Windows 7 Repair

[Wyndru]

I've got a Windows 7 laptop I'm working on that had a rootkit and the user kept using it until it deteriorated to the point of not booting into windows 7 anymore.

I've tried Windows startup repair and restoring to an earlier date, and neither worked. I was able to get all of the files backed up using a PreOS method, but my issue is that there are some oddball apps that require that database info actually be exported into a proprietary format before it can be re-imported. As a result I actually need to get back into Windows to run this program and the export.

In Windows XP I used to just re-run the install and it would detect the current OS and allow me to press 'R' to repair the install using the setup disc. I don't see this option anymore. Some sites have recommended doing an upgrade from the setup disc, but MS decided to make this only possible from within an existing Windows installation, which of course I'm unable to boot into.

Am I missing something, or are there no options to do a "repair" installation from a Windows 7 bootable USB/disc setup?

 

[bruceb]

See link for details:

http://www.sevenforums.com/tutorials/3413-repair-install.html

 

[Wyndru]

See link for details:

http://www.sevenforums.com/tutorials/3413-repair-install.html

That's the repair that requires that windows be already accessible to log into,

You can only do a repair install from within Windows 7.

I'm looking for an option to do right from booting into the setup disc, like XP had.

 

[MadScientist]

These are your only options. http://windows.microsoft.com/en-US/windows7/What-are-the-system-recovery-options-in-Windows-7

If the laptop's owner didn't create a system image, and the Startup Repair and System Restore did not work, then I think you know what your only other option is.

 

[Wyndru]

These are your only options. http://windows.microsoft.com/en-US/windows7/What-are-the-system-recovery-options-in-Windows-7

If the laptop's owner didn't create a system image, and the Startup Repair and System Restore did not work, then I think you know what your only other option is.

Wow, that sucks. I used to love that last option of just running a repair installation right from the bootable install CD in windows 2000 and XP. I'm really surprised they eliminated that option, they must be confident in their startup repair and system restore. I've actually lost quite a bit of faith in Win 7/Vista installs now, this could really cause us a lot of problems with viruses that hose the whole computer to the point it doesn't boot correctly. The whole idea of having to be fully loaded into windows to run the setup to do an overwrite or repair of corrupted system files is pretty short-sighted.

The xp repair wasn't perfect, but at least it didn't require that you run it from within windows, it overwrote every system file to their original versions and got you back into the system to be able to export stuff. Oh well, I've already started recloning now.

 

[Wyndru]

After looking around a bit more, I found this:

http://support.microsoft.com/kb/927392

How to use the Bootrec.exe tool in the Windows Recovery Environment to troubleshoot and repair startup issues in Windows

It has some interesting options in there for rebuilding the boot configuration data. I might actually reclone another laptop back to the state when it wouldn't start up to test these.

 

[SimMike2]

Wow, that sucks. I used to love that last option of just running a repair installation right from the bootable install CD in windows 2000 and XP. I'm really surprised they eliminated that option, they must be confident in their startup repair and system restore. I've actually lost quite a bit of faith in Win 7/Vista installs now, this could really cause us a lot of problems with viruses that hose the whole computer to the point it doesn't boot correctly. The whole idea of having to be fully loaded into windows to run the setup to do an overwrite or repair of corrupted system files is pretty short-sighted.

The xp repair wasn't perfect, but at least it didn't require that you run it from within windows, it overwrote every system file to their original versions and got you back into the system to be able to export stuff. Oh well, I've already started recloning now.

The problem is the original disks are out of date before you even install them, what with service packs and other updates, especially if it has been some time since you bought your copy. It isn't like the old days. I personally make an image of my Windows 7 boot drive every Sunday.

 

[DirkGently1]

Can you boot into safe mode? If not there are BootCD's with any number of programs you can run to get rid of Root kits and general Malware.

 

[Wyndru]

The problem is the original disks are out of date before you even install them, what with service packs and other updates, especially if it has been some time since you bought your copy. It isn't like the old days. I personally make an image of my Windows 7 boot drive every Sunday.

I've used a Windows XP original release disc to get back into a XP service pack 3 before, so it didn't matter in the past. The file structure of the OS hasn't changed much since Vista was released so I don't know why service packs would matter. It won't work perfect with full functionality, but many times it's enough to get into the OS and export something from a program.

I guess I'm just bitter that a repair option I used in the past is gone with newer versions of windows. Oh well, more reason to insist that people back up regularly to network/external drives.

Can you boot into safe mode? If not there are BootCD's with any number of programs you can run to get rid of Root kits and general Malware.

No, I tried last known good configuration and safe mode, and all both do is bring me to the restore windows options, which none of them work. If I had caught it early enough I have a few tools from bleepingcomputer that would try, and Kaspersky's tdsskiller does really well on most root/bootkits I find. The user didn't bother letting me know until windows wouldn't boot though which made things a little difficult to troubleshoot. He even went 2 days with hidden shortcuts and files, I'm not sure how he pulled that one off and still worked.

When I got it I scanned the drives after booting into a preos (and also backed up all of the files I could), and it found/removed the viruses but it didn't make a difference as far as being able to boot into windows normally. I still had database files that needed to be exported, but those are gone now. I also found that this was a laptop that one of our techs left the dell recovery partition installed, and the virus had infected that hidden partition as well. I'm always hesitant to use these partitions for this reason, they are way too easy to infect and hide viruses in.