Archive for the 'Recovery & Troubleshooting' Category

Removing damaged Sunbird / Lightning calendar

Published on September 10, 2008 in Recovery & Troubleshooting. Comments

If you are using the nightly builds of Lightning on Thunderbird you may occasionally hit an update for Lightning that causes an error when it tries to open your calendar file. When you go into Lightning (your calendar on TB) the calendar will not be there, so you can’t delete it or do anything to it. So the error will occur every time you open TB.

To get rid of this dud calendar file (yes, you will lose whatever was stored in there) you need to close TB and once it is closed delete the storage.sdb file in your profile directory. TB will then create a new storage.sdb file when you next start it up.

Locating Outlook Express Data Files

Published on March 21, 2007 in OS Tips & Tricks and Recovery & Troubleshooting. Comments

On Outlook Express it is not obvious where your data files are actually stored on the computer. Here’s two ways to find them:

  1. Via Outlook Express
    • Start Outlook Express
    • Go into TOOLS menu
    • Click on OPTIONS
    • Go to Maintenance tab
    • Click on STORE FOLDER button
  2. Via Windows Explorer (useful if you can’t run/open Outlook Express for some reason)
    • Start Windows Explorer
      • Right-click “My Computer” on your desktop and select Explore
      • Fast way — Hold down the Windows key on your keyboard (key to the left of spacebar with a flying window icon on it) and then the “E” key (whilst still holding the flying window key). Explorer will start.
    • Make sure show hidden files is enabled under Windows Explorer. Go to Tools (Menu) -> Folder Options (menu item) -> Views (a tab) -> Show Hidden Files and Folders (a selector in the list you can see)
    • In XP go to C:\Documents and Setting\[User Name]\Local Settings\Application Data\Identities\[GUID number, a long number]\Microsoft\Outlook Express\
    • In older versions of Windows (non-XP) –> C:\Documents & Setting\[Your Username]\Application Data\Identities\[GUID number, a long number]\Microsoft\Outlook Express\

Recovering deleted files

Published on October 5, 2006 in Recovery & Troubleshooting. Comment

Today I deleted about 1GB of MP3 files. It was a mistake! The file explorer I use (Opus) did something odd when I used it’s UNDO command. The result was that 1GB of data I was preparing to burn to CDs was gone. Needless to say, it was not in the trash can / recycle folder.

There are many applications promoted on the Internet for unerasing / undeleting / recovering lost and deleted data and files. As I already have a few recovery tools on hand I decided to try them first. The line-up was: O&O DiskRecovery and Runtime Software GetDataBack (for NTFS). I have these tools on hand for drive recovery. I had never used them, until now, for undeleting files although both will perform this task quite happily.


O&O DiskRecovery

DiskRecovery found the data I wanted. I was able to set it to only look for deleted MP3 files (which is what I was searching for). All the files were found yet there was no filename information. Each file was going to be named something like FILE000001.MP3, FILE000002.MP3, etc. It also did not recover the folder structure (I had these files sorted into folders relative to the album they were each from). As I was dealing with a few hundred MP3 files, this level of recovery was not very appealing. If I went ahead with using this tool for my recovery operation I would have to spent many hours renaming every file and resorting them into folders. No thanks.

Had there been a whole lot of other MP3 files recently deleted from this disk many of the files O&O presented me with would have been stuff I didn’t want…yet I would have no easy way of knowing what was what. I would have had to recover the whole lot and then listen to each file in an MP3 player to try and figure out what I do and don’t want to keep. Double no thanks…

On to the next tool…

GetDataBack (for NTFS)

GDB performed a much more thorough data/disk analysis. I could see it was calling up all the existing and backup file allocation tables, and the like. The net result is that it presented me with a complete directory structure of the entire disk. I was able to browse to the exact folder I had deleted. I could then see all the deleted sub-folders sitting there with a line crossing them out (to indicate they are in a deleted state). I highlighted the folders and copied them to another drive. Voila. Problem solved.

Using GetDataBack I undeleted all my files, and it kept the file names and folder structure completely intact. Excellent.

GetDataBack is also great for recovering data from drives that have crashed. Click here to read my article on this.

LINKS:
 GetDataBack - www.runtime.org
O&O DiskRecovery - www.oo-software.com


Technorati : , ,
Del.icio.us : , ,
Ice Rocket : , ,
Buzznet : , ,

Crashed Hard disk data recovery

Published on October 3, 2006 in Recovery & Troubleshooting. Comment

Data recovery from a crashed hard drive is something no general computer user ever really wants to have to learn about and perform. It’s something most of us only start exploring when something disastrous has happened to our computer—like it just won’t boot any more, or Windows crashes constantly and increasingly often. As an I.T. consultant most of the data recovery I’ve performed, and nearly all the crashed hard drives I’ve worked on has been for clients—both home users and companies—who have had a computer crash.

