Question

Locked

Recovering Boot Partition on new hard drive

By wb9omc ·
[it was requested in another area that I repost here]

Hi all, I have an interesting situation that I'd like to get resolved and thought this might be a good forum to check with.

Sometime back I put a second HDD into my HP Pavilion a730n. Since the original HDD has some age to it (about 8 years) I wanted to make the new drive
the boot drive. Did that, and being newer it is also faster, etc. However, some
malware MAY have trashed up parts of the OS on the new drive.
In particular, if I boot from the new drive I cannot make ANY sort of connection
to my router or anything else. Digging at it a bit, the startup is really messed up with the dependancies no longer working together.

(it is possible that the seemingly miniscule malware had nothing to do with it - at
about the same time, there was an update glitch with two pieces of software
almost simultaneously and it was shortly after *that* happened that everything
hit the fan - to be specific, a piece of software decided it wanted to update
at the same time that I was listening to an audio CD. That seems like it should
have been innocuous enough, but the system really hung and was a bear to
get back running again after that happened.)

Fortunately, it is SOP for me NOT to delete stuff from an older HDD until I am
sure that the new one does not fail prematurely - and this incident happened
well within my rather long timeframe in that regard. SOOOO, I've been able to
simply boot from the original drive and have everything work from there. The
new drive does not seem *physically* bad and I can write to and read from it
with no problems.

What I'm thinking is the best way to recover is to:

1) backup the non-system stuff from the boot partition on the new drive
(I have a Western Digital 2TB USB drive which I had bought for storage and/or
backup which could be useful in this regard)

2) wipe the boot partition on the new drive

3) do a bit-for-bit copy of the original drive over to the boot partition of the new
drive (since the original drive now has more updates, etc)

4) then I can deal with program and data files that *were* on the new drive in
my own sweet time

Question is, is this the best way to get the job done.......and, how do I GET it
done?

FYI, I just completed a boot-time scan that ferreted out some very deeply buried
malware. I had read some articles about "rootkits" and related junk, and the
boot-time scan was strongly suggested as a means to nail the real sneaky
stuff that can hide itself once Windows starts up. By scanning BEFORE that,
so the articles said, the malware that is apparently dependant on having
windows running can't do much and maybe do nothing. So at this point, I
should be pretty crap-free and since the incident, my running scans and so
on has been more frequent and my operating practices more "tight" to try
and prevent further occurences. Also made some software changes in the
security area to try and beef up the prevention......

OS - XP home edition, SP3 plus frequent updates

Opinions?

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Consider a repair install

by gechurch In reply to Recovering Boot Partition ...

If I were you I'd definitely do a repair installation of Windows. A repair install reinstalls all the WIndows system files, but leaves your data, programs and settings in-place. There are a couple of things you need to know:
1) You will need the correct CD. In your case that's an XP Home SP3 disc. It also has to be the correct license type (that is OEM, volume, retail etc). If not it won't accept your product key.
2) You will be asked to enter your product key during the install. If you have a legit copy of Windows it should be on the sticker on the side of your case. If not you can retrieve your product key using a free tool (like Magical Jellybean). Such a tool will also tell you what license type it is.

To do the repair install put the CD in and boot from it. After it loads you will be given the option of choosing to repair Windows. You actually want to say no to this (this will take you to the recovery console - a DOS shell basically). Press F8 on the next screen (accept EULA) then on the next screen it should find your existing WIndows installation. It's on this screen you want to choose the option to repair. From then on it's like a normal Windows installation. Note that if your existing installation is not found you should just restart your computer - definitely do not install Windows over the top in this case.

If that doesn't work you can try running the command 'sfc /scannow' from within your Windows installation. This will run through your Windows files looking for any corrupt/non-geniune files. It will replace any dodgy files it finds (again, you'll need the correct Windows disc). This option is like a more limited version of the repair install.

If neither of the above work I'd either look at running through your idea, or doing a fresh install of Windows (this is preferable if it's possible, but you'll need to install all of your programs again).

Whichever option you choose, I recommend cloning your current hard drive before you start. Tools like Norton Ghost (commercial), Acronis True Image (commercial), Macrium Reflect (free) or CloneZilla (free) will all let you clone your entire hard drive to a file on your 2TB USB drive. If anything should go wrong you can restore the file and have your hard drive back exactly as it was before you started.

