Jump to content


Photo

Boot disks and recovery environments


  • Please log in to reply
20 replies to this topic

#1 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 16 May 2004 - 02:41 PM

With all of the posts about spyware, antivirus, firewall and process viewer utilities, I feel that there is something missing—boot disks. There are many computer problems that could render a system unbootable and your data inaccessible. By the time they occur it is already too late to start thinking about boot disks. Boot disks are very important utilities and I am amazed at how many people do not have one. Fortunately boot disks are not that hard to create or they can be downloaded from many locations on the internet: http://www.bootdisk.com/bootdisk.htm http://www.freepctec.../files010.shtml
If you download one, make sure it is for your Operating System.

For Windows 95, 98 and ME (you will need 1 blank floppy disk): click on the ‘start’ menu, go to ‘settings’, then click on ‘control panel’. Once in the control panel, click on ‘add/remove programs’. When the new window opens, click on the ‘startup disk’ tab, and last click on ‘create disk’.
For Windows 2000: http://www.microsoft...db_con_lurv.asp
For Windows XP : http://support.micro...kb;en-us;305595

Most boot disks contain minimal drivers and run a stripped down version of the DOS operating system or Linux.


Recovery environments are generally more complex, vary in size greatly, and can cause more harm if used improperly, however recovery environments generally have a more familiar look and feel to them. In most instances all you need is a boot disk and not a recovery environment.

Probably the best known recovery environments for windows systems are Microsoft Windows Pre-installation Environment (PE) (MSDN subscribers only), Bart's WinPE (freeware) and Winternals' ERD Commander (Payware, as in very expensive).

Probably the best known recovery environment for Linux systems is Knoppix. Knoppix CDs vary greatly in included software and in size (less than 20mb-greater than 700mb).

Edit: corrected an informational error regarding XP boot disks.

Edited by Trilobite, 04 August 2006 - 10:43 AM.


#2 Gwyrox732

Gwyrox732

    Gwy|is|here

  • Helper
  • PipPipPipPipPip
  • 514 posts

Posted 16 August 2004 - 10:59 AM

Windows also has a recovery environment (of sorts) already built in. It's an update of the old program manager. You can use it by changing the "Shell=" lin in c:\windows\System.ini to progman.exe (as opposed to explorer.exe). Or, if you can't get to explorer, starting in dos-mode navigating to c:\windows then "edit System.ini" and changing it from there. Or you can even use it full-time, as I do, but that's my problem :p .
Quote from Original CWS Article at SWI: "There could be other domains involved in the future." ... We've come a long way since then

Malware esan mala, ji mi disaman. SWI ji kikan ekster!

PM me if you know what that says. Whoever gets it right gets put here!
Bagman wins, good job!

#3 macaroo

macaroo

    Advanced Member

  • Full Member
  • PipPipPip
  • 169 posts

Posted 17 August 2004 - 08:59 AM

Thanks for the kick in the seat to create these seldom used but vital utilities. I had a problem with the XP & XP Pro startup downloads. When you try to save them (+4MB) to floppy, I get a message that the program is too large, use a larger disk to store. I thought XP would have enough intelligence to prompt for multiple disks. Also I see, it is used to start up a system that has lost it's ability to use the CD-ROM so the floppy disk is the proper start up media.

#4 JRosenfeld

JRosenfeld

    Advanced Member

  • Full Member
  • PipPipPip
  • 143 posts

Posted 17 August 2004 - 10:54 AM

sorry misread first post. Also had problems editing this, it would not load back on

Edited by JRosenfeld, 17 August 2004 - 11:08 AM.


#5 Noone

Noone

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 17 August 2004 - 11:44 PM

You can get FreeDOS-based bootdisks from http://www.fdos.org/bootdisks/

The newer disk images aren't tested, though. To write the images to a disk, use RawWrite.

#6 nl255

nl255

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 14 September 2004 - 04:38 PM

Newer versions of Knoppix can read and write NTFS formated disks thanks to the captive driver, which actually allows the Windows XP NTFS driver to run in linux. These files can be retrieved from either the XP instalation itself, or from XP SP1.

