A typical situation: after infection with a virus, Windows stops loading in both normal and safe (!) Mode. Reinstalling the system on top of the installed one does not help. Many users in this case practice reinstalling windows from scratch, but you can still try to save the system using the "recovery console".
Prerequisite - the system recovery option must be enabled on the infected computer (if it is disabled, then there will be no place to get the registry version before infection). We also need an installation CD for Windows XP.
The portable version can be run from a flash drive and backed up multiple systems. Automatically clean old backups. Set planning and management options. Manage backup or restore of registry files. Detailed logs are saved with each backup. Several options for easy recovery.
Online videos showing how to use the program and how to use various recovery options. It captures a complete backup of registry hives as they are. This method does not cause notifications and can invalidate the descriptors used by other applications. There are several more areas that need to be adjusted, but all major ones have been fixed.
So, let's start recovery:
- First you need to make sure that the computer will not boot from the main hard drive, but with a CD / DVD drive. To do this, go to the BIOS and in the list of boot (boot) devices, install the CD-DVD drive in first place. Please note that many modern BIOSes allow you to select a boot device when you press F8 or F12.
- We boot from the Windows XP installation CD. If the boot device is selected correctly, after the BIOS you will see the inscription: “Press any Key to boot from CD” - press any key, for example, a space, after which the boot from the CD will begin. After a while you will see blue screen Windows Installer. Wait until the menu appears. Instead windows installation (F1), select the “recovery console” (R) boot.
- Console loading usually takes a few minutes. Before you begin, you must select the desired Windows installation. If only one system is installed on the computer, simply enter the number 1 and press enter. Next, enter the Administrator password. If you don’t know the password, try entering blank (just by pressing enter). As a result, you should get to the command line: C: \\ WINDOWS\u003e
- Next, enter the command: cd \\
Please note that there must be a space between cd and \\.
Example: you decided to restore only the current profile registry, and not the entire system registry, therefore, when the registry has been restored to default, permissions will not be applied. If you also restore the registry, then permissions will be applied.
This has now been fixed, and default permissions are restored after restoring any of the registry files. This was done with new color controls and an indication of the old value. Therefore, when restoring the registry using the program, it will start the service at the next boot after the registry files are inserted into place and set the permissions on the files from the backup.
- Then: cd system ~ 1 \\ _resto ~ 1
If the system generates an Access Denied error, the following commands must be executed sequentially:
Cd \\ cd windows \\ system32 \\ config ren system system.bak exit
After the exit command, the computer will restart. You should again go into the recovery console and repeat steps 4 and 5. This time, there should be no “Access Denied” error!
- Enter the command: dir
This command displays a list of folders of the form RP1, RP2, etc. These folders correspond to recovery points. It is advisable to find a folder with the creation date before the computer is infected with a virus (1-3 days before infection). Remember the name of this folder, for example RP822 and enter the following command:
This has many advantages if file permissions have been damaged or changed. Error correction. Registry files where it's normal. So, now, restoring file permissions, this will continue. Deleting old backups would not delete any files in the backup that were hidden or marked as read-only or system-specific.
Backups usually do not have this set and delete them, but if they change after that, they will not Delete. Sometimes registry file recovery does not work, it is fixed. Multiple updates and code improvements. The complete code is written to many sections of the program. After replacing the controls, I needed to change the code to work with them. I also had more quick ways have a code.
Cd snapshot
The command prompt should look something like this:
c: \\ system ~ 1 \\ _resto ~ 1 \\ rp822 \\ snapshot\u003e - Now proceed to restore the registry. We execute the commands: copy _registry_machine_system c: \\ windows \\ system32 \\ config \\ system
Copy _registry_machine_software c: \\ windows \\ system32 \\ config \\ software
In the end we introduce:
We reboot and load the system as usual from the hard drive. The download problem should be resolved (of course, if the reason was in the damaged registry).
Updated color options for new ones used in the window repair program. Updated icons used in the new tree control. Many more changes that were made to control, almost rebuilt from scratch. Updated header control and many other code changes.
Thanks to changes in updated controls, more changes and settings. In addition, the backup folder will not be completely deleted until the program is closed. This was due to the fact that the open descriptor is still open in the folder. The program now closes all descriptors correctly, saving this error. Improved code to not show deleted backups. If one of the backups from another application has an open descriptor, the program will no longer show empty backups.
