Stuck booting into Safe Mode CLI

[Guest pford-@bcm.tmc.edu]

Hello,

 

My son's game computer running Windows XP Home edition got some nasty

MalWare on it that has changed the protection of some files and

folders and altered privileges that prevents me or the antiMalWare

appls from deleting them. I had a terrible time getting safe mode to

come up so I could log in as the administrator. At that point, it came

up as a command line interface – and that is where I am stuck. It now

always boots into the safe mode command line. When I get the screen to

come up that gives me options for booting, like safe mode, safe mode

CLI, last known good profile, etc., it still boots as safe mode CLI.

How do I fix this?

 

Also, it looks like some directories have been hidden from view. Is

there a means that I can see them?

 

 

Regards

 

 

**pford@bcm.tmc.edu**

[Guest Malke]

Re: Stuck booting into Safe Mode CLI

 

pford-@bcm.tmc.edu wrote:

> Hello,

>

> My son's game computer running Windows XP Home edition got some nasty

> MalWare on it that has changed the protection of some files and

> folders and altered privileges that prevents me or the antiMalWare

> appls from deleting them. I had a terrible time getting safe mode to

> come up so I could log in as the administrator. At that point, it came

> up as a command line interface ? and that is where I am stuck. It now

> always boots into the safe mode command line. When I get the screen to

> come up that gives me options for booting, like safe mode, safe mode

> CLI, last known good profile, etc., it still boots as safe mode CLI.

> How do I fix this?

>

> Also, it looks like some directories have been hidden from view. Is

> there a means that I can see them?

 

At this point you'd be best off backing up his data and doing a clean

install of Windows. You can pull the hard drive and slave it in a working

machine or put it in an external hard drive to get the data.

 

http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To

http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows - What

you will need on-hand

 

Malke

--

MS-MVP

Elephant Boy Computers - Don't Panic!

FAQ - http://www.elephantboycomputers.com/#FAQ

[Guest pford-@bcm.tmc.edu]

Re: Stuck booting into Safe Mode CLI

 

On Jul 24, 6:39 pm, Malke <ma...@invalid.invalid> wrote:

> pfo...@bcm.tmc.edu wrote:

> > Hello,

>

> > My son's game computer running Windows XP Home edition got some nasty

> > MalWare on it that has changed the protection of some files and

> > folders and altered privileges that prevents me or the antiMalWare

> > appls from deleting them. I had a terrible time getting safe mode to

> > come up so I could log in as the administrator. At that point, it came

> > up as a command line interface ? and that is where I am stuck. It now

> > always boots into the safe mode command line. When I get the screen to

> > come up that gives me options for booting, like safe mode, safe mode

> > CLI, last known good profile, etc., it still boots as safe mode CLI.

> > How do I fix this?

>

> > Also, it looks like some directories have been hidden from view. Is

> > there a means that I can see them?

>

> At this point you'd be best off backing up his data and doing a clean

> install of Windows. You can pull the hard drive and slave it in a working

> machine or put it in an external hard drive to get the data.

>

> http://michaelstevenstech.com/cleanxpinstall.html- Clean Install How-Tohttp://www.elephantboycomputers.com/page2.html#Reinstalling_Windows- What

> you will need on-hand

>

> Malke

> --

> MS-MVP

> Elephant Boy Computers - Don't Panic!

> FAQ -http://www.elephantboycomputers.com/#FAQ

 

Well, I got out of the Safe Mode by tracking down where msconfig.exe

was and running it from the cli. So far I turned off restore point and

disabled appls that should not be starting using Registry Mechanic.

 

Now, I have another problem related to the malware. It has changed the

protection; for example, I cannot run Task Manager. I am not too Gung

Ho on backing up and restoring for a variety of reasons, with the most

important 2 being time and money. Where do I go using regedit to fix

the privileges? (I find it odd that an account with administrative

privileges can lose its privileges and XP still says it is an

administrative account.)

 

Thanks in advance.

 

PF

 

A second problem is that what ever these malware

[Guest sgopus]

Re: Stuck booting into Safe Mode CLI

 

you can change the privledges even on an Admin account, the best advice is to

wipe it out and start clean. have all your install media handy and format the

drive and install fresh.

