Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 42

Thread: HowTo: Fix Corrupted Windows Registry from Ubuntu partition

  1. #21
    Join Date
    Jan 2010
    Beans
    1

    Re: HowTo: Fix Corrupted Windows Registry from Ubuntu partition

    Here is a slightly strange but related question. My apologise that I start off talking about Windows but nobody is perfect!!

    Background:

    "OS: Windows 7 Home Premium OA

    Start up and installation worked first round. I then made the following partitions:

    C:Windows (original system partition)
    D: Data (here I put all my working files)
    F: Executables (here are all the binary executables that I use)

    I moved some files from C:\Programs to F:\Programs.

    Everything worked fine.

    Then I got clever and decided to change F:Executables to E:Executables (E for Executables) to do this I had to move EVD (original system default) to a new letter. I chose OVD (O for 'Optical') and moved F: to E:.

    Then I re-booted.

    Now the system boots all the way to the login screen except that there are no user choices. Windows itself has obviously started because other functions such as the 'Shutdown' and 'Restart' buttons work. But no User icons or boxes appear to select a user and enter a password."

    At this point I thought "DAMN and double BLAST!"

    After a bit of cursing and thinking (these often work well together) I had the idea to see what my (up until this point unused UBUNTU boot disk could do. In it went to the optical drive and started up a dream. In fact I had access to all the WIndows partitions as well. However, I can't seem to get windows applications to run under UBUNTU yet (mostly because I haven't tried very hard).

    I suspect that the problem with my Windows installation is that I need to fix some drive pointers in the windows registery file. Unfortunately the 'regedit' utility doesn't want to work directly under UBUNTO. When I double click on it in the file manager it complains that it must be some kind of corrupted *.zip file. Most unsatisfactory.

    After this very long post the basic question is:

    Can I open up and edit the windows registry file directly from UBUNTU?

    or

    Any other ideas?

  2. #22
    Join Date
    Nov 2008
    Beans
    99

    Re: HowTo: Fix Corrupted Windows Registry from Ubuntu partition

    Many thanks for your post. My daughters laptop contracted a windows logon logoff virus after opening an email attachment (yes, despite all those warnings). Every time she tried to start up, as soon as she entered her password the system logged off.

    I was able to boot up from an ubuntu disk and download and run an antivirus program (bitdefender) which cleared the original virus but the windows would still not stay logged on.

    I found your post and followed your instructions to replace the files as suggested. The problem was solved

  3. #23
    Join Date
    Dec 2008
    Location
    Baroda, India
    Beans
    112
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: HowTo: Fix Corrupted Windows Registry from Ubuntu partition

    Great!! Simply worked out of the box and now I've my partition recovered without needing to install either windows or ubuntu again. Very old and yet very useful information. I think there are lot many such problems that we need to address and properly document for other users also. Anyone interested working with me to document ?
    Tusker's Ubuntu Machine
    Nonsense - the Sense within

  4. #24
    Join Date
    Jul 2008
    Beans
    3

    Re: HowTo: Fix Corrupted Windows Registry from Ubuntu partition

    thanks for the gr8 tutorial, it really helped

  5. #25
    Join Date
    Dec 2008
    Location
    Baroda, India
    Beans
    112
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: HowTo: Fix Corrupted Windows Registry from Ubuntu partition

    Instructions are very old but still today they work like charm. Solved my problem this way and now windows is working well too. I think we need a proper guide for this kind of problems @ ubuntuforums.

    Many thanks for providing this superb solution, it saved my butt, literally..
    Tusker's Ubuntu Machine
    Nonsense - the Sense within

  6. #26
    Join Date
    Feb 2007
    Beans
    286
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: HowTo: Fix Corrupted Windows Registry from Ubuntu partition

    I wish I had seen this thread earlier. It would have saved me a lot of work. I have copied the entire thread to my computer for future reference.

    Thank you very much.
    Floyd
    Ault, CO, USA
    Registered Linux User 436727
    Registered Ubuntu User # 13092

  7. #27
    Join Date
    Feb 2010
    Beans
    1

    Re: HowTo: Fix Corrupted Windows Registry from Ubuntu partition

    Hi

    I just wanted to say thanks for posting this... you saved me a rebuild!

    Cheers

  8. #28
    Join Date
    Jul 2010
    Beans
    4

    Re: HowTo: Fix Corrupted Windows Registry from Ubuntu partition

    i'm having trouble understanding sudo ntfsfix /dev/<device-name>

    what do i put in for 'device name'? I put in the name of my hdd and i get:

    ubuntu@ubuntu:~$ sudo ntfsfix /media/SQ003938
    Mounting volume... Error opening partition device: Is a directory.
    Failed to startup volume: Is a directory.
    FAILED
    Last edited by the_flying_os; July 9th, 2010 at 08:54 AM.

