How to recover files from a broken/infected windows machine

So your computer is totally messed up. Maybe something was installed and now is crashing the OS. Maybe a destrucive virus make its was on the the machine. Maybe it was the "oops" factor. Either was your computer is not unusable.

In this installment, I will explain, step by step, how to recover files from a windows (Or Linux) machines that is completely borked and the OS will not boot up.

Tools you will need:

A KNOPPIX Live linux cd. You can download the CD image from and burn it to a CD using your favorite cd burning program. Obviously you will want to have one ready ahead of time and I highly recommend having one handy whether you need it or not just in case.
An external USB drive large enough to hold the files you want to retrieve.

1. Connect the USB Drive and boot the computer using the knoppix CD. Wait for it to start up fully. You will know it is up when the desktop is loaded and the browser opens showing the knoppix website. It will seem slower that your normal OS because everything runs directly off of the CD, so no changes are being made to the system yet.

2. Once the startup sequence is complete you will see a basic Linux Desktop. If you are not used to this, dont freak out. I'll walk you thorugh it. It's not rocket science. In the upper left you will see Hard Drive A
an icon (or icons) for each hard drive partition. hda stands for 'Hard Drive A' hdb would be 'Hard Drive B' if you have a second one, and so on. Newer computers that have serial ATA drives (SATA) will show up as sda. You may see a number after hda (like hda1) this indicates the first partition of the first drive. You can see the contents of each drive by clicking once (double clicking will open two of them). as this will open a new window showing the contents of that drive/partition. Use this technique to locate the files you wish to retrieve.

3. Your USB drive will show up as another hard drive. Probably as sd(ab) if you only have one internal hard drive. USB DriveClick on this drive once to open it. If you have files already saved on it you will see them. If it is new, or has never been used, it may be empty.

4. Once you have located your files from the interal drive, Simply drag and drop them into the window of your USB drive. if there are many or large files, this may take time. Be patient. If you have trouble copying files to the USB drive, it may because the drive is 'Read Only'. To fix this, right-click the icon of the USB drive and choose Actions -> Change read/write mode.

5. *Important* Once this is complete and you are satisfied that you have everything you want, right-click on the icon of your USB drive and choose 'Unmount'. This will write any remaining files to the USB drive and allow you to safely remove it. Unplugging your usb drive may corrupt the files you had transferred onto it.

6. You are Done. You could plug the USB drive into another computer to verify that your files are intact. You can then repair your computer without the worry of loosing your valuable files.


I followed the above instructions. My Q is:
Why would the linux cd lock-up?
Is my RAM the problem? Is a virus preventing linux(cd-rom) from working?
The problem OS is Win Vista.

By BoriSpider (not verified)

Could be a serious hardware problem that is causing the entire machine to lock up. Could be RAM. There is a utility on most live linux CD's (memtest86) that will scan for RAM problems.  You are best trying to remove the hard drive and installing into another machine to get your data if it is more serious.

By dave

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.