Never delete or change information in the registry unless you are sure that this is exactly what you need. Otherwise, incorrect data changes can lead to failures in windows operation, and in the best case, information will have to be restored from a backup.
After reading this warning, it is difficult to disagree with the fact that incorrect registry data changes can indeed lead to serious system failures. But wait ... but what about the experiment that underlies the evolution of an ordinary user into an advanced one - who likes, following the dry average rules and laws, dutifully start work with the Start button? .. Is that Aunt Claud’s “super admin”, sitting at the post office and muttering very seriously “turn on the light”, implying a monitor under the light;) ...
Fixed a bug due to which the program did not start secretly when it was told. Correct the error in which the tab tab of the controls is not in the correct order. Big improvements in performance and stability. A large number of code improvements. In addition to the code that was deleted, a very large code has been redone and improved. In addition to added performance, it also allows the program to process large quantity backup copies and larger file sizes without affecting the program.
Improved program startup speed by 90%. Many errors from old versionwhere also fixed. Many, many more, many to list. Fixed a bug where the recovery log was not saved. Several code improvements and cleanups. New default colors for the program.
As you already know, the registry is a huge database of settings stored in folders at% SystemRoot% \\ System32 \\ Config and the user profile folder Ntuser.dat. Indeed, already proceeding from the capabilities of the bush, it is clear how the thoughtless change of parameters or, worse, the removal of entire branches can end ... Based on the foregoing, it will be more than reasonable to give some of the recovery methods.
Updated backup logon schedules, wait 5 minutes before starting. In addition, it allows any registry changes from startup programs to complete registry backups. Updated default colors for the new lighter circuit. Users can, of course, always change colors to what they like.
Fixed a bug due to which backups made from the task scheduler, and when you checked only one backup per day, you will not be able to backup. Fixed several settings that are not saved after changing them.
Method number 1
Backing up registry files. The following files are copied to removable media: SYSTEM.DAT and USER.DAT (for Windows 95/98), which are located in the directory where it was installed operating system, and have read-only and hidden attributes. For Windows XP, these are (it is better to copy the entire folder) files at% SystemRoot% \\ System32 \\ Config, as well as Ntuser.dat, which is located at C: \\ Documents and Settings \\ User. In the event of a failure due to registry damage, we boot under another OS (DOS, Linux ...) and copy the files to the place.
Highly a large number of code changes and settings. The colors used in the tree structure when the registry file cannot be backed up are now inverted instead of using the colors from the text import option. The program has now been updated to apply the appropriate default colors when this happens. Several code improvements and changes.
Changed and updated several icons and graphics in the program. This will not happen anymore with this new feature. Updated controls in the program to use less subclass. When the program started in stealth mode, and the controls tried to draw themselves, and the program closed after backup, the program would work. New changes in the controls make the program more stable and hopefully fix this problem.
Method number 2
In order to create a backup copy of the registry, you can use the backup and restore wizard - Start / Programs / Accessories / Utilities / Archiving data - or simply Run: ntbackup. The archiving program allows you to back up copies of important system components - such as the registry, boot files (Ntldr and Ntdetect.com) and the Active Directory directory service database. For archiving windows registry XP step by step instructions the following:
Updated graphics for the program interface. Also makes the program more stable and requires less memory. Multiple interface settings and improvements. Fixed a bug in which if the program had problems loading the computer name for the backup path, it would not be able to execute the path.
Reinstall the backup process when using the return method. Now the program will try to make a direct copy of the registry files that are not loading, and not skip them. This is useful when the registry file was downloaded at program startup, but unloaded before starting the backup.
1. We go into the system with the required rights - for example, the administrator.
2. Run NTbackup - Data Archiving.
3. From the wizard mode, go to Advanced mode.
4. Select the Archiving tab.
5. In the left window we find the System State icon (line) and mark it with a “bird”:
6. Click on the Archive button, and then select Advanced.
7. Check the box Check data after archiving; remove from the item Automatically archive protected system files together with the state of the system (the procedure will take much less time):
8. The archive type is set to Normal.
9. OK and Archive button. If necessary, after archiving, you can view the report located at the address in the folder C: \\ Documents and Settings \\% User% \\ Local Settings \\ Application Data \\ Microsoft \\ Windows NT \\ NTBackup \\ data \\ in the files backup01.log, back up02.log ...
