Restoring Registry of XP

Few days back, my Windows XP got infected by a few viruses. Using infected pen drives seemed to be the reason. One particularly pesky virus was a script that started everytime I logged on even when I deleted the .vbs file manually. So I opened up regedit.exe and deleted every registry entry containing that file name. Bad move.
Next time I rebooted, I got the Welcome Screen, which I usually bypass. Clicking on my user name was not good enough to log in. It’d display, Loading User Settings and then come back to login screen without getting to desktop. I have a dual boot system with Linux as other OS (Using ntfs-3g it’s possible to read-write NTFS partitions from Linux). I could do most work on Linux but not gaming. I needed that XP back, reinstalling was not an option.
So….booted into Linux and fired up Google to look for some solution. There were many such cases but only one solution was applicable in my case, that is..restoring the registry.
There are many ways to restore registry one being using Windows Recovery Console. But that’s slow as it involved booting using XP cd and running commands to copy/rename files from crappy command line of Windows. Why use Windows command line, when you can read-write NTFS partitions from Linux itself!! :p
Here are the steps:-

First identify your XP partition on which it’s installed. In my system it was sda1.

Then make a new directory anywhere. Name it reg. Type
mkdir /reg

Now get into Windowssystemconfig directory.
Type
cd /mnt/sda1/Windows/system/config
Notice that / is used in linux not

Copy the following 5 files into Windowsrepair directory
software, system, security, sam and default

Now find your system restore folder on XP partition. It should be like
/mnt/sda1/System Volume Information/_restore{74AB4D58-11E9-4AAD-83C4-A8687AfE0C89}

Get into snapshots folder. There should be some folders there named RP** where ** stands for some number. Open the most recent folder and copy the following files

_REGISTRY_MACHINE_SAM
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_SOFTWARE
_REGISTRY_MACHINE_SYSTEM
_REGISTRY_USER_.DEFAULT

into reg folder you created previously.

Rename these files by deleting the _REGISTRY_MACHINE_ part from each one so that the new names are SAM, SECURITY, SOFTWARE, .DEFAULT and SYSTEM

Copy these 5 files to WindowsSystem32Config folder

Reboot, get to the welcome screen. You’ll be able to login using one account at least.
In my case I logged in using Administrator account. (only one visible). Then I created one account with same name as older on and got all my account settings and documents back.

If you don’t have linux, you can follow the instructions from this website.



Leave a Reply