• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1259
  • Last Modified:

How can I correct a Lenovo biometrics corruption?

We have an IBM Lenovo and somehow the biometrix security has become corrupted.  We get a 'hal.dll is missing' error. I have run a diagnostic on the hard drive--I can see the directory structure but none of the files. Disk commander shows the files, including the entire Windows directory, but they are all appearing to have been deleted and need to be undeleted.  I have been working on just the bare drive, but believing that the problem is a security issue and have asked the person to bring me the laptop.

Does anyone know how to correct this situation.  Is it a biometric corruption? Is there an easy way of attacking this?
0
PCLANTECHS
Asked:
PCLANTECHS
1 Solution
 
warrenbucklesCommented:
I don't see how this can be a biometrics problem unless the biometrics program's response to a failed user identification (i.e., incorrect fingerprint match) is to clobber the OS on the hard drive.

'hal.dll is missing' is a startup message telling you that the boot loader cannot find the Hardware Abstraction Layer Dynamic Link Library (HAL.DLL), which is stored in the Windows directory that appears to have been cleaned out.  Either someone got a particularly nasty virus, tired a Windows reinstall that failed partway through or tried to 'fix' something by going in via the back door.

I would recommend putting the laptop back together and restoring it from the vendor's disks - the set of disks that (might have) come with the machine and can be used to reinitialize the computer to the state it was when it was first purchased.  If you don't have restoration disks, contact the vendor with the unit's model and serial number and see if you can get them.

If there is user data on the drive and you can see it with Disk Commander, you might be able to back it up prior to reinstalling Windows - it will be gone after a bare-metal reinstall.

wb
0
 
PCLANTECHSAuthor Commented:
The drive has a lot of orphaned files also--as seen with Winternal's Disk Commander.  I just need to recover the My Documents folder. I tried to connect a USB external HDD to copy to, but that failed.
An IBM encryption issue is what I am thinking.

We just received the original notebook: Lenovo T60p.  When I boot up and press the ThinkVantage button, it prompts for a password.  I enter the only one the guy has used and it doesn't work.

Any advice?
0
 
SysExpertCommented:
Not good.

I would use whatever means posible to try and recover files.

If had drive encryption was used,  you probably will not be very successful.

try

 http://www.hdrdatasoftware.com/       data recovery, partition recovery partition repair
  http://www.r-tt.com/
  http://www.dtidata.com/
               
  http://www.runtime.org/gdb.htm 

I hope this helps !


0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
warrenbucklesCommented:

I just spent some time on the Levono website looking at the Think Vantage setup and some of the administrators documentation.  It appears that Think Vantage is a multi-component system involving hardware protection (against drops - it locks the drive using a g-sensor) and encryption of data (it uses a proprietary processor on the system board to encrypt the drive).

There are some methods for recovery of data in the case of a processor board being replaced, but that's not your case - as I understand it you have a lost password, yes?  Provided you aren't dealing with a fingerprint reader (without the right fingerprint around to activate the protection unlock), a lost password AND encrypted files look like a no-go data recovery situation.

You probably already looked at the Levono site, but here's a link to the FAQ:

http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-4YRRG6

I see that they have a link to live chat with service reps - that's the only recourse I can think of at the present time.

Sorry to be so negative here - perhaps I'm not understanding the situation.  

If the user did not use the built-in encryption feature but only the Windows file encryption, recovering his/her Windows (not ThinkVantage) password MIGHT get you out of the woods.  What you need to do is access the files with the exact user ID string that is associated with that Windows login - it is a random number string generated when a user is created and, if the user has a password, is only recoverable by entering that password - NOT by clearing the password.  If a Windows user password is cleared, any encrypted data stored by that user is forever inaccessible (well, there is a recovery process that is supposed to work with a password backup disk (which hardly anyone ever bothers to generate) but, in four or five attempts, I have never gotten it to work - maybe I'm just dumb or unlucky but.....).

Otherwise, I believe the ThinkVantage system uses another level of passwords (and possibly biometrics) to further encrypt data.  It might be possible to reset this password WITHOUT making the data unreadable, but I would refer you to Levono for that one.

wb
0
 
scrathcyboyCommented:
As USUAL for this kind of situation, you MUST remove the drive from the laptop and run it as slave on a desktop system to see if the NTFS file system is truly corrupted.  You might also have to take ownership --

http://www.le.ac.uk/cc/dsss/docs/acls2.shtml

Once you have done that, you can see if the file system is still in tact.  if so, copy off the files.

If not, use a NON_DESTRUCTIVE file reconstruction utility like GETDATABACK -- www.runtime.org
DO NOT do any checkdisk or scandisk, it will GUARANTEE you will trash the drive contents immediately.
0
 
PCLANTECHSAuthor Commented:
To save others time in the future.
I did used a data recovery utility.  I was again able to see the data files.  I was then able to 'recover' them to the primary O/S drive (data files were originally on slave drive).  All the files types were correct -- .pdf's were recognized as PDF's, etc. However, when I attemtped to open the files, they were all corrupted--aside from a very few text files.

I called IBM on our clients behalf and they want nothing to do with data recovery.

Lesson:  Simply put: BACKUP YOUR DATA & CREATE RECOVERY DISC.
0

Featured Post

Enhanced Intelligibility Without Cable Clutter

Challenge: The ESA office in Brussels wanted a reliable audio conference system for video conferences. Their requirement - No participant must be left out from the conference and the audio quality must not be compromised.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now