 

"pford-@bcm.tmc.edu" wrote:

> On Jul 24, 6:39 pm, Malke <ma...@invalid.invalid> wrote:

> > pfo...@bcm.tmc.edu wrote:

> > > Hello,

> >

> > > My son's game computer running Windows XP Home edition got some nasty

> > > MalWare on it that has changed the protection of some files and

> > > folders and altered privileges that prevents me or the antiMalWare

> > > appls from deleting them. I had a terrible time getting safe mode to

> > > come up so I could log in as the administrator. At that point, it came

> > > up as a command line interface ? and that is where I am stuck. It now

> > > always boots into the safe mode command line. When I get the screen to

> > > come up that gives me options for booting, like safe mode, safe mode

> > > CLI, last known good profile, etc., it still boots as safe mode CLI.

> > > How do I fix this?

> >

> > > Also, it looks like some directories have been hidden from view. Is

> > > there a means that I can see them?

> >

> > At this point you'd be best off backing up his data and doing a clean

> > install of Windows. You can pull the hard drive and slave it in a working

> > machine or put it in an external hard drive to get the data.

> >

> > http://michaelstevenstech.com/cleanxpinstall.html- Clean Install How-Tohttp://www.elephantboycomputers.com/page2.html#Reinstalling_Windows- What

> > you will need on-hand

> >

> > Malke

> > --

> > MS-MVP

> > Elephant Boy Computers - Don't Panic!

> > FAQ -http://www.elephantboycomputers.com/#FAQ

>

> Well, I got out of the Safe Mode by tracking down where msconfig.exe

> was and running it from the cli. So far I turned off restore point and

> disabled appls that should not be starting using Registry Mechanic.

>

> Now, I have another problem related to the malware. It has changed the

> protection; for example, I cannot run Task Manager. I am not too Gung

> Ho on backing up and restoring for a variety of reasons, with the most

> important 2 being time and money. Where do I go using regedit to fix

> the privileges? (I find it odd that an account with administrative

> privileges can lose its privileges and XP still says it is an

> administrative account.)

>

> Thanks in advance.

>

> PF

>

> A second problem is that what ever these malware

>

[Guest Malke]

Re: Stuck booting into Safe Mode CLI

 

pford-@bcm.tmc.edu wrote:

> Well, I got out of the Safe Mode by tracking down where msconfig.exe

> was and running it from the cli. So far I turned off restore point and

> disabled appls that should not be starting using Registry Mechanic.

>

> Now, I have another problem related to the malware. It has changed the

> protection; for example, I cannot run Task Manager. I am not too Gung

> Ho on backing up and restoring for a variety of reasons, with the most

> important 2 being time and money. Where do I go using regedit to fix

> the privileges? (I find it odd that an account with administrative

> privileges can lose its privileges and XP still says it is an

> administrative account.)

 

I understand that you would prefer not to wipe and reinstall but in all

probability you will need to.

 

I'll give you my usual malware removal steps, including sites where you can

get guided help, but my experience as a professional who does this sort of

thing for a living is that you will spend less time if you bite the bullet

and do a clean install now. Then spend a little money and purchase an

external hard drive and imaging software like Acronis True Image so you can

image your perfectly clean and working Windows installation. Then when your

offspring messes it up again - almost inevitable with offspring - you can

restore to a working XP in minutes.

 

Go through these general malware removal steps systematically -

http://www.elephantboycomputers.com/page2.html#Removing_Malware

 

Include scanning with David Lipman's Multi_AV and follow instructions to do

all scans in Safe Mode.

 

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions

http://tinyurl.com/yoeru3 - download link and more instructions

 

When all else fails, get guided help. Choose one of the specialty forums

listed at the first link. Register and read its posting FAQ. PLEASE DO NOT

POST LOGS IN THE MS NEWSGROUPS.

 

Standard disclaimer: I can't see and test your computer myself, so these are

just suggestions based on many years of being a professional computer tech;

suggestions based on what you've written. You should not take my

suggestions as a definitive diagnosis. If you can't do the work yourself

(and there is no shame in admitting this isn't your cup of tea), take the

machine to a professional computer repair shop (not your local equivalent

of BigComputerStore/GeekSquad). Please be aware that not all local shops

are skilled at removing malware and even if they are, your computer may be

so infested that Windows will need to be clean-installed. If possible, have

all your data backed up before you take the machine into a shop.

 

Malke

--

MS-MVP

Elephant Boy Computers - Don't Panic!

FAQ - http://www.elephantboycomputers.com/#FAQ