  9. #29
    Join Date
    Apr 2006
    Location
    London
    Beans
    212
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: HowTo: Fix Corrupted Windows Registry from Ubuntu partition

    Quote Originally Posted by the_flying_os View Post
    i'm having trouble understanding sudo ntfsfix /dev/<device-name>

    what do i put in for 'device name'? I put in the name of my hdd and i get:

    ubuntu@ubuntu:~$ sudo ntfsfix /media/SQ003938
    Mounting volume... Error opening partition device: Is a directory.
    Failed to startup volume: Is a directory.
    FAILED
    The /media/SQ003938 is not your device name, it's a "mount point" (like a drive letter in Windows, sort of) - you could mount the same disk partition in several places on the Linux filesystem hierarchy (e.g. /tmp/fred, /media/usb_drive, /media/mydrive, etc). See https://help.ubuntu.com/community/Mount for more explanation of the concepts. Device names in Linux always start with /dev, e.g. /dev/sda1.

    Since your disk partition was already 'mounted' by Ubuntu, you can just type this into the command line shell:
    Code:
    df -h
    (shows disk free space) or
    Code:
    mount
    - find the line corresponding to your /media/SQ003938 and read out the device name.

    For example, here the /backup line is the mount point for /dev/sda5:
    Code:
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/sda2             9.3G  3.2G  5.7G  37% /
    varrun                247M  420K  246M   1% /var/run
    varlock               247M     0  247M   0% /var/lock
    udev                  247M   44K  247M   1% /dev
    devshm                247M     0  247M   0% /dev/shm
    /dev/sda1             228M  104M  113M  48% /boot
    /dev/sda5             683G  518G  138G  80% /backup
    Good luck with the recovery.

    Incidentally the link by 'Emilyroggers' above is for commercial software that runs on Windows, and not much use if your PC is unbootable.

    I had a bad block in the Windows registry on a laptop recently, which stopped me booting the PC. I would have used Ubuntu and GNU ddrescue to recover the whole disk if only my IT department didn't mandate the disk is encrypted - this technique of using an Ubuntu live CD only works with unencrypted disks (unless you use TrueCrypt perhaps). See https://help.ubuntu.com/community/DataRecovery for help with recovering hard disks on Ubuntu, including use of GNU ddrescue (package is 'gddrescue' on Ubuntu, not 'ddrescue' which is a different and less complete program).
    Last edited by Cato2; July 10th, 2010 at 07:23 AM. Reason: link to data recovery wiki page

  10. #30
    Join Date
    May 2008
    Location
    Kyiv, Ukraine
    Beans
    3
    Distro
    Ubuntu 10.04 Lucid Lynx

    Lightbulb Re: HowTo: Fix Corrupted Windows Registry from Ubuntu partition

    Nice tutorial, thank you. But what should a user do on a Windows machine if System restore points creation is turned off? In such a case your System Volume Information/_restore{xxx} folder will be empty.
    In connection with the Windows viruses and impossibility to start regedit or Windows in whole, sometimes Windows users need to edit the registry from outside. I've found, so far, the only utility in Linux chntpw, which was originally designed to reset passwords, and then acquired the registry editing ability.

    Editing the registry:

    1. Boot from a LiveCD or install a second system Ubuntu.

    2. Install chntpw utility:

    Code:
    sudo aptitude install chntpw
    3. Mount Windows partition:

    Find the Windows partition:

    Code:
    $ sudo fdisk -l
    Assume it is on /dev/sda2. Next step is mounting of the partiotion:

    Code:
    $ sudo mkdir /media/windows 
    $ sudo mount /dev/sda2 /media/windows
    4. Registry editing

    Code:
    $ chntpw -l /media/windows/Windows/system32/config/software
    Move to registry branch you need, for example:

    Code:
    $ cd Microsoft\Windows NT\CurrentVersion\Winlogon
    and edit a key, for example:

    Code:
    $ ed Shell
    Password resetting:

    1. See 1-3 of the previous section

    4. Find the user whose password will be changed

    $ chntpw -l /media/windows/Windows/system32/config/SAM

    5. Password resetting

    Code:
    $ chntpw /media/windows/Windows/system32/config/SAM -u Administrator
    Just cite the places in the registry where they can hide a record of running viruses:

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    The default values in Regedit:
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Shell" = "Explorer.exe"
    "Userinit" = "C:\WINDOWS\system32\userinit.exe"

    Check the Explorer.exe file to the presence of double ... the right place for the file is Windows\ but not Windows\System32\ ...

Page 3 of 5 FirstFirst 12345 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •