1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Manually Restoring Computer From Restore Point Using Boot CD

Discussion in 'Windows Vista' started by mocks1, Apr 6, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. mocks1

    mocks1 Thread Starter

    Joined:
    Aug 6, 2002
    Messages:
    118
    Hello,

    In Windows XP, with an unbootable computer, I used to be able to manually restore the registry back to an older point in time by just copying the System, Sam, Security, Software, and Default files from an old Restore Point back to the system32/config folder using a Boot CD. How do I manually restore the registry files back in Vista using a Boot CD?

    Sometimes when I am on a Vista computer and use a Vista Boot DVD or Vista Recovery CD--I use the System Restore function on the System Recovery Options Menu of Vista Boot Disc, but then it falsely says there are no restore points available. I know the program is wrong because I can see the large restore point files when browsing hard drive with a boot CD

    I need to be able to have the same ability to manually copy back old registry files as I did in Windows XP. Anyone know how to do this--is it possible with some editing of giant restore point files?

    Thanks
     
  2. Mumbodog

    Mumbodog

    Joined:
    Oct 3, 2007
    Messages:
    7,891
    yes, Vista and W7 keep the restore points in a folder called "System Volume Information", but its a permissions locked folder.

    Also I am not sure what format restore points are stored in, I cannot find any info on how to do it manually like we did in XP either....

    Maybe someone smarter than me will come by and post the method.

    .
     
  3. mocks1

    mocks1 Thread Starter

    Joined:
    Aug 6, 2002
    Messages:
    118
    I wish Microsoft would have left System Restore alone or at least preserved some of the functionality/file types that allowed us to do quick restores manually using a Boot CD. They could have had the new System Restore files along with creating backups going back weeks of just Registry Hives and NTUSER.DAT etc in a separate, accessible folder.

    Anybody figured out how to do this--there must be someone on TSG site that has solved this?

    I am trying to help my Cousin by phone in Florida, but I need him to roll Vista system back so I can get remote access to remove malware that got on computer and the malware has broken the association with EXE files and System Restore and prevents my usual removal tools from running even in Safe-Mode.

    I tried some registry steps over phone --but it is very time consuming and difficult doing it this way with him
    Isn't there a way to extract the Registry Hives from those large restore files in Vista System Volume Information folder?

    You can take ownership and/or most likely give your Username login permission to read/write the System Volume Information folder (SVI). I don't have Vista in front of me, but you can probably right click SVI folder--choose Properties and look for Security tab and add your User login name to permissions list and check all read/write boxes for changing files etc. Than you should be able to read SVI folder even after it gives you an error warning that it could not set permissions. I did it a few months back on a Vista computer and it worked. The files are very large and have long, random alphanumeric file names

    I do a similar method with XP SVI folder by trying to share the folder and checking both boxes to allow changes etc and than it says there was an error or gives warning but when you open SVI folder in XP you can see all the restore points
     
  4. Mumbodog

    Mumbodog

    Joined:
    Oct 3, 2007
    Messages:
    7,891
  5. TheOutcaste

    TheOutcaste

    Joined:
    Aug 7, 2007
    Messages:
    9,028
    I've not actually looked at doing this manually, as booting from the DVD gives access (usually) to System Restore. Obviously not always the case.

    Vista and Win 7 do have an improved equivalent of the Repair folder that XP has though, located here:
    C:\Windows\System32\config\RegBack

    There are copies of the registry hives in that folder that seem to be updated regularly.
    On a Vista VM, they were updated when I booted up the system. The previous logs show a date of 3/11, which is the last date that I saved changes to the virtual hard drive.
    My Win 7 system has hives dated 3/31. It's three hours after a restore point was made, and there are two restore points after it. It was booted 1 1/2 hours before those backups were made, so I'm not sure of the timing on these being created, or what service does it.

    It may be automatically updated if they are more than a week old; mine should should be updated today or tomorrow if that's the case. So this may or may not be useful, depending on how old the hives are.

    Have to go diving into the System Volume Information folder to see if the hives can be easily recovered without needing something like Shadow Explorer to view it. Not sure if Shadow Explorer would run in the WinRE environment.