#7 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 27 October 2004 - 11:15 PM

Datapol has re-released their NTFS4DOS DOS driver for full read/write capabilities to ntfs formatted hard disks as FREEWARE (ntfs is commonly found on Windows NT, 2000, XP and 2003 systems).

The freeware (personal use only) version of NTFS4DOS includes a utility for creating a single floppy, DOS boot disk that includes this driver.

http://www.datapol.de/dpd/freeware/

#8 preston

preston

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 11 February 2005 - 05:15 PM

Trilobite ... can you suggest a tutorial for someone who doesn't know what boot disks are ?

While helping a friend rebuild an XP system that had been trashed by PhatBot(?) we used the set of 6 recovery CD's.
I'm wondering if we could have solved our problem without resorting to such drastic measures ... ie: could we have accomplished the same thing using the boot disks ?

thanks

#9 Konky

Konky

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 13 February 2005 - 04:26 AM

A great tool to have on hand is ultimate boot cd. This is a great cd if you want all boot utilities you may need to use in one place.


Posted Image



Ultimate Boot CD

#10 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 13 February 2005 - 11:06 AM

Trilobite ... can you suggest a tutorial for someone who doesn't know what boot disks are ?

While helping a friend rebuild an XP system that had been trashed by PhatBot(?) we used the set of 6 recovery CD's.
I'm wondering if we  could have solved our problem without resorting to such drastic measures ... ie: could we have accomplished the same thing using the boot disks ?

thanks

View Post

Boot disks are essentially miniaturized operating systems containing just a few essential utility programs. They are analogous to the spare tire in your car, they are not meant for optimal performance of your computer, but they will allow you to move about your system, copy, delete or move files, change some settings, format disks and check for some hardware and even some software problems.

There are a number of tutorials on boot disks throughout the internet. http://www.pcworld.c...id,44202,00.asp and http://www.pcguide.c.../bu/boot-c.html both have good information on what boot disks are and how to create them. You might also find more information with a google search.

If you are reinstalling an OS, then it is best to have the original install CD. Most Windows 98, ME, 2000, XP and up install CDs are themselves bootable. Windows 2000, XP and up install CDs also include a recovery console which can be used to repair and rebuild a system.

Yes, you could have accomplished the same thing using different boot disks. For instance, if you wanted to reinstall windows XP, you could boot the system using a Windows 98 boot disk, navigate to the XP install directory on the CD and run the XP install program.
If you wanted to retrieve data off of your hard disk, you could use just about any boot disk, you just need to be sure you have the right type of boot disk for your hard drive’s file format…ie. Linix boot disk for Linux formatted disks, NTFS driver for NTFS formatted disks.
For my system, Windows XP NTFS formatted, I keep a copy of Bart's Windows PE ready for emergencies. In a pinch, I can boot to Bart’s PE, read data from the NTFS disks, copy the data to a USB drive or burn the data to CD all from within Bart’s PE. I also keep a modified Windows 98 boot floppy on hand that contains Iomega DOS USB drivers, the NTFS4DOS driver, and the Volkov Commander file manager. This boot floppy accomplishes much of the same thing as Bart’s PE, I can copy, delete or move files to and from FAT and NTFS formatted disks to USB disks (I don’t have CD burning yet though).

You could also use a pre-made utility boot disk such as the Ultimate Boot CD that Konky mentioned or the 911 Rescue CD to setup, repair or rebuild your system.

#11 Griffinml

Griffinml

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 22 February 2005 - 10:47 AM

Which spyware remover programs do work with Bart PE?

Is it possible to edit installed windows registry with BartPE?

Is there automated VX2 disinfector for it?

#12 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 22 February 2005 - 05:29 PM

Which spyware remover programs do work with Bart PE?

