Question

  • Creator
    Topic
  • #3998797

    User folder missing

    by matt1636653145 ·

    I’m stumped. There are lots of ways to lose a user folder, but I can’t find any record of one vanishing like this. First, there was only one user. Now there are none. The client, of course, has data they want retrieved.

    My first idea was to pull the drive and try to copy files from a working computer. That’s how I discovered that there was no user folder to copy from.

    Second, I attempted to recover the whole partition. The theory was that perhaps the folder was somehow de-listed and I might recover it whole.

    Third, I ran a file recovery to pull out files individually by their extensions. This did not bring up even one file of the type requested by the client. I was able to identify some document files that belonged to the client, so there is data there to recover.

    I put the hard drive back into the original machine to attempt repairing the file system from an install stick with chkdsk and sfc. Chkdsk corrected some errors, but there was no visible change. Sfc was unable to perform the requested operation.

    Since all the basic stuff didn’t have any effect, I turned to google. Most of the solutions I found were generic “missing folder” scenarios such as accidentally setting one to hidden, or numerous others assuming that you could still log in to windows. Others focused on downloading some recovery software or other (also assuming you could still log in). I found a couple references that mentioned how the file could be misplaced by an error in the registry, similar to the issue where the user file is renamed and a temporary profile comes up after an update gone wrong.

    This is where it gets weird. I pulled up regedit with cmd, which was running from the repair options on an install stick. I opened it from C:/Users which should point it at the drive I’m trying to repair. The only entries under HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList are the three defaults S-1-5-18, S-1-5-19, and S-1-5-20. I was expecting one with an SID.

    That brings us to the question: How do you delete the only user profile so completely that the registry entry goes with it? And how would I bring it back?

    Consider this: Any physical damage is astronomically unlikely to nuke both the user folder and the registry entry for it. Any intentional deletion from within windows faces numerous obstacles and would require another profile. Any malicious actor would gain nothing from an attack like this.

You are posting a reply to: User folder missing

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Answers

  • Author
    Replies
    • #3998830
      Avatar photo

      Reply To: User folder missing

      by birdmantd ·

      In reply to User folder missing

      I wonder if you were a victim of a Malware attack or virus that affected your computer and deleted or hid the file that you cannot find any longer. Could have been an attack that requested you to pay a fee to restore the computer files/integrity. I can only speculate on this point. Best wishes.

      • This reply was modified 1 year, 5 months ago by Avatar photobirdmantd.
    • #3998848
      Avatar photo

      Re: user folder missing

      by kees_b ·

      In reply to User folder missing

      Strange indeed. Deleting a folder from Linux is trivial, but deleting it from the registry from Linux seems difficult.

      Anyway, things like this are why we backup what we don’t want to lose. Apparently, your client didn’t.
      And it’s a good practice to have a spare administrative user (don’t forget the password) to login to if something happens to the one normally used. Apparently, your client didn’t make that.

      Sorry for the client.

      • #3998939
        Avatar photo

        Yes, I did read the original post

        by birdmantd ·

        In reply to Re: user folder missing

        And you are welcome. I only offered an opinion and nothing more. Take it or leave it. Sorry I even responded to your original post now. Have a good day.

    • #3998966

      Reply To: User folder missing

      by JIBON SARKER ·

      In reply to User folder missing

      You may have set the missing file or folder as hidden and forgotten. So the best way to search for them is to enable this view and look for it. Open File Explorer and click on View > Show > Hidden Items menu. Go to the folder where you expected the file to be, and then check if the folder is visible

      • #3999479

        It’s not ransomware, simple deletion, or hidden!

        by matt1636653145 ·

        In reply to Reply To: User folder missing

        I guess I didn’t make this clear enough in my original post. It’s not ransomware! There is no ransom message, the folder is NOT hidden, THERE IS NO PROFILE TO LOG IN TO.

        The computer does not even display a login page, it boot loops. Ransomware or deletion or hiding the folder would not make the profile fail to show up in the registry.

        The OS is Windows 10 (hence being posted under Windows OS).

    • #3999599

      deleting folder Linux

      by k.elonmusk96 ·

      In reply to User folder missing

      Deleting a folder from Linux is trivial, but deleting it from the registry from Linux seems difficult.

      Anyway, things like this are why we backup what we don’t want to lose. Apparently, your client didn’t.
      And it’s a good practice to have a spare administrative user (don’t forget the password) to login to if something happens to the one normally used. Apparently, your client didn’t make that.

Viewing 3 reply threads