Step-by-step instructions for full recovery The registry through NTbackup is as follows:
A new option has been added to the recovery section, where you can restart the computer or shut down after restoring the registry. If no options are selected, the program will now ask you if you want to restart the computer after performing the restore.
Now the user can control the colors of the program and even save their color scheme as a preset. Changed the default colors for the program. Replaced the green text with a more readable color. Also change the colors of the buttons to highlight more and a few other changes.
1. Log in with administrator rights.
2. Launch NTbackup
3. Go to the "Recovery and media management" tab.
4. In the Select checkboxes for all objects that you want to restore list, select the checkbox for the System Status object. Next, follow the intuitive OK.
Method number 3
Essence this method lies in the so-called export reg file. The method is especially effective (it does not take much time and allows you to make copies of individual subsections) and is relevant when experimenting with the registry. Equipment:
A large number of interfaces and layouts are changing. Tree views now show the current size of each registry file. When using the backup method of backup, the program now registers the size of the registry files that were copied.
Now 6 variables are supported in the backup path. Now you can automatically create a program to create a backup copy at startup, as well as delete it. The program now leaves the message box open if the backup fails or has errors when starting from the schedule or command line.
1. Run / regedit.
2. Select the desired section / subsection.
3. The right button of the "rodent" / export, specify the path to save the copy and file name:
When archiving part of the registry, we exported the data to a reg file. In order to extract them and restore initial condition registry, you must follow these steps:
1. Run regedit: Start / Run / regedit.
2. In the main menu, select File / Import with the path to the imported file or simply run the reg-file, confirming the import into the registry:
But some users do this, therefore backup copy The shadow copy of the volume will not work. Now they can change which drive letter to use. In order to have one less files. A bug has been fixed in which if you decide to make a backup using the backup method and then immediately turned it off, the program will still use the method of returning back to restarting the program. A lot of updates and code settings. This was fixed by disabling the default button and then turning it on when all the hives were loaded into the tree image.
Method number 4
In this case, we will archive the registry using the Recovery Console. To do this, you must:
1. Boot into Recovery Console (via boot disk your Windows XP).
2. In the appeared command line Recovery Console, execute the following commands *:
md tmp
copy c: \\ windows \\ system32 \\ config \\ system c: \\ windows \\ tmp \\ system.bak
copy c: \\ windows \\ system32 \\ config \\ software c: \\ windows \\ tmp \\ software.bak
copy c: \\ windows \\ system32 \\ config \\ sam c: \\ windows \\ tmp \\ sam.bak
copy c: \\ windows \\ system32 \\ config \\ security c: \\ windows \\ tmp \\ security.bak
copy c: \\ windows \\ system32 \\ config \\ default c: \\ windows \\ tmp \\ default.bak
Now the program supports this new registry hive. This happened because he could not find the backup path, since no one had been created yet, and this caused an error for the program to think that the backup was already completed. Added new featurein which the program will show elapsed time during backup. If you use the Volume Shadow Copy service instead of the backup method, there is now a button in the backup scroll window to use the return method.
Thus, the user does not have to stop the backup, go to the setup, install the backup and start again, thereby saving the user’s time. Now you can configure it to store the minimum number of backups. Example. The user has a disabled system, and when they return and start backing up the registry, he deletes all the old backups, since the user left for a while, all the old backups were deleted. With this new option, it will not delete all backups.
Method number 2 - the registry is restored only under a working Windows-system, but with one caveat: in the mode we choose, this is really so, however (!) There is a so-called wizard mode emergency training system (ASR - creates an archive of a system consisting of two parts: a floppy disk with system parameters and other media that contain an archive of the system partition), in which recovery from scratch is possible using a previously created bootable recovery disk.
Correct the error if the program has a problem loading the system information, it incorrectly loaded the tree structure and, therefore, will not create backup copies of these files. Changed the method of closing the program. On several systems, after the backup was completed and the program closed, it accidentally crashed. Hope this new closing process helps fix this.
A few changes and improvements to the code. The recovery list now displays the computer name with each backup that can be restored. This is useful for technicians who run the program from a flash drive or server and have several machines that they back up. When they see the name of the computer, they can indicate which backup copy belongs to which machine without downloading and checking each of them. The recovery list is now better sorted.
Method number 4 - for fans of "scary black windows" ...