View Post

None work at 100%. The problem arises when the anti-spyware program scans the registry for infections. Since Bart’s PE has it’s own registry, the anti-spyware program scans Bart’s PE registry instead of the installed Window’s registry. In order to use anti-spyware programs, such as ad-aware, you need to utilize a third party registry wrapper, such as runscanner which is available as a plugin for Bart’s PE. I have tested an older version of runscanner with HijackThis and Ad-Aware and I have found that it works…to a point. Even with the registry wrapper, HJT couldn’t properly read certain files such as the HOSTS file. Additionally, when fixing certain registry entries with HJT and runscanner, the fix was not “clean”. Some of the problems were fixed properly, others were not. Plus, in some of my tests, the combination of HJT and runscanner resulted in slight corruptions and garbage left in the target registry.
I think this method has a lot of promise, particularly for combating rootkits. However, at this time, this type of method is a little to buggy and I would not use it on my system. However, I would love to see a Windows PE version of HijackThis (hint…hint Merijn ;) ).

Is it possible to edit installed windows registry with BartPE?

Yes it is. Several of the commercial recovery environments have utilities that will do this and I believe there are several plugins available for Bart’s PE that will allow you to remotely edit the installed Windows registry. You might get more information at the 911 CD forums.

Is there automated VX2 disinfector for it?

None that I am aware of.
You might be able to use existing removers with a registry wrapper, but again, use this method at your own risk as I feel that this method is currently still too buggy.

Edited by Trilobite, 22 February 2005 - 05:32 PM.


#13 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 16 July 2005 - 06:27 PM

I have recently run across the antivirus boot CD, RescueME for DOS. (Direct download link is in the upper right of the linked page)
RescueME for DOS is a bootable CD containing free DOS antivirus programs from F-PROT, McAfee, and Sophos. All of which can be run from Free DOS (included on the CD).

This is nothing new for boot disks. Many people have built their own antivirus boot disks using DOS antivirus programs. Even the Ultimate Boot CD (mentioned above) contains antivirus programs. Also many antivirus programs will even create their own rescue disk sets.

What makes RescueME for DOS different is that it contains the means to easily build the CD with the most recent antivirus updates instead of relying on existing disk containing recent, but still outdated virus definitions. The download of RescueME for DOS does not contain the antivirus programs themselves, but rather it contains small batch programs that when run, automatically download the latest scan engines and virus definitions for F-PROT, McAfee, and Sophos antiviruses.

You can also download and integrate NTFS4DOS into this disk allowing the antivirus programs to scan the newer NTFS file systems found on some installations of Windows 2000 and XP.

#14 Nicole W

Nicole W

    Advanced Member

  • Full Member
  • PipPipPip
  • 106 posts

Posted 04 August 2006 - 09:08 AM

This is really confusing :unsure: Can someone link me directly and explain in simple details what I need to do to creat a boot disc

I have:

-Endless blank Cd-R's
-10 1.4MB Floppies
-Windows Xp professional SP2 (FAT32 I think)
-A Cd writer
-A dead brain

Thanks :)

#15 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 04 August 2006 - 11:34 AM

To check to see whether your hard disk is formatted in FAT32 or NTFS:
1. Double click on “My Computer” on your desktop.
2. Under “Hard Disk Drives” right click on “Local Disk (C:)” and select “Properties”.
3. Under the “General” tab look for “file system”. If it says NTFS, then your disk is formated in NTFS. Similarly if it says FAT32, then your disk is formatted in FAT32.

If your disk is formatted in FAT32:
Option 1:
1. Insert a blank floppy into your floppy drive.
2. Double click on “My Computer” on your desktop.
3. Right click on “3 ˝ Floppy (A:)” and select “Format…”.
4. Under “format Options” check “Create an MS-DOS startup disk.
5. Click “Start’ and wait for formatting to complete.
6. You now have a boot disk that can read and write to your hard disks.

Option 2 (recommended): Do not create a separate boot disk, but use the recovery console that is part of your Windows XP (re)installation CD. Please see Microsoft support article “To start the computer and use the Recovery Console” on instructions on how to do this.

If your disk is formatted in NTFS:
Option 1: Read Microsoft support article “How To Create a Boot Disk for an NTFS or FAT Partition in Windows XP”.

Option 2 (recommended): Do not create a separate boot disk, but use the recovery console that is part of your Windows XP (re)installation CD. Please see Microsoft support article “To start the computer and use the Recovery Console” on instructions on how to do this.

