Guest pford-@bcm.tmc.edu Posted July 24, 2008 Posted July 24, 2008 Hello, My son's game computer running Windows XP Home edition got some nasty MalWare on it that has changed the protection of some files and folders and altered privileges that prevents me or the antiMalWare appls from deleting them. I had a terrible time getting safe mode to come up so I could log in as the administrator. At that point, it came up as a command line interface – and that is where I am stuck. It now always boots into the safe mode command line. When I get the screen to come up that gives me options for booting, like safe mode, safe mode CLI, last known good profile, etc., it still boots as safe mode CLI. How do I fix this? Also, it looks like some directories have been hidden from view. Is there a means that I can see them? Regards **pford@bcm.tmc.edu**
Guest Malke Posted July 24, 2008 Posted July 24, 2008 Re: Stuck booting into Safe Mode CLI pford-@bcm.tmc.edu wrote: > Hello, > > My son's game computer running Windows XP Home edition got some nasty > MalWare on it that has changed the protection of some files and > folders and altered privileges that prevents me or the antiMalWare > appls from deleting them. I had a terrible time getting safe mode to > come up so I could log in as the administrator. At that point, it came > up as a command line interface ? and that is where I am stuck. It now > always boots into the safe mode command line. When I get the screen to > come up that gives me options for booting, like safe mode, safe mode > CLI, last known good profile, etc., it still boots as safe mode CLI. > How do I fix this? > > Also, it looks like some directories have been hidden from view. Is > there a means that I can see them? At this point you'd be best off backing up his data and doing a clean install of Windows. You can pull the hard drive and slave it in a working machine or put it in an external hard drive to get the data. http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows - What you will need on-hand Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ
Guest pford-@bcm.tmc.edu Posted July 25, 2008 Posted July 25, 2008 Re: Stuck booting into Safe Mode CLI On Jul 24, 6:39 pm, Malke <ma...@invalid.invalid> wrote: > pfo...@bcm.tmc.edu wrote: > > Hello, > > > My son's game computer running Windows XP Home edition got some nasty > > MalWare on it that has changed the protection of some files and > > folders and altered privileges that prevents me or the antiMalWare > > appls from deleting them. I had a terrible time getting safe mode to > > come up so I could log in as the administrator. At that point, it came > > up as a command line interface ? and that is where I am stuck. It now > > always boots into the safe mode command line. When I get the screen to > > come up that gives me options for booting, like safe mode, safe mode > > CLI, last known good profile, etc., it still boots as safe mode CLI. > > How do I fix this? > > > Also, it looks like some directories have been hidden from view. Is > > there a means that I can see them? > > At this point you'd be best off backing up his data and doing a clean > install of Windows. You can pull the hard drive and slave it in a working > machine or put it in an external hard drive to get the data. > > http://michaelstevenstech.com/cleanxpinstall.html- Clean Install How-Tohttp://www.elephantboycomputers.com/page2.html#Reinstalling_Windows- What > you will need on-hand > > Malke > -- > MS-MVP > Elephant Boy Computers - Don't Panic! > FAQ -http://www.elephantboycomputers.com/#FAQ Well, I got out of the Safe Mode by tracking down where msconfig.exe was and running it from the cli. So far I turned off restore point and disabled appls that should not be starting using Registry Mechanic. Now, I have another problem related to the malware. It has changed the protection; for example, I cannot run Task Manager. I am not too Gung Ho on backing up and restoring for a variety of reasons, with the most important 2 being time and money. Where do I go using regedit to fix the privileges? (I find it odd that an account with administrative privileges can lose its privileges and XP still says it is an administrative account.) Thanks in advance. PF A second problem is that what ever these malware
