# Restoring encrypted files from my documents from my crashed main computer



## FrostRose (Jan 16, 2007)

Hello, i'm on my laptop writing this;
To make a long story short, my main computer got infected by enormous amounts of malware/vira and i can't save it because it won't even boot in safe mode without crashing. SO basically i decided that i was going to recover my files to my laptop through my external hard-drive case. All the relatively unimportant files around the hard drive are doing fine...

BUT the things that were in My Documents give me "access denied" - they're encrypted! (I did encrypt some files manually in the my documents since they're very important to me, but not my entire My Documents folder though. i'm assuming windows just encrypts that stuff permanently.) What do i do!? I had administrator rights with the user that had the files on that computer, and i know that password, but i don't know how to decrypt files. When i try to google it, it tells me a bunch of stuff about certificates and the like, which i can sort of get my mind around - but it seems as if all the articles assume the files don't come from a different computer.

SO the question is; How do i decrypt files that were encrypted and/or placed in My Documents/My Pictures and so on, on a computer different from my own, that i can't log on to (Because it's broken) BUT i have the passwords for (if they're somehow related to the process).

I guess it sounds a bit shady but it's REALLY seriously a problem! i can't reformat before i do this and there's way i can get it to work. (Although i'd love some feedback on how fix a computer that won't boot up! that'd be just as good - then i could salvage my files in a more conventional way!)

I would really appreciate quick feedback on this issue if possible,
Thanks a million!


----------



## hal8000 (Dec 23, 2006)

Heres one way to get your work back. First download Knoppix 5.1 and burn it to a cdrom. You may need another computer for this. Mirror page below:

http://www.knopper.net/knoppix-mirrors/index-en.html

Download the CD iso not the DVD. Once the disk has been created reboot with it in your infected windows machine. You will also need a usb pendrie to transfer your files.
Once knoppix has booted, you will be using a grahical environment called KDE, you will see a drive icon labelled hda1 or perhaps sda1 depending on whether your machine uses an IDE or S-ATA hard drive.

Click on the icon this will mount your windows partition, at this stage knoppix is running entirely in RAM nothing is wrote to your hard drive. When mounted you will be in the root windows directory commonly called C: under windows.
Make sure you know your way around the windows file system and naigate to the folder containing your work.

Place a usb pendrive into a free usb slot. You will see a usb icon on the kde desktop. Single click this to mount the drive and drag and copy the files from your window directorys to the usb drive. When finished close the usb window then right click and choose safely remove (or unmount) cant remember which from memory. Remove the usb drive and you should now be able to read and recover the data on a working windows computer.
Hope that helps.


----------



## Cellus (Aug 31, 2006)

Did you encrypt the files using EFS (the Windows encryption)?

Moving the encrypted files to removable media via a Linux LiveCD (ie. Knoppix) unfortunately will not automagically decrypt these files. This is because, while encryption/decryption is transparent to users in Windows while in use, it is dependent on an EFS driver on the filesystem level (which Linux does not have).

One thing you can try is to get your troubled system at least into a usable state for you to properly access and decrypt the files within Windows. Try going through our HijackThis 5 Step Process and post in our HijackThis Help board. Someone from our security team will assist you in trying to get your PC into a usable state for you to get your files.

Addendum: If you are unable to go through these 5 steps properly, post in our HijackThis Help board anyways. Sometimes our security team can work magic.


----------

