Have a laptop from a buddy and a virus has rendered NTFS FS unavailable for file recovery. I have run chkdsk /f and /r, both fix errors in FS. However, I still cannot access the contents of the drive. I believe the virus has destroyed the MFT and it's backup.
Anyone have experience with this situation? Tips or tricks for file recovery? Program recommendations? There's some photo's that I need to pull off of the drive if at all possible.
TIA...
***Update:*** After a few trial and error episodes, I managed to recover the entire NTFS partition using GParted 0.8.5...
I attached the 80GB virus ridden drive and a spare 500GB drive, both are SATA. Then, I booted the GParted live cd with default settings. I selected the source drive (sdb1, virus drive/partition). On the GParted menu bar is a pull down with a "Recover Data" option. I chose this option, the drive scan took about 20 minutes. GParted automatically mounts the NTFS partition to a folder in the /tmp directory. I then mounted the spare drive (sda1) to the /media folder. I then ran a "ls" in separate terminal windows and confirmed that I could see both partitions ok.
I used the sudo mkdir /media/xxxxxx to create a folder on the destination partition. Then reissued the "ls" cmd to display the newly created folder.
The command to copy the entire drive eluded for me a few, but after a little frustration and a quick google search I found what I needed.
sudo cp -r /tmp/gparted-roview-xxxxxx/* /media/xxxxxx (xxxxx's will vary with what you create and what gparted creates)
about ~45 minutes later the command completed and I could see everything in the selected folder on the 500GB drive.
Next, I shutdown and connected the Win 7 boot drive and the 500GB spare. I could see all of it, and of course the virus quickly tried to infect my system as well. I have been giving MS Security Essentials a try and it blocked/remedied the viruses before they could do any damage. I pulled the ~20GB of data that my buddy needed off the 500GB onto a couple more drives to ensure data redundancy
So far, it's all there. Unfortunately, any attempts made before this failed to recover data or the file system. I'm very happy that gparted kicks that much butt.
Anyone have experience with this situation? Tips or tricks for file recovery? Program recommendations? There's some photo's that I need to pull off of the drive if at all possible.
TIA...
***Update:*** After a few trial and error episodes, I managed to recover the entire NTFS partition using GParted 0.8.5...
I attached the 80GB virus ridden drive and a spare 500GB drive, both are SATA. Then, I booted the GParted live cd with default settings. I selected the source drive (sdb1, virus drive/partition). On the GParted menu bar is a pull down with a "Recover Data" option. I chose this option, the drive scan took about 20 minutes. GParted automatically mounts the NTFS partition to a folder in the /tmp directory. I then mounted the spare drive (sda1) to the /media folder. I then ran a "ls" in separate terminal windows and confirmed that I could see both partitions ok.
I used the sudo mkdir /media/xxxxxx to create a folder on the destination partition. Then reissued the "ls" cmd to display the newly created folder.
The command to copy the entire drive eluded for me a few, but after a little frustration and a quick google search I found what I needed.
sudo cp -r /tmp/gparted-roview-xxxxxx/* /media/xxxxxx (xxxxx's will vary with what you create and what gparted creates)
about ~45 minutes later the command completed and I could see everything in the selected folder on the 500GB drive.
Next, I shutdown and connected the Win 7 boot drive and the 500GB spare. I could see all of it, and of course the virus quickly tried to infect my system as well. I have been giving MS Security Essentials a try and it blocked/remedied the viruses before they could do any damage. I pulled the ~20GB of data that my buddy needed off the 500GB onto a couple more drives to ensure data redundancy
So far, it's all there. Unfortunately, any attempts made before this failed to recover data or the file system. I'm very happy that gparted kicks that much butt.
Last edited: