Useful Data Recovery Tool: PLD RescueCD

A good friend of mine approached me just after Christmas with a problem. His sister’s notebook has gone kaput with the dreaded NTLDR is missing error message.

For those unfamiliar with Windows system files, NTLDR is Windows’ boot loader file (for the NT family of OS; NT, Win2K, WinXP, Windows Server 2003, etc). Ok, so now we know the problem… but what’s the root cause?

To find out, we need to examine the filesystem to see if NTLDR was the only missing file and find other problems that are unknown to us at the moment. I immediately logged on to my notebook and searched for the smallest and most useful Linux rescue CD ISO file and quickly found PLD Linux RescueCD.

Sure there are other more famous Linux rescue CDs like Knoppix, but again let me remind you that I needed the smallest download size for a very specific use (ie. system recovery).

The fact that PLD has ntfs-3g support built in made it all the better because the standard Linux NTFS drivers that comes with the kernel has no NTFS write support… and I’m pretty sure the crippled notebook has NTFS partitions.

So I copied my own NTLDR and files onto a thumbdrive and burnt the PLD ISO file to a CD. It’s only around 60MB in size to the burning process took just under a minute.

Powered on the messed up notebook, stuck in the PLD CD into the drive and soon I was greeted with the warm and fuzzy command prompt. I then proceed to mount the first partition (Windows’ drive C:) of the hard disk:

  1. mkdir /tmp/win
  2. ntfs-3g /dev/sda1 /tmp/win
  3. cd /tmp/win
  4. ls -al

Yep, the NTLDR and files are indeed missing. I also saw a few strange files on that partition: autorun.inf and kernel32.dll.vbs. Telltale signs of a virus infection. A quick googling shows that it’s VBS.Solow.D.

By the way Windows folks, your hard drive partitions shouldn’t have autorun.inf in the root directory; it opens up your system to lots of potential hazards.

So I just deleted the two files and stuck in my thumbdrive into a USB port. I then mount the thumbdrive and copied over the files onto the Windows partition:

  1. mkdir /tmp/usb
  2. mount /dev/sdb1 /tmp/usb
  3. cp /tmp/usb/NTLDR /tmp/win/
  4. cp /tmp/usb/ /tmp/win/

A quick reboot later, we can then see the Windows XP boot splash screen. So at least the system can boot up properly. Not long later, we’re at the desktop. Upon further inspection, I found out that the system doesn’t even have an anti-virus software installed so I downloaded and installed AVG Free for my buddy.

Installed, ran the virus definition update, and performed a system wide scan. All remaining traces of the virus was removed and he now has a fully working system.

For this 20 minutes work (not including the virus scanning time, of course), I charged him RM60… not because I want money, but the sister ought to be taught that with using a computer comes a responsibility to maintain it properly. I’d rather call it as tuition fee.

And if you think that’s too much to charge somebody, think again. Similar “system restore” jobs can cost up to a couple hundred RMs. And what is RM60? Heck, I can’t even rent a toilet at the Outer Banks area for an hour for that sum of money.

Anyway, the whole experience has thought me to always keep a Linux rescue CD close by for similar issues… and PLD Rescue CD does the job pretty darn well while having a small footprint.

2 responses to “Useful Data Recovery Tool: PLD RescueCD”.

  1. Umarzuki Says:

    Nice tutorial. U copied the ntldr and from other Windows installation

  2. A Tale Of An Unnecessary Linux Reinstall - HTNet Says:

    […] grabbed the PLD RescueCD that I always keep near our servers and booted it up on the ailing web server. It booted up fine […]