[Novalug] SOT: Fixing NTFS -- the "MyBook"

Paul D. Bain paulbain at cox.net
Fri Dec 7 13:45:43 EST 2007 

---- Ken Kauffman <kkauffman at headfog.com> wrote: 
> Can I just say -- holy crap --
> 
> I am merely sharing an experience here in case you run into the same issue
> for those that have to play in the <sarcasm>WWoW[tm]  (Wonderful World of
> Windows)</sarcasm>
> This is also not intended to trigger the non-constructive contributors that
> live in the realm of M$/Vista/Windows flame bashing either. ;)
> 
> This is my take away from this scenario --
> If your system seems to hang with NT Kernel at 50% (dual core) or 100%
> (single core), you might have a corrupt NTFS file system that Vista can not
> deal with.
> I absolutely had to use XP and Linux to fix it.
> 
> 1) I must use Windows because of my job - so let's get that out of the way.
> 2) I do run Linux for non work stuff.
> 
> /// Actors
> - One AMD dual core X2 4400+ desktop running Vista X64 Home Premium
> - One laptop running dual boot Vista X64 Home Premium and Xubuntu
> - External 250Gb My Book Basic

Ken,

     I just ran across an interesting story about the Western Digital "MyBook," and am wondering whether the facts disclosed there have any bearing on the difficulties that you encountered. At first glance, it seems that the answer to this question is,  "No," but I continue to wonder. Here is the link:

     http://yro.slashdot.org/article.pl?sid=07/12/06/2119240&from=rss

     See another comment below.

> - OEM Vista x64 disc
> - OEM Windows XP Pro disc
> 
> /// Scenario
> NTFS on the MyBook has been corrupted and chkdsk utilities will not fix
> it.   There is a directory that "exists" but every took I have tells me it
> does not.  Sounds like an entry in NTFS but no on disc.  I want to clean up
> the disc.  My entire music library is also on this external disc so I must
> tread with caution.
> 
> ---
> /// Attempt #1
> Run chkdsk in Vista.  Supposedly fixed the issues.  Did not actually.
> 
> /// Attempt #2
> Boot of XP OEM disc and try and remove directory.  Fail.
> 
> /// Attempt #3
> Boot laptop into Xubuntu, ensure that I am running ntfs-3g and ntfsfix.
> Also ensure that ntfsprogs is greater than 1.13.1-1 which supports Vista
> NTFS.
> Mount drive using ntfs-3g.  Remove offending directory.  No problem.
> Unmount drive.
> Run ntfsfix on said drive.  (This triggers windows to do a chkdsk by marking
> it dirty).
> Plug the drive back into workstation running Vista.
> The disc is recognized as shown by the "eject" icon however VISTA HANGS HARD
> with the kernel jumping to 50% saturation on one core.  Full system
> instability ensues.
> Disk manager hangs and becomes inaccessible, explorer crashes, can't be
> relaunches, all utilities are rendered useless while the kernel goes into
> overdrive to do nothing but something (evidently).  I could launch task
> manager to show that it was the NT Kernel hanging.
> 
> /// Attempt #4
> Boot laptop into Vista
> Plug drive in.
> Drive kills Vista on laptop as well.  Same symptoms as in #2.
> In case vista was trying to repair and was simply doing it poorly and
> hanging, I let the laptop sit with the disc overnight for 8 hours.
> When I woke up, it will still uber-borked.
> 
> /// Attempt #5
> Boot laptop into Vista OEM disc recovery console with drive plugged in (for
> detection purposes)
> RECOVERY CONSOLE dies hard with same CPU hanging symptoms
> 
> /// Attempt #6
> Boot laptop into XP Pro (OEM) CD recovery console with drive plugged in (for
> detection purposes)
> No hanging.
> Run chkdsk /p  (chkdsk /f does not exist for CD boot recovery)
> XP detects errors and resolves them.  (This takes time because /p also
> implies block check)
> Reboot back into console and run vanilla chkdsk just to double check.
> 
> ----
> Boot back into vista on desktop and the drive mounts just fine no hangs, no
> issues.
> Boot into vista on laptop, drive mounts just fine no hangs, no issues.
> 
> \ Final solution for Vista "unfixable" NTFS file system structure \
> - use linux/ntfs-3g to remove offending directory(s)
> - run ntfs-fix
> - use XP to run chkdsk
> - now drive will re-mount in fixed condition inside Vista
> 
> Really an unacceptable solution given I have 3 operating systems involved,
> but when you must fix this scenario this is what I found works.
> This might be of interest to you forensic-istas as well.

     Yes, this incident is of interest to this "forensic-ista." I shall file your experience in my file folder whose rubric is "digital forensic exams."

Sincerely,
Paul Bain

More information about the Novalug mailing list