    To access the System Volume Information folder is sometimes a bit picky, doesn't seem to work if you add the Administrators group, you have to add a specific user. Here's the procedure I use, it's always worked for me:
    To gain access to the System Volume Information folder:

    1. Right click the System Volume Information folder, click Properties
    2. Click the Security tab.
    3. Click the Advanced button
    4. Click the Permissions tab if not already on that tab
    5. Click the Continue button.
      You'll get a UAC Prompt, click Continue
    6. Click the Add... button
    7. Click the Advanced... button
    8. Click the Find Now button
      Click on your User account
    9. Click OK
      Check the Full Control box in the Allow column
      Make sure the Apply to: drop down shows This folder, subfolders and files
    10. Click OK
    11. Click OK
      You'll get multiple error dialogs saying:
      An error occurred applying security information to:
      ..\{GUID}{GUID}
      Access Denied

      Where GUID is a long string of hexadecimal characters like this:
      {1fe55d27-f9b6-11de-b74a-0003ffbf1f97}{3808876b-c176-4e48-b7ae-04046e6cc752}.
      Just click Continue on all of them
    12. Click OK
    13. Click OK
    You can now double click the folder to access it and see what is inside.

    To remove your account from the System Volume Information folder:

    1. Right click the System Volume Information folder, click Properties
    2. Click the Security tab.
    3. Click the Edit button
    4. Highlight your account
      Move the Permissions for System Volume Information dialog window to the right side of the screen
      This will prevent accidentally removing the System account
    5. Click the Remove button
    6. Click OK
      You'll get multiple error dialogs saying:
      An error occurred applying security information to:
      ..\{GUID}{GUID}
      Access Denied

      Just click Continue on all of them
      Be Careful! If you didn't move the Permissions for System Volume Information dialog window to the side you may end up clicking Remove after the last Error Dialog and end up removing the System account.
      Your account will still appear in the list after the last error dialog.
    7. Click OK
    You will now no longer have access to the folder.
     
  6. mocks1

    mocks1 Thread Starter

    Joined:
    Aug 6, 2002
    Messages:
    118
    Thanks Mumbodog and TheOutcaste for the detailed information!

    I tried a registry fix to get EXE files opening normally instead of the underlying virus or asking what program to use--but the one I tried last night did not do the trick

    I will try the downloadable registry fix file from your link--it looks very promising and is different REG info from the one I tried with my cousin last night

    He is calling me in about 30 minutes so I will have him try that first

    That is a great step by step to get access to SVI in Vista!

    These two tools/info go in my bag-of-tricks folder!

    PS--His computer has been having problems/infected since St Patrick's Day--so who knows if those extra REG files you mentioned exist before that date. I'll have him check that as soon as he calls too
     
  7. mocks1

    mocks1 Thread Starter

    Joined:
    Aug 6, 2002
    Messages:
    118
    Mumbodog your EXE file association registry fix worked that I downloaded from link you provided above--thanks again
     
  8. mocks1

    mocks1 Thread Starter

    Joined:
    Aug 6, 2002
    Messages:
    118
    I was able to get remote access to my cousin's computer once he applied registry fix file--luckily he was able to get access again to Internet Explorer and he downloaded and merged data back into registry

    I tried getting him to install Firefox last night but it would not install because of EXE problem. I am connected remotely now and ran Malwarebytes and It found about a dozen nasty trojans, fake anti-virus scanners and EXE hijacker files

    I am running a NOD scan of his hard drive and it has found a few more including something called BAT/Killfiles.NCB Trojan sitting right on the Desktop (in the User login name Desktop folder)

    He has Comodo Internet Security Free but it obviously let a lot get past--so I'll have to talk him into buying NOD Smart Security instead



    I
     
  9. mocks1

    mocks1 Thread Starter

    Joined:
    Aug 6, 2002
    Messages:
    118
    I still want to figure out how to manually restore registry files back on a Vista system--it will definitely be needed someday soon

    Please post any hints, clues or links that might lead me in the right direction to figure this out---thanks
     
  10. mocks1

    mocks1 Thread Starter

    Joined:
    Aug 6, 2002
    Messages:
    118
    Anyone here on TSG figured out how Microsoft stores registry/restore point data in all those huge files in Vista System Volume folder. Is the data encrypted or is there a way to extract just registry hives from the files using some new method or obscure program to read the contents of these files?
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/915155