[GLLUG] OT and out of area: How do I find a reputable data recovery service for a Win 7 m/c?
Alistair Mann
al at pectw.net
Sun May 7 20:38:28 UTC 2017
On 07/05/17 16:21, John Southall IMAP via GLLUG wrote:
> Hi,
> Please forgive me, but I don't know who else to ask.
> This is for the Midlands, not the London area.
> How do we find a professional data retrieval service? What should I
> look for?
> We need to unfreeze a Win 7 laptop, or at least extract the data files.
> We suspect that it is malware rather than a hardware problem.
I do this for a living: what you're wanting to do is no different than
connecting a new disk to an old computer. I would expect anyone
comfortable with Linux to do this work with little problem.
First, extract hdd if at all possible and connect to a powered off
desktop running Windows. Not all laptops have the drive accessible, but
>90% do.
If you have NO reason to believe files have been deleted:
1. Start in safe mode (For Win7, tapping F8 after turning the machine on
will bring up a menu.) Being in safe mode turns off Windows' observance
of security controls on those files.
2. In safe mode, navigate to the files you need and copy them to
wherever needed.
3. Once done, turn off the desktop and disconnect the hard drive.
If you DO have reason to believe files have been deleted:
1. Download and install to the desktop computer Piriform Recuva
https://www.piriform.com/recuva (free, although I prefer the paid
version of http://www.handyrecovery.com/)
2. Run against the laptop hard drive and recover as you wish to wherever
you like.
3. Once done, turn off the desktop and disconnect the hard drive.
If you believe malware to be at fault:
1. With the laptop disk connected, restart the desktop in normal mode
(ie, not safe mode)
2. Run whatever AV is present on the desktop against that laptop disk.
If none, a free copy of Microsoft's own will do:
https://support.microsoft.com/en-gb/help/14210/security-essentials-download
3. Turn desktop off and reconnect the disk to the laptop. Turn on, and
if you can, download and run malwarebytes' free client
https://www.malwarebytes.com/mwb-download/ on the laptop.
Allow both to quarantine etc whatever they find.
You will now have your files safely away, and a reasonable belief the
laptop has been cleaned of the worst of it. If the freeze was associated
with malware, it should have gone away by this point. If you still have
freezing then it'll likely be associated with benign (or at least not
aggressively malign) software such as a damaged copy of Office. But
that's a subject for a different email.
You would only need a professional data retrieval service if:
1. The desktop computer is unable to see the laptop hard drive in BIOS
or UEFI
2. Clicks-of-death
3. You have more money than time.
Cheers,
--
Alistair Mann
t: 07899 846 648
w: www.pectw.net
More information about the GLLUG
mailing list