Option 3 (advanced): Create a Reatogo (Simplified Bart’s PE) recovery environment. This is a much easier and more outomated way to create a Bart’s PE CD. Step-by-step instructions can be found at the Reatogo website and the Reatogo support forums. The advantage of Reatogo recovery environment is that it uses the familiar Windows user environment (ie mouse, start menu, windows explorer…) and it can easily support CD burning and external drives.

Edited by Trilobite, 04 August 2006 - 11:42 AM.


#16 Morpheus

Morpheus

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 13 November 2006 - 03:03 AM

Recovery of data from FAT or NTFS formated hard drive.
Stellar Phoenix FAT & NTFS - data recovery software is file and partition recovery utility which recovers all data lost due to formated hard drive, software malfunction, file/directory deletion.
Provides Partition recovery from FAT16, FAT32, NTFS, NTFS5 file systems.
Performs NTFS recovery on all IDE, EIDE and SCSI disk devices.

EDIT: Links removed - probable SPAM...

Edited by Budfred, 09 January 2012 - 09:33 AM.


#17 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 13 November 2006 - 08:04 AM

Recovery of data from FAT or NTFS formated hard drive.
Stellar Phoenix FAT & NTFS - data recovery software is file and partition recovery utility which recovers all data lost due to formated hard drive, software malfunction, file/directory deletion.
Provides Partition recovery from FAT16, FAT32, NTFS, NTFS5 file systems.
Performs NTFS recovery on all IDE, EIDE and SCSI disk devices.

Both of your posts to this forum seem to be here to promote this product... That looks an awful lot like SPAM...

Caution is advised... This program is NOT endorsed by SWI and you use at your own risk...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#18 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 11 April 2008 - 10:16 AM

Leon123, I have split your post off to a thread of your own. http://www.spywarein...h...=115669&hl=

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#19 picasso

picasso

    Member

  • Ambassador
  • Pip
  • 79 posts

Posted 25 February 2010 - 07:03 PM

It's worth to add Paragon Rescue Kit Express (free for non commercial use only)

Link:


http://www.paragon-s...ome/rk-express/

Registration required. You receive confirmation e-mail with details and SN number. Form: "ready" = bootable wizard creator, produces ISO or direct bootable CD.

Features:

- Among others: SATA/eSATA/SCSI support
- Easy file transfer wizard (migrate important data from broken system to alternate media)
- Undelete partitions
- Boot Corrector - replacement for commands from weak Recovery Console and WinRE (Startup Repair module / bootrec commands). You can process with boot.ini and BCD configurations, make MBR fix, and other micro work with partitions. Supported types: MBR + GPT disks.

Posted Image

Edited by picasso, 17 May 2010 - 07:21 PM.


#20 alacemessi04

alacemessi04

    Member

  • Banned
  • Pip
  • 1 posts

Posted 09 January 2012 - 04:54 AM

Recovery of data from FAT or NTFS formated hard drive.
Stellar Phoenix FAT & NTFS - data recovery software is file and partition recovery utility which recovers all data lost due to formated hard drive, software malfunction, file/directory deletion.
Provides Partition recovery from FAT16, FAT32, NTFS, NTFS5 file systems.
Performs NTFS recovery on all IDE, EIDE and SCSI disk devices.



Another such efficient recovery tool is freentfsrecovery.com free NTFS recovery software. It is with the advanced techniques for finding the data from the NTFS partition. The tool easily recovers data from NTFS partition in few clicks. you get preview options too.

EDIT: People who join the forum and immediately post links to software are considered dubious... Please note that the software mentioned or the website in question could be dangerous and visit at your own risk... Link disabled for that reason...

Edited by Budfred, 09 January 2012 - 09:23 AM.


#21 psychicguy

psychicguy

    Member

  • Helper Trainee
  • Pip
  • 87 posts

Posted 14 September 2014 - 04:50 PM

Do you have any suggestions for Windows 7 x64 Boot Disk Recovery Environments?  I need a good one that's free :p






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button