Anyone familiar with Windows Re-Install?

[Ninja2dan]

Ok, some ******* decided to permit bogus ads on their web site, while clicking on a link to open a news article I was directed to a new page that installed popped me with a virus/trojan.

The website will not be named, but it's a very popular and legal/legit normal news service. I've been to that site at least once a week for a few years, and it wasn't until a couple of days ago RIGHT when some fancy animated pop-out ad started up and shortly after I was assaulted with the "Your PC has a virus, let our company offer you a free scan and you can buy our removal tool cheap".

I immediately recognized it as being an attack, so I yanked the network cable and Ctrl+Alt+Del to open the task manager and zap the program. I then started running a virus scan, but within a minute or so (long before the scan could complete) the virus flashed my system, killed .exe functionality, and actually removed the files to run any of my safety/security software.

From that point on I was unable to run any applications, getting the error that my system didn't know how to run an exe/com/bat/etc. For those in the know, that means my registry was altered.


Now, I've been dealing with PC's for over two decades now. Normally, when a trojan/virus like this is detected I always just wipe the drive and do a new install of windows. Well this time I had too much stuff that wasn't backed up, so I did a "new" install of windows instead. This in turn kept a Windows.old folder with all previous stuff stored, but inaccessible unless I ran it myself.

I don't mind so much having to reinstall everything, it's good to start with a clean system every once in a while anyways. But the one thing that I need are my old bookmarks. I use Firefox, and I can't figure out how to locate my old bookmarks from within that secured-access folder system. And I didn't know until today that Firefox had that Sync function, which would have saved my ***.


So, does anyone have a good idea how to recover those old bookmarks? My last backup was over a year ago, and I've added/removed a LOT of bookmarks since then. Without them I'm in some serious shit, so I'd appreciate any suggestions.

I'd like to get those bookmarks recovered so I can dump that old folder, which is taking up tens of gigs of space now on my primary drive. I'd also like to fully wipe any remnants of that virus, only possible by deleting that old folder.


I've already activated enhanced security features, reinstalled previous security software, and installed new safety measures that will hopefully prevent it from happening again.

Again, in short: I need to locate lost bookmarks in my Windows.old folder from a reinstall of Windows Vista Ultimate 32-bit.

[MaSSive]

Well I got sync on on Win7 and my bookmarks are in C:\Users\MaSSive\AppData\Roaming\Mozilla\Firefox\Profiles\qpql0u37.default\bookmarkbackups\

For you it should be the same except the user part and "qpql0u37.default" - that might be different. File types are .json so you can copy them safely to your new install - \bookmarkbackups folder or just copy the whole \Mozilla folder to new install and then you should have all extensions and bookmarks.
Other way may be to copy the .json files and then use import function to import those bookmarks to new install.
Might be safer to only copy bookmarks, it might be that your browser got infected too in old system.

Looky here for more about that Windows.old folder

Oh wait...damn it I just realized that you have only Windows.old folder left from old install. Well I'm afraid that you are screwed. If bookmarks are not in that folder you lost them permanently.

Might be of interest so check this out too.

http://support.mozilla.com/en-US/kb/Bac ... nformation
http://support.mozilla.com/en-US/kb/Pro ... ur_profile

[LITOralis.nMd]

There is a path to salvation, but it is wrought with tribulations.

Windows.Old Folder provides a path for you to manually roll back to your previous OS to the same state as before you upgraded if you decide that you don't like Windows 7.

!!!!! I HAVE NEVER ATTEMPTED TO DO THIS, you need to research this on your own. !!!!

SO you can probably roll back the OS reinstall,
then either run a LiveCD with NTFS support on that PC or pull the HDD out and plug it into a second PC,
find the file folder of your \Mozilla\Firefox profile,
copy the relevant stuff from that folder to a thumbdrive.
SCan the thumbdrive with a few anti-virus anti-trojan pacakges,
ON the second PC, Test the profile copy on a portableapps.com suite's version of firefox.


THen reboot out of the LiveCD or pull the HDD out of the second, PC,
Reinstall Vista on your primary PC,
reinstall FF and the profile.

What a way to spend a Sunday. Good Luck.

