A
Adam
Hello,
I'm fixing a computer at my work. The computer has been infected with
lots of viruses and malware. Most of the viruses have been removed by
plugging the hard drive into another computer and removing them that way.
Unfortunately, one of the users has used EFS to encrypt lots of important
documents. I am unable to login at all, as soon as the welcome screens quits
after successful username and password have been entered the system hangs and
does not complete loading.
The installation of windows is not important to me but the documents are. My
questions are:
Is it somehow possible to export the Recovery Agent without being logged in
as that user (i.e. from the recovery console)?
Can I do a repair install without compromising EFS and becoming locked out
from the files?
Are there any software out there designed to brute force the EFS technology?
Is there a way to restore the registry to a basic state (i.e. to that of
when it was installed) but keep the SID the same for the user account?
I know its a few questions but I've ran into lots of problems with this
computer and have tried lots of different methods to extract the information.
Thanks,
Adam
I'm fixing a computer at my work. The computer has been infected with
lots of viruses and malware. Most of the viruses have been removed by
plugging the hard drive into another computer and removing them that way.
Unfortunately, one of the users has used EFS to encrypt lots of important
documents. I am unable to login at all, as soon as the welcome screens quits
after successful username and password have been entered the system hangs and
does not complete loading.
The installation of windows is not important to me but the documents are. My
questions are:
Is it somehow possible to export the Recovery Agent without being logged in
as that user (i.e. from the recovery console)?
Can I do a repair install without compromising EFS and becoming locked out
from the files?
Are there any software out there designed to brute force the EFS technology?
Is there a way to restore the registry to a basic state (i.e. to that of
when it was installed) but keep the SID the same for the user account?
I know its a few questions but I've ran into lots of problems with this
computer and have tried lots of different methods to extract the information.
Thanks,
Adam