Over the years I have come across a number of software applications that are really handy to have on hand. Whether you want to revive a dying or seemingly dead hard disk just enough to get your data off before ditching it, or you wish to access a drive that still works yet has become corrupted, these tools are a great help. To save you hours of hunting around on the Internet for the best tools, I’ll list the ones I have used and liked right here.

When the drive is seemingly “dead”

Spinrite

There are a few categories of hard drive failure. Perhaps the worst is when the drive is no long recognised by your operating system. For all intents and purposes the drive is dead. Running many of the available data recovery applications over it is a waste of time because they either don’t even see the drive in your computer, or if they do there’s little that can be done. In this situation the tool I would recommend is call Spinrite. Spinrite has a long history of being a top tool for hard disk recovery and also for crash prevention. Spinrite is a tool professionals use, and yet the price is still relatively low. At present a new license sells for US$89.00—well worth it if it manages to revive your failing disk drive and recover your precious data. Click here to learn more about Spinrite.

When the drive sort of “works” but is going down fast

In this situation I would again recommend Spinrite as a great tool to use. I would first let Spinrite do its thing with the disk, and then use one of the following tools to get all your data off the disk and onto a nice new one. I see Spinrite as a drive recovery / revival tool, and the following applications as data recovery tools. Spinrite, in my opinion, is about the disk and the data on the disk at a very low-level (below the level of the operating system). Spinrite has nothing to do with your operating system—rather it access the disk directly and works its magic at that level. This is why I class it as a disk recovery / revival (and maintenance) application.

The following applications specialise in data recovery. In general (although not always) they assume that the low-level integrity of the disk is still in tack. They are great at rebuilding the MBR (Master boot record), the partition tables, a damaged file structure, and simply bringing back files you deleted by mistake (or even a whole drive you may have formated by mistake).

R-Studio Data Recovery Software

R-Studio is a tool I am still trying out. So far it looks good. I quote the following from their website.

R-Studio is a family of powerful and cost-effective undelete and data recovery software. Empowered by the new unique data recovery technologies, it is the most comprehensive data recovery solution for recovery files from FAT12/16/32, NTFS, NTFS5 (created or updated by Windows 2000/XP/2003), Ext2FS/Ext3FS (LINUX file systems) and UFS1/UFS2 (FreeBSD/OpenBSD/NetBSD file systems) partitions. It functions on local and network disks, even if such partitions are formatted, damaged or deleted. Flexible parameter settings give you absolute control over data recovery.

R-Studio comes in a few different flavours. The two most common ones are NTFS and FAT (or both together. The price is US$49.99 for each separately or $79.99 for the two together. You can also buy a Network and Technician license for US$179.99 and US$899.00 respectively.

Runtime Software GetDataBack

GetDataBack comes in two flavours—one for drives formated using FAT and the other for drives formated using NTFS. GetDataBack will work with a drive that the operating system does not recognise, which is a bonus—yet I still recommend using it in combination with Spinrite if the drive is suffering from serious physical failure (as opposed to just data corruption caused by other things). GDB for FAT costs US$69 and for NTFS costs US$79. You can buy them together for US$119.

The following is an intro from the GDB web site on what GDB can do. For full details go to http://www.runtime.org/gdb.htm:

Whatever happened to your drive-

GetDataBack will recover your data if the hard drives partition table, boot record, FAT/MFT or root directory are lost or damaged, data was lost due to a virus attack, the drive was formatted, fdisk has been run, a power failure has caused a system crash, files were lost due to a software failure, files were accidentally deleted…

Recover even when Windows doesn’t recognize the drive-

GetDataBack can even recover your data when the drive is no longer recognized by Windows. It can likewise be used even if all directory information - not just the root directory- is missing.

Get everything back-

Advanced algorithms will make sure that all directories and sub directories are put together as they were, and that long file names are reconstructed correctly.

GetDataBack is safe-

GetDataBack is read-only, meaning the program will never attempt to write to the drive you are about to recover. Please make sure to read the safety instructions…

GetDataBack is easy to use-

The software enables the regular user to conduct his own data recovery by guiding him through three easy to understand steps, thus gives the advanced user the possibility to interfere with the recovery and improve the results, by examining the scan log, the file system details, file and directory information, by selecting the sector range to be scanned, by choosing excessive search for file systems or search for lost files, by calling Runtime’s DiskExplorer.