Guest sgopus Posted July 25, 2008 Posted July 25, 2008 Re: Stuck booting into Safe Mode CLI you can change the privledges even on an Admin account, the best advice is to wipe it out and start clean. have all your install media handy and format the drive and install fresh. "pford-@bcm.tmc.edu" wrote: > On Jul 24, 6:39 pm, Malke <ma...@invalid.invalid> wrote: > > pfo...@bcm.tmc.edu wrote: > > > Hello, > > > > > My son's game computer running Windows XP Home edition got some nasty > > > MalWare on it that has changed the protection of some files and > > > folders and altered privileges that prevents me or the antiMalWare > > > appls from deleting them. I had a terrible time getting safe mode to > > > come up so I could log in as the administrator. At that point, it came > > > up as a command line interface ? and that is where I am stuck. It now > > > always boots into the safe mode command line. When I get the screen to > > > come up that gives me options for booting, like safe mode, safe mode > > > CLI, last known good profile, etc., it still boots as safe mode CLI. > > > How do I fix this? > > > > > Also, it looks like some directories have been hidden from view. Is > > > there a means that I can see them? > > > > At this point you'd be best off backing up his data and doing a clean > > install of Windows. You can pull the hard drive and slave it in a working > > machine or put it in an external hard drive to get the data. > > > > http://michaelstevenstech.com/cleanxpinstall.html- Clean Install How-Tohttp://www.elephantboycomputers.com/page2.html#Reinstalling_Windows- What > > you will need on-hand > > > > Malke > > -- > > MS-MVP > > Elephant Boy Computers - Don't Panic! > > FAQ -http://www.elephantboycomputers.com/#FAQ > > Well, I got out of the Safe Mode by tracking down where msconfig.exe > was and running it from the cli. So far I turned off restore point and > disabled appls that should not be starting using Registry Mechanic. > > Now, I have another problem related to the malware. It has changed the > protection; for example, I cannot run Task Manager. I am not too Gung > Ho on backing up and restoring for a variety of reasons, with the most > important 2 being time and money. Where do I go using regedit to fix > the privileges? (I find it odd that an account with administrative > privileges can lose its privileges and XP still says it is an > administrative account.) > > Thanks in advance. > > PF > > A second problem is that what ever these malware >
Guest Malke Posted July 25, 2008 Posted July 25, 2008 Re: Stuck booting into Safe Mode CLI pford-@bcm.tmc.edu wrote: > Well, I got out of the Safe Mode by tracking down where msconfig.exe > was and running it from the cli. So far I turned off restore point and > disabled appls that should not be starting using Registry Mechanic. > > Now, I have another problem related to the malware. It has changed the > protection; for example, I cannot run Task Manager. I am not too Gung > Ho on backing up and restoring for a variety of reasons, with the most > important 2 being time and money. Where do I go using regedit to fix > the privileges? (I find it odd that an account with administrative > privileges can lose its privileges and XP still says it is an > administrative account.) I understand that you would prefer not to wipe and reinstall but in all probability you will need to. I'll give you my usual malware removal steps, including sites where you can get guided help, but my experience as a professional who does this sort of thing for a living is that you will spend less time if you bite the bullet and do a clean install now. Then spend a little money and purchase an external hard drive and imaging software like Acronis True Image so you can image your perfectly clean and working Windows installation. Then when your offspring messes it up again - almost inevitable with offspring - you can restore to a working XP in minutes. Go through these general malware removal steps systematically - http://www.elephantboycomputers.com/page2.html#Removing_Malware Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions http://tinyurl.com/yoeru3 - download link and more instructions When all else fails, get guided help. Choose one of the specialty forums listed at the first link. Register and read its posting FAQ. PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS. Standard disclaimer: I can't see and test your computer myself, so these are just suggestions based on many years of being a professional computer tech; suggestions based on what you've written. You should not take my suggestions as a definitive diagnosis. If you can't do the work yourself (and there is no shame in admitting this isn't your cup of tea), take the machine to a professional computer repair shop (not your local equivalent of BigComputerStore/GeekSquad). Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. If possible, have all your data backed up before you take the machine into a shop. Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ
Recommended Posts