Solved

WINDOWS\SYSTEM32\CONFIG\SYSTEM Corrupt Win XP

Posted on 2013-06-13
5
1,394 Views
Last Modified: 2013-06-19
Have a laptop encrypted with Checkpoint FDE, came in this morning started laptop got following error:
Windows could not start because he following file is missing or corrupt:
\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Tried booting with XP CD into recovery console, since the drive is encrypted it does see anything except a RAW disk.  Wondering any way to hook drive to external drive case connect to another machine and run SFC / SCANNOW on the external drive?
0
Comment
Question by:ManieyaK_
5 Comments
 
LVL 13

Expert Comment

by:Michael Machie
ID: 39244585
Sure, there are plenty of HDD docking stations on the market that allow you to plug either a SATA or IDE HDD to it. I use one all the time and perform Virus scans, backup data, format, install O/S's etc.

However, the problem you may run in to is the encryption on the drive. You won't really know if you can connect the drive externally and still access it until you try. You may want to connect the drive externally to another machine that has a similarly encrypted HDD in case that makes any difference.
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 39244612
Since you have encrypted HDD, you would first need to decrypt it start working on it.

As you have mentioned Checkpoint FDE is used to encrypt it you would need help from them to decrypt the data. They would be able to provide you the bootable CD or DVD to boot and decrypt the HDD, however they would also need the key, which usually resides on the system itself to decrypt the data. Unless there is some master key used to decrypt the HDD.

If that doens't goes well, the only other option left is to wipe clean, format and rebuild the OS.

Sudeep
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 39244722
Are you able to launch the Windows PE boot environment through the FDE login?
When the PC reboots and the User Identification dialog box is displayed, press CTRL + F10 then login as normal and you should see the Alternate Boot Menu. If you can lauch the PE you may be able to repair Windows without having to use an Endpoint Recovery CD to decrypt the partition.
0
 
LVL 14

Accepted Solution

by:
ThomasMcA2 earned 250 total points
ID: 39244737
Some encryption tools have a Recovery CD that can repair or validate the encrypted container. Also, have you searched (or asked your question) at Check Point's forum? (https://forums.checkpoint.com/forums/index.jspa)
0
 
LVL 92

Assisted Solution

by:nobus
nobus earned 250 total points
ID: 39246804
as said - it must first be decrypted  - - then use this method :

http://support.microsoft.com/kb/307545
----------------------------------------------------------------------------------------------
An easier way is to boot from a Bart PE CD (or UBCD4Win CD) and use the file manager for manipulating files. Here  the procedure :
1. rename c:\windows\system32\config\SYSTEM to c:\windows\system32\config\SYSTEM.bak
2. Navigate to the System Volume Information folder.
it contains some restore {GUID} folders such as "_restore{87BD3667-3246-476B-923F-F86E30B3E7F8}".
The restore points are in  folders starting with "RPx under this folder.
3. In such a folder, locate a Snapshot subfolder. This is an example of a folder path to the Snapshot folder:  C:\System Volume Information\_restore{D86480E3-73EF-47BC-A0EB-A81BE6EE3ED8}\RP1\Snapshot
4. From the Snapshot folder, copy the following file to the c:\windows\system32\config folder
 _REGISTRY_MACHINE_SYSTEM
5. Rename _REGISTRY_MACHINE_SYSTEM to SYSTEM
6. Exit Bart PE, reboot and test

Use a fairly recent restore point from at least a day or two prior to problem occurring .

** you can add the other hives also with this procedure

http://www.nu2.nu/pebuilder/       BARTPE
http://www.ubcd4win.com/            UBCD4WIN
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
factory reset 9 78
macOS Sierra encrypting with FileVault what is this? how to stop it? 5 169
Mouse and Trackpad issue 6 51
Open Encryption Software Advice needed 4 69
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question