[Ninja2dan]

To clarify, my previous installation was Win Vista, same as the new install. My PC contracted a virus/trojan via some sort of bad ad link or unsecured news site. The re-installation of my O/S was because the virus fried my system, wouldn't allow anything to run properly and couldn't be tracked down well enough to ensure it was gone.

I only have the one system available, so use of a second tower to mess around with swapping installs or roll-backs is not possible. And without knowing for sure where that virus planted itself, I'm not doing a rollback. I was just hoping that the Firefox data had been stored in a folder that wasn't removed during the reinstall.

I plan to contact Mozilla tech support to see if they have any suggestions. If not, then I'm SOL and will have to accept the loss of nearly 2 year's worth of bookmarks (some very important).

The loss of those bookmarks will mean loss of money, business, and time. But I'm not going to risk full data loss or damage to my system in order to recover those links.

[MaSSive]

Yeah you're right...too bad we cant be of more help. Have you tried some data recovery software? It might help but chances are pretty much low. Probably old data got rewritten already but thats only thing that's left to try. Not sure if Mozilla support will be of any help but give it a go.

EDIT: Wait I was just reading this kb article on Microsoft after LITOralis.nMd pointed out this with windows "rollback hack" and have found the next:

After you do windows install like you did ( over existing install ) system is doing a whole backup of "Program Files", "Documents and settings", and other important system folders.
If this is the case there is big hope that you can get your stuff back but you need to do the following.

Unhide system folders and files: Go to Control Panel>Folder Options>View and make sure radio box "Show hidden files, folders and drives" is checked - this is to make sure that windows explorer or the system itself will not hide folder we need here. Next thing is to make sure that on same tab "Hide protected operating system files ( Recommended )" is not checked for the very same reason.

Once you do that you can navigate trough Windows explorer or some other file manager app to folder Windows.old\Users\Youurname\\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default\bookmarkbackups\ and get your bookmarks back.
If folder is not there you can try in "Documents and settings" instead of "Users"

I hope this will save you the trouble and there is no danger you will damage anything. Once done just revert settings you changed in control panel to be on the safe side.

Good luck

[LITOralis.nMd]

Massive is correct, this is nothing more than a copy and paste job, should take a few minutes... follow his directions to make hidden folders and files visible...

[Ninja2dan]

Hot damn! It finally worked.

I tried accessing the hidden folders in that directory before and it wasn't working, had completely forgotten about just changing the setting through the control panel. I knew those files were located in the appdata folder, but it just wouldn't show up until I used the CP to unhide it.

I owe you one guys, just saved me the largest migraine of the year. I've now recovered links that would have taken me months or more to find again, if ever.



Now I can zap that Windows.old file, hackers and virus coders can suck balls.

[MaSSive]

Nice save! And I learned something new out of it. Gawd damn next time get those backed up

[illidur]

gj getting your bookmarks back. im curious what site you got it from... because i have no idea where mine came from tbh.

i got hit with the same thing not long ago. i also pulled the ethernet instantly. but the damage had already been done, you can't run regedit or even CMD normally. but i found out you can right click "start" instead of "run or open". eventually i reclaimed control and recovered from it.

if anybody else experiences this...
i used task manager to locate and wipe out all that i could find running like services and locations of it. ping.exe can be stopped by going to task manager>performance>resource monitor> right click> suspend process.
the fake antivirus is easy to locate in programs and you can "open file location" to delete it.
it also infects IPsec Policy Agent and IKEEXT. but avg will delete them later which is annoying but good.

after doing all these things i system restored, ran avg, TDSSKILLER and then Malwarebyte's anti malware.

[TeRR0R]

You can even move the whole backup (username)\AppData\Roaming\Mozilla folder
to the new users profile roaming folder, replacing the newly created one.
This way you will have everything back: Bookmarks, Settings, Addons, stored passwords, etc.

Same can be done with Thunderbird.

[BabylonCome]

Moved to Software forums as thought it would be better in there but then noticed who posted the topic..

Sorry Ninja2dan for overwriting your original...

[Ninja2dan]

It's all good, should be in the correct section regardless of who started it. Not sure why I didn't notice the incorrect posting section to start with, appreciate the move.