My Windows laptop refused to boot into Windows. The ominous error message was:
Windows could not start because the following file is missing or corrupt:
\windows\system32\config\system
A quick Google suggested that the registry had been corrupted. I tried various things to recover the OS, including using the XP recovery console to manually restore a backup of the registry. It didn’t work.
No problem. I have a fairly paranoid back-up regime. All the important information on my laptop is also stored on my subversion server. I could just reformat the laptop, reinstall the applications (including subversion) and check out all the files again. Except that I hadn’t thought to include my wife’s files on the laptop in my back-up plans. Oops. After hours of making no progress recovering the data. I tried Knoppix. I got access to the data in not much longer than it took to download Knoppix.
Knoppix is a Linux distribution that can run from a CD (i.e. it doesn’t require installation on your harddisk). It is also capable of understanding Windows file systems. To use it:
- Download the latest Knoppix CD .iso file (approx 700MB). Note – The DVD version is much larger.
- Burn the .iso to a CD, for example using the free Active ISO Burner.
- Boot the stricken machine from the Knoppix CD. You may need to change your system to BIOS to boot from the CD first. How you access the BIOS varies between machines. On my Toshiba laptop you press F2 as the system boots.
- Drag and drop data from the stricken machine to a USB harddisk or memory stick. Or copy to another machine using FTP from Knoppix. The Knoppix user interface is easy enough to use, even if you haven’t used Linux before.
Note that you don’t have to enter your Windows password to recover the files. This brings homw how easy it is to get data off a password protected Windows machine, if you have physical access to the machine. Another good reason to encrypt sensitive data on your laptop, for example using the free Truecrypt.
Thanks Knoppix! I’ve added you to my mental list of worthy software causes to make a small donation to one day. Obviously you need access to a functioning machine to do the above. So why not make a Knoppix CD now, while everything is fine? You never know when you might need it.
Further reading:
Successful Software 
Cool – the third law of computer security says if a bad has physical access to your computer it’s not yours anymore! (http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true)
I normally use Ultimate Boot Cd for windows in these situations (http://www.ubcd4win.com)
It’s the same concept but uses WinPE instead of Linux
If you get the corrupt registry problem you describe here i always give the steps in this KB article a try first (http://support.microsoft.com/kb/307545)
It only takes a few minutes once your familiar with the process and gets you back up and running in no time!
Hope some of my rambling helps someone sometime!
http://support.microsoft.com/kb/307545 didn’t work for me (the system file was missing from the repair folder).
I have to admit that Knoppix has saved me at least two times in the past that I can quickly remember. I always keep a Knoppix disk around just in case. The only issue I’ve ever had with that distro is when I tried to book up on my first raid system and the Knoppix distro was older. But a quick download and all was well.
Btw, I also bring it with me when I need to use the net another computer that’s not under my control. This way I can be sure the computer is virus and spyware free ;)
And thanks for the link to Truecrypt Andy. I’ve been wanting to find a tool like that but I just haven’t had the time. I’ll check it out.
That’s funny, I had exactly the same error message on my brothers PC today.
System file was missing?
How odd..never seen that before!
For the purposes for this you could grab one from another system
Also you can actually miss that step out if you can obtain access to the system restore directory via other methods
I’ve used Knoppix and the Ultimate boot CD many times to rescue data. Also, I can’t recommend Gibson Research’s Spinrite highly enough. Several times in the past few years, I’ve been able to rescue systems that wouldn’t boot – even after a laptop took a hard fall when someone tripped on the power cord. It even works on iPods! It’s my first tool of choice for data recovery when a simple boot-into-linux and copy won’t work!
Interesting post, and links and comments too.
I had written an article for the Indian magazine Linux For You (LFY) (*) a while ago about something similar. The article can be accessed here:
http://www.dancingbison.com/about.html
under the Writings section (look for the link titled “How Knoppix saved the day”), or go directly here:
http://www.dancingbison.com/writings/knopresc.txt
(LFY doesn’t have links to the actual content of any of its articles, of either current or previous issues), that’s why I gave the link to the copy of my article that’s on my web site.)
The article’s a bit dated, but is based on a real-life issue I handled, and most or all of it is probably still relevant, since the kind of problem (and solution) it describes hasn’t changed much.
(*) The web site for Linux For You used to be http://www.linuxforu.com, but that URL now redirects to another site called http://www.openitis.com (what a name!), which is the name for a larger publication which Linux For You is now a part of, it looks like.
The magazine itself (Linux For You) is a print magazine (the web site only has info about the articles), and is still in existence (it started a few years ago and has got better with time) and still going strong (I just bought the latest issue today). It had fairly good content (with some focus on India). They also give one or two free CDs and/or DVDs, often including a recent Linux distribution (e.g. the latest one has Ubuntu 8.04 LTS), with each issue.
Update: There *is* still a separate site for the magazine – its now changed to http://www.lfymag.com. But it still doesn’t have the actual content of articles online.
– Vasudev Ram
>> Note that you don’t have to enter your Windows password to recover the files.
You did not specify a very crucial detail — did drive had NTFS or FAT32 filesystem? NTFS should much more difficult to restore…
I think it was NTFS. But I’m not 100% sure.
I had problems with my 160gb drive in my old PC a while ago and used the same solution, booted into knoppix and recovered the files.
And fyi, it was an NTFS drive.
Hi, here’s a short happy-ending story on data rescueing.
I have a laptop Hitachi 2.5 80Gb drive that I plug to my HP (Vista) laptop via an external USB case. All of a sudden the drive would simply not display in Windows Explorer anymore (while I could see it in Device Manager), therefore coud not access data there. A red light on the case said I couldn’t read data on the drive.
I ran Knoppix and I could see the drive within the available resources on the desktop. I easily transfered the files on my local drive, restarted my HP with Vista, and accessed them again. I guess I’ll format my external drive now.
Thank you Linux!
Pingback: Tips on travelling with a laptop « Successful Software