SAFEBOOT registry subkeys missing, can't boot into safe mode

[Guest FUBARinSFO]

Hi:

 

Windows 2003 Server, can't boot into safe mode. Upon further

inspection, subkeys for SAFEBOOT are missing from HKEY_LOCAL_MACHINE

\SYSTEM\CurrentControlSet\Control\SafeBoot registry. That is, not

even Minimal nor Network keys are present. ContolSet002, ...,

ControlSet004 are either missing SafeBoot key entirely or the subkeys

as above.

 

1. What is the procedure to restore these keys, short of a reinstall

of the opsys?

 

2. Any idea how this could have happened? If a virus/trojan, I didn't

seen anything suspicious under run/runonce (cursory inspection).

 

Thank you in advance for your help.

 

-- Roy Zider

 

Used ERD Commander 2005 for boot.

[Guest Ace Fekay [MVP]]

Re: SAFEBOOT registry subkeys missing, can't boot into safe mode

 

In news:a9afadc2-185d-4073-b19b-40416e0890a8@h1g2000prh.googlegroups.com,

FUBARinSFO <file1303@gmail.com> typed:

> Hi:

>

> Windows 2003 Server, can't boot into safe mode. Upon further

> inspection, subkeys for SAFEBOOT are missing from HKEY_LOCAL_MACHINE

> \SYSTEM\CurrentControlSet\Control\SafeBoot registry. That is, not

> even Minimal nor Network keys are present. ContolSet002, ...,

> ControlSet004 are either missing SafeBoot key entirely or the subkeys

> as above.

>

> 1. What is the procedure to restore these keys, short of a reinstall

> of the opsys?

>

> 2. Any idea how this could have happened? If a virus/trojan, I didn't

> seen anything suspicious under run/runonce (cursory inspection).

>

> Thank you in advance for your help.

>

> -- Roy Zider

>

> Used ERD Commander 2005 for boot.

 

This does sounds like malware got your machine. Take a look at the link

below to see if it helps. Another option is to boot up from the Windows 2003

CD and run an upgrade. This will keep all current settings and roles. If the

CD is integrated with the same SP level, then just re-run Windows Update. If

not, run the current SP, then run Windows Update.

 

Restoring Safe Mode with a .REG file

http://blog.didierstevens.com/2007/02/19/restoring-safe-mode-with-a-reg-file/

 

--

Regards,

Ace

 

This posting is provided "AS-IS" with no warranties or guarantees and

confers no rights.

 

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

MVP Microsoft MVP - Directory Services

Microsoft Certified Trainer

 

For urgent issues, you may want to contact Microsoft PSS directly. Please

check http://support.microsoft.com for regional support phone numbers.

 

Infinite Diversities in Infinite Combinations

[Guest FUBARinSFO]

Re: SAFEBOOT registry subkeys missing, can't boot into safe mode

 

Ace:

 

Yes, indeed it was from an earlier infection. a Win32/Bagle worm

variant

Restore from older backup is not overwriting registry

http://groups.google.com/group/microsoft.public.windows.server.general/browse_thread/thread/91e73bdebcfcadf1/6989ae7e3c6f4712?lnk=raot

 

I'll do a repair from the install CD, but at some point it's about

time to do a fresh install. Thanks.

 

-- Roy

[Guest FUBARinSFO]

Re: SAFEBOOT registry subkeys missing, can't boot into safe mode

 

Ace:

 

Further, I did have the Didier Stevens link open in IE when I posted

the note. Just haven't done it, since it wasn't definitive.

 

-- Roy

[Guest Ace Fekay [MVP]]

Re: SAFEBOOT registry subkeys missing, can't boot into safe mode

 

In news:1d3c5c18-eaa2-4e81-a452-a3c7153d5fda@w8g2000prd.googlegroups.com,

FUBARinSFO <file1303@gmail.com> typed:

> Ace:

>

> Further, I did have the Didier Stevens link open in IE when I posted

> the note. Just haven't done it, since it wasn't definitive.

>

> -- Roy

 

This would be the better option to running an ugrade. Let's hope for the

best. If this doesn't work, then let's go for running the upgrade. Of

course, the ultimate option is a clean reinstall.

 

Ace