Good luck.

Collapse -

Reponse To Answer

by wb9omc In reply to Consider a repair install

Oh, I would give away body parts to have had a proper Microsoft XP CD. It did NOT come with the PC, and HP told me that they do not supply them, and that I'd have to get one from Microsoft. Microsoft, of course, pointed the finger at HP and said it was HP's responsibility. Much like with NEC on our previous computer and a Win98 CD, I went round and round with them both on this point and never got anywhere. Hence, NO XP CD.
This is also a reason why I did NOT remove XP from my original HDD after the copy to the new one. I wanted a backup since I didn't have the USB drive at that point. The actual intent with the old drive was to completely clean it off and use it for a nice big swap space as well as misc storage (to be backed up periodically) until it drops dead.

As for the other, I have both Norton Ghost and Acronis True Image available to me. So cloning a disk or copying in itself really isn't a problem. I used Acronis when I first installed the new HDD (it was highly recommended both by Western Digital AND a heck of a lot of on-line reviews as well as quite a few IT friends of mine) and it went smooth as silk.

Collapse -

fix mbr command

by databaseben In reply to Recovering Boot Partition ...

the command fix mbr will reset the master boot partition - that is if it is corrupted.

what i find interesting is that you can "ferret" out malware and had actually found some. so the question is "how in the world" is your system being contaminated? your concern should not be saving "freeware" and "bad ware" but to have a "lean and mean" computer system that functions as a machine instead of a safe that store's unused and outdated programs (especially freeware) that may be infecting the system.


and if you have any moneyware, then it should be no problem with removing them, wiping the disk clean, then re-installing them because you should have the serial numbers and product keys for them.

in any case, if the master boot record is damaged, the fix mbr can be used to repair it.

incidentally, the fix mbr command should not be used on laptops that have a hidden recovery partition because the command will remove the codes that execute the factory restore sub system..

Collapse -

Reponse To Answer

by wb9omc In reply to fix mbr command

the exact source of the system contamination is not known - I have only one incident that occurred right before the problem with the new HDD happened, and I am dubious as to whether or not this had anything to do with it. I was listening to an audio CD and one of the Anti-Virus decided to pick that time to do an update. This was set to "auto" at the time (it is NOT set to auto anymore - the software must now notify me and ASK me to do the update) and something about it acted like it badly conflicted with Windows Media Player. The computer hung totally and a power-cycle was the only way to clear it. The problem with the new HDD did NOT start immediately after that but it was only days or less.

Since then, I have the ability to do a boot-time scan that is designed to
nail down rootkits and so on that are smart enough to go hide when windows is actually running...........so they can evade ordinary scans. So far as I can tell, I have killed those nasty bugs off. I can't rule out that some remnant may be sitting out there. I can't rule out that an attack of some kind could happen again. I make judicious use of spam filtering while checking emails and I don't open links to unknown sites, etc., but we all know how many evil bugs are lurking out there and how the authors of them get more "creative" over time in making them MORE evil than they already are.

I suppose a logical question at this point before I run out and run the fix mbr command would be, what happens if the command disagrees with the MBR being corrupted and thinks it isn't? Sounds like being well backed up FIRST would be a smart idea..........

Collapse -

Reponse To Answer

by gechurch In reply to fix mbr command

In reply to the OP, nothing bad will happen by running fixmbr (except as already pointed out about recovery partitions). Unfortunately though running the fixmbr command won't help in your case. The MBR code is only used to start booting Windows. Since you can boot into Windows your MBR must be fine.

Collapse -

maybe its not infection

by databaseben In reply to Recovering Boot Partition ...

well, since the problem occurred while your were playing media and the antivirus did a download at the same time, then it might be you don't have an infection, per se.

some anti virus programs are overly aggressive or improperly configured. and then we can't be sure if the av was installing an updated virus definition file or an update to the program itself.

personally it is my opinion that most free anti virus programs are spywares in disguised and track and log what they scan. then this information is exchanged at the time they download the virus definitions. but this is my opinion. however, i can say that since switching to microsofts av, i don't get infections and false positives anymore.

in any case, what i would do is to uninstall the a.v., run a check disk and see if the system preforms better.

Back to Hardware Forum
7 total posts (Page 1 of 1)  

Hardware Forums