the disk, GetDataBack would just freeze and cause my PC to blue screen.

I am stumped at the moment. Is there anything else I can try to get the data back off it?

The hard drive is a Fujitsu 40GB
Model MHR2040AT
Rev #: 5

Any help/advice would be muchly appreciated

 

[ByteJuggler]

The filesystem itself might be corrupted in a way that crashes/stumps the ntfs filesystem drivers hence causing the blue screen. Yes I know it sounds crazy but I've seen it happen (indeed once was when a friend-ess of mine somehow also managed to kill their PC through some dodgy software they erm, acquired over the internet.) Anyway, I've previously been able to salvage data off such drives using a Linux recovery CD (in fact I eventually after much pratting about got it booting again which was rather cool.) Using a linux recovery cd is going to be more involved than a point and click app though, so you need to have some patience and be prepared to learn about something a little different if you want to go down that route. If you're interested I'll make a few further suggestions in that regard and will try helping you.

 

[Heofz]

That route sounds very appealing indeed, if you're not too bothered helping me out I would very much like to give this a try

I do have some (well, very limited) experience with linux; I once installed mandrake dual boot on my pc once, didnt like how it performed and removed it shortly afterwards though!

But if this works I'll buy you a pint

 

[ByteJuggler]

I'm sorry mate, nearly forgot/missed about this post. Been rather busy the last day or so.

Download this ISO and burn it to CD:

http://www.sysresccd.org/Download

Next, we need to decide on a strategy. Just to fill me in on the possibilities: You say you have a laptop to IDE converted and connected the drive to your main PC? Do you have another PC with a network between the 2 available? Is your PC reachable from the internet/can you set up port forwards on your router (or do you use a USB modem for your broadband?) Do you have a DVD writer in your PC? How much data on the laptop drive estimated?

The key thing to decide (presuming we can actually mount and read files from the troubled laptop disk) is to decide where and how to copy the files to. Writing to NTFS partitions that are directly mounted is possible either in limited fashion natively, or in fairly fully fledged fashion with some jiggery pokery using Windows XP's ntfs driver (but I try to stay away from that if possible.) But native write support is limited. What works well is a FAT32 temporary partition as this is fully supported. If you have an empty partition or area of disk or spare disk we can temporarily format FAT32 then I might prefer that, however in a pinch with a bit more fiddling we can probably make NTFS work if we want. Also anoter option, writing to a Windows Share on another machine using a network is dead easy, as is copying files between 2 PC's both booted with the rescue cd into Linux (after starting a secure shell service on one of them) again providing the network adapters work. (This tends to not be a problem these days.)

Let me know what we have to work with.

 

[Heofz]

Thanks for the reply

I tried replying this morning but was unable to process the words in my brain due to the vast quantity of alcohol residing in my bloodstream

Here is what I have to work with:

• My PC is networked... wirelessly (Netgear WG311T wireless card)
• On the same network there are multiple PCs I can "C$-Share" in to dump files.
• There's probably maybe 10-20GB's of data to recover however I am not sure, will need to see
• Some of the data (assuming i can recover it of course) may be riddled with viruses, so I'll need to take precautions especially with .exe's etc
• I could juggle around some data to empty one of my partitions and format it in fat32 seeing as thats easier/faster than networking (especially as I'm using wireless)

I'm just downloading the ISO now, will get the fat32 partition ready. Is this boot cd easy to use?

 

[ByteJuggler]

Hello,

I forgot to ask, are you on MSN/YAHOO or such? If so we can probably try a semi-guided session with me giving driving directions etc. Might be simpler than carrying on this conversation in forum.

Thanks for the reply
I tried replying this morning but was unable to process the words in my brain due to the vast quantity of alcohol residing in my bloodstream

Here is what I have to work with:

• My PC is networked... wirelessly (Netgear WG311T wireless card)

• 
  
  Wireless... we'll have to see. Wireless up until recently has been less well supported than wired adapters in Linux. I don't know how new the kernel on that version of recovery CD is.
  
  

  [*]On the same network there are multiple PCs I can "C$-Share" in to dump files.

  
  OK...
  
  

  [*]There's probably maybe 10-20GB's of data to recover however I am not sure, will need to see

  
  OK, assuming we can successfully mount the partition from Linux, that's easy to check anyway (it's just obviously better to prepare the "target" space up front if possible.)
  
  

  [*]Some of the data (assuming i can recover it of course) may be riddled with viruses, so I'll need to take precautions especially with .exe's etc

  
  OK, well obviously those pose zero danger to Linux. IIRC that rescue CD actually contains an anti virus scanner for Windows viruses, so you might even be able to clean the files while in Linux, after copying them. Even if we don't do that, you should be able to clean the files after copying in Windows, providing you don't run any of them. If you're really paranoid about that, you can always build yourself a Windows based boot CD as well with virus scanner included. (See http://www.nu2.nu/pebuilder/ )
  
  

  [*]I could juggle around some data to empty one of my partitions and format it in fat32 seeing as thats easier/faster than networking (especially as I'm using wireless)

  
  I'd prefer that. It avoids complications/messing about with wifi config and NTFS. (It's doable but it is simpler to avoid complications.)
  

I'm just downloading the ISO now, will get the fat32 partition ready. Is this boot cd easy to use?

I find it easy. But I've got many years of experience with Unix/Linux as well as DOS and the Windows command line. If you're a Windows GUI type person that shuns command line interfaces completely then you'll possibly find it a difficult place as this CD doesn't boot a graphical desktop and only boots to the Linux command line. However my gut feel is that you should find it reasonably easy once you've gained some familiarity with the "landscape" as it were.

 

[Steve09]

Give it to PC World or someone

Of course it will cost you/Dad, but atleast they will get it working definitely and recover his stuff, if not, you don't pay them

 

[Heofz]

<snip>

I haven't dealt with linux command lines much but I've played around with Bash with a SSH a couple of years back.

I've added ** MSN from your trust, not sure if it has worked, do you wanna add mine?

Give it to PC World or someone

Of course it will cost you/Dad, but atleast they will get it working definitely and recover his stuff, if not, you don't pay them

lol PC world? I got a couple of mates who worked at PC world tech place, trust me you don't want to give them ANYTHING. tbh I'd much rather do this recovery myself than hand it over to somebody else. If anything were to happen to the hard drive I would just have to take their word for it but if I do it all myself I only have myself to blame. That's the way I like it