This article deals with how to look after a PC that is dangerously at risk - not powering up, crashes all the time, can't find the user profile, reports bad registry or explicit disk errors etc. It does not look at wider implications beyond the PC, such as: Has confidential data been leaked? Has it infected the rest of the network? and so on.
First thing: Forget your initial goal of "getting into Windows"! Back all the way out; there's more at stake than you think...
Is my data safe? Prolly NOT
Is it safe to run Windows? NO
Is it safe to write to the HD? NO
Is it safe to spin the HD? Maybe NOT
Is it safe to turn on the PC? Maybe (fans?)
What follows is an uber-cautious approach that has the best chance of fewest casualties. It's geeky, so if it looks intimidating, get a tech to help. This example uses Win9x DOS mode as the maintenance OS, but there are other options.
I'd split the process into two tracks...
Track 1: Hard drive
Track 2: Rest of PC
...and only then bring them together towards running Windows again
So step one is to open the case and get the hard drive out, unplugging from the mains first.
The hard drive (HD) is then dropped into a known-good PC for Track 1 - do not run Windows on the host PC until you know it is safe to do so - while the rest of the PC undergoes Track 2. We want to minimize the risks that too-early exposure to Windows can pose, namely:
This is heavy-duty maintenance, where the role of Windows is by necessity limited.
Download the required tools, depending on what your stricken PC's file system was. If NTFS, pull down ReadNTFS and resign yourself to loss of Long File Names (LFNs). If FATxx, smile with relief and pull down Odi's LFN Tools.
Also, get DOS-based antivirus from F-Prot, NOD32 and/or Sophos, and pull down HD diagnostic from your HD vendor's site, a RAM checker from www.memtest.org and/or www.simmtester.com, and a partition manager from www.bootitng.com
All of this is done from the known-good PC, of course. Make sure you have a way of running that PC from a Win9x DOS mode, as we will use that as a maintenance OS in what follows on both this and the stricken PC. Make whatever non-HD boot disk you like; diskette will do.
Finally, create a directory on the host to receive your HD's data, on a FATxx volume so you can write to it from DOS mode and virus check it as well. You don't want to put your host at risk!
Unplug the host PC from mains, add your hard drive as the sole device on the secondary xIDE channel. Plug in but at this point stay out of Windows; boot DOS mode instead. Familiarize yourself with where everything is, i.e. what paths to use to your stricken HD (I will use "D:" here) and when you will dump to (I will use "C:\BADHD")
The first thing we will do is "cherry-pick" your most important data off the stricken HD. You will need to know where this data is, using 8.3 name syntax like C:\DOCUME~1\Blah\Blah\Blah. Yuk, I know.
If file system is NTFS, use ReadNTFS to see the stricken HD. Navigate in and copy off your crucial subtrees.
If FAT32, go for broke with this Odi's LFN Tools command:
LCopy D:\* C:\BADHD /A /S
The above command - which requires FATxx to work - will potentially give you everything off the entire HD, LFNs and all. If there are bad sectors, you will see this on screen, but the process won't stop, bog down for a week on retries, or abort. If lots of bad sectors, press Ctl-C to abort and zoom in to the crucials as you had to do in the NTFS case.
Having got off the crucials, we now try to get the whole shebang via a partition-level image, using Boot It New Generation (BING). Bing boots off diskette and first wants to install itself; cancel that, and it will let you into "partition maintenance mode", which is where you want to be. Highlight your stricken HD, and then each volume on that it turn. Choose image copy, and save the image into the host's C:\BADHD in CDR-sized (640M) chunks.
BING image transfer can take a long time - several days, if it hits bad sectors. The first bad sector will cause it to stop and warn you that what you get may be damaged; you have to hang around to click through that. Thereafter it will grind on. If the HD dies during these days of spin time, you end up with nothing; hence the cherry-picking phase that preceded this attempt!
Now that your data is safe, you can determine whether:
If NTFS, you can boot up the host's Windows NT at this point, disable System Restore on your stricken HD (else it will kill your HD's SR data!) and copy off the data that way, which preserves LFNs.
While all the above is going on, on another bench, you tackle the rest of the stricken PC. First, with it unplugged from the mains, you check the construction for loose/shorting wires, disconnected or stuck fans, loose metal objects, and gooey dust that may be shorting out chip's solder pads (esp. around the processor fan's downdraft area). Look out for bulging motherboard caps too.
Now try booting up the PC to CMOS setup, and if that works, look at the voltages and temperatures if there's a facility to do so. Visually check that all fans are running.
If you can't get into CMOS, then you have to strip test the system. Be careful not allow the Windows installation on the stricken HD to sniff the reduced hardware, which might otherwise bring down the wrath of Windows Product Activation - like you don't have enough to worry about already.
Once everything's bolted together and working (or you've identified and pulled out the bad card that stopped this from happening), boot into SIMMTester or (IMO better) MemTest86, and leave that running while you grind away at Track 1.
By now, Track 2 has resulted in a working PC with good RAM that doesn't overheat or spontaneously reboot due to bad PSU or whatever. Track 1 has resulted in a physically good HD (either your original, or the replacement for it if it was bad) that contains your file set on it, on a now-good file system and that is known to be free of at least the traditional malware that antivirus utilities deign to look for and fix.
Now, for the first time, it's safe to try and get your fair-weather-friend Windows OS back in the saddle and working. No matter how badly what follows messes up (you might try a System Restore first, who knows it might work) you can fall back to that whole-HD partition level image you backed up in Track 1.
When all is done, you may want to keep the maintenance tools you used for next time. Some are free, and some are to paid for if you keep and re-use them. If they saved your bacon, you may want to "say thanks"!
(C) Chris Quirke, all rights reserved - May 2004, MemTest link updated July 2004