R-Studio utilities recover files:

Crash Prevention / Disk Maintenance

There are various tools available that claim to let you know when your drive is starting to fail. I am not overly familiar with any of them so I shall leave it to you to do your own research into what’s on offer. Most of these tools are working with the SMART system built into most of the newer drives. Often SMART does not get activated by the BIOS for whatever reason, so these tools will activate it the first time you run them, and then start monitoring the data produced by SMART.

I mentioned that Spinrite can also be used for disk maintenance, and it can. This involves running Spinrite in its “maintenance” mode every now and then. Perhaps every few months or so. If you are keen to ensure your disks stay in top condition and to have an early warning of possible drive failure I suggest using Spinrite for maintenance, and possibly using a SMART monitoring tool. The SMART tool will run in the background whenever you are using your computer. I am sure there are many free tools that perform this task which are just as good as the ones you can pay for. Do some research to find out for yourself.


Technorati : , ,
Del.icio.us : , ,
Ice Rocket : , ,

Free disk space analyzer

Published on September 14, 2006 in Freeware Applications and Recovery & Troubleshooting. Comments

Today I was looking for a way to view the amount of space each folder/directory was taking up on a clients rather full computer. There are many licensed applications that do this. I wanted a free one.

The following application did the job perfectly and I highly recommend it:

TreeSize Free V1.78

Every hard disk is too small if you just wait long enough. TreeSize Free tells you where precious space has gone to. TreeSize Free can be started from the context menu of a folder or drive and shows you the size of this folder, including its subfolders. You can expand this folder in Explorer-like style and you will see the size of every subfolder. Scanning is done in a thread, so you can already see results while TreeSize Free is working. The space, which is wasted by the file system can be displayed and the results can be printed in a report. TreeSize Free is freeware for Windows 9x/NT/2000/XP.

It can be downloaded from here. The publishers website is here.

TAGS: Free disk space analyzer analyser

Dependency Walker

Published on July 29, 2006 in Recovery & Troubleshooting. Comments

There is a useful tool for troubleshooting applications that are playing up called Dependency Walker. I imagine only an advanced user would find it of value though, along with developers.

Dependency Walker (depends.exe) Home Page

Dependency Walker is a free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules. For each module found, it lists all the functions that are exported by that module, and which of those functions are actually being called by other modules. Another view displays the minimum set of required files, along with detailed information about each file including a full path to the file, base address, version numbers, machine type, debug information, and more.

Dependency Walker is also very useful for troubleshooting system errors related to loading and executing modules. Dependency Walker detects many common application problems such as missing modules, invalid modules, import/export mismatches, circular dependency errors, mismatched machine types of modules, and module initialization failures.

Dependency Walker runs on Windows 95, 98, Me, NT, 2000, XP, 2003, and Vista. It can process any 32-bit or 64-bit Windows module, including ones designed for Windows CE. It can be run as graphical application or as a console application. Dependency Walker handles all types of module dependencies, including implicit, explicit (dynamic / runtime), forwarded, delay-loaded, and injected. A detailed help is included.

Trojan and malware removal

Published on May 22, 2006 in Recovery & Troubleshooting. Comments

Recently I had to deal with a Trojan that managed to infest various parts of my computer. Fortunately my firewall (Outpost) notified me of the activity of this trojan as it attempted to modify Firefox (my browser) whilst I was using it to browse the internet. It was trying to modify Firefox in memory so that it could then carry out its dirty work on the net whilst I was happily browsing. All its activity would have gone unnoticed and unchecked by the firewall because I grant Firefox access to the net and it would have all appeared to have been coming from Firefox (which the trojan had compromised).

Anyway…the firewall has a warning system for programs that are modified whilst running in memory so that was not a problem per say…removing the beast was, however, another matter entirely. Many hours later I pass on the following tips.

The first thing to do is take a read of the information at The Parasite Fight (at Aumha). You should be able to find out most of what you require here.

The tools I used were:

Trajan scanning / removal tools

Trojan prevention tools

  • Many of the removal tools above also have prevention systems in them should you wish to implement them
  • DiamondCS Process Guard - is a stand-along prevention application that I am running at present to test it out.

Resources

Other helpful sites include:

Advice

I advise reading the information at The Parasite Fight (at Aumha). Follow the directions there. The most useful applications I ran were Ewido Anti-Malware and HiJackThis (if you want to get a scan of your computer and then submit the results to Aumha forums or Geeks to Go! -> Malware Removal

I would suggest downloading Ewido first and following the instructions found at CastleCops CCSP Ewido Install and Scan Instructions

If you still appear to have an infection then go onto a more precision approached by using HiJackThis and getting someone at one of those forums to review your log file.

Happy hunting…

Bad Behavior has blocked 77 access attempts in the last 7 days.