Stuck booting into Safe Mode CLI

[pford-]

Hello,

My son's game computer running Windows XP Home edition got some nasty
MalWare on it that has changed the protection of some files and
folders and altered privileges that prevents me or the antiMalWare
appls from deleting them. I had a terrible time getting safe mode to
come up so I could log in as the administrator. At that point, it came
up as a command line interface – and that is where I am stuck. It now
always boots into the safe mode command line. When I get the screen to
come up that gives me options for booting, like safe mode, safe mode
CLI, last known good profile, etc., it still boots as safe mode CLI.
How do I fix this?

Also, it looks like some directories have been hidden from view. Is
there a means that I can see them?


Regards


**[email protected]**

 

[Malke]

Hello,

My son's game computer running Windows XP Home edition got some nasty
MalWare on it that has changed the protection of some files and
folders and altered privileges that prevents me or the antiMalWare
appls from deleting them. I had a terrible time getting safe mode to
come up so I could log in as the administrator. At that point, it came
up as a command line interface ? and that is where I am stuck. It now
always boots into the safe mode command line. When I get the screen to
come up that gives me options for booting, like safe mode, safe mode
CLI, last known good profile, etc., it still boots as safe mode CLI.
How do I fix this?

Also, it looks like some directories have been hidden from view. Is
there a means that I can see them?

At this point you'd be best off backing up his data and doing a clean
install of Windows. You can pull the hard drive and slave it in a working
machine or put it in an external hard drive to get the data.

http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To
http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows - What
you will need on-hand

Malke

 

[pford-]

At this point you'd be best off backing up his data and doing a clean
install of Windows. You can pull the hard drive and slave it in a working
machine or put it in an external hard drive to get the data.

http://michaelstevenstech.com/cleanxpinstall.html- Clean Install How-Tohttp://www.elephantboycomputers.com/page2.html#Reinstalling_Windows- What
you will need on-hand

Malke

Well, I got out of the Safe Mode by tracking down where msconfig.exe
was and running it from the cli. So far I turned off restore point and
disabled appls that should not be starting using Registry Mechanic.

Now, I have another problem related to the malware. It has changed the
protection; for example, I cannot run Task Manager. I am not too Gung
Ho on backing up and restoring for a variety of reasons, with the most
important 2 being time and money. Where do I go using regedit to fix
the privileges? (I find it odd that an account with administrative
privileges can lose its privileges and XP still says it is an
administrative account.)

Thanks in advance.

PF

A second problem is that what ever these malware

 

[sgopus]

you can change the privledges even on an Admin account, the best advice is to
wipe it out and start clean. have all your install media handy and format the
drive and install fresh.

 

[Malke]

Well, I got out of the Safe Mode by tracking down where msconfig.exe
was and running it from the cli. So far I turned off restore point and
disabled appls that should not be starting using Registry Mechanic.

Now, I have another problem related to the malware. It has changed the
protection; for example, I cannot run Task Manager. I am not too Gung
Ho on backing up and restoring for a variety of reasons, with the most
important 2 being time and money. Where do I go using regedit to fix
the privileges? (I find it odd that an account with administrative
privileges can lose its privileges and XP still says it is an
administrative account.)

I understand that you would prefer not to wipe and reinstall but in all
probability you will need to.

I'll give you my usual malware removal steps, including sites where you can
get guided help, but my experience as a professional who does this sort of
thing for a living is that you will spend less time if you bite the bullet
and do a clean install now. Then spend a little money and purchase an
external hard drive and imaging software like Acronis True Image so you can
image your perfectly clean and working Windows installation. Then when your
offspring messes it up again - almost inevitable with offspring - you can
restore to a working XP in minutes.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
POST LOGS IN THE MS NEWSGROUPS.

Standard disclaimer: I can't see and test your computer myself, so these are
just suggestions based on many years of being a professional computer tech;
suggestions based on what you've written. You should not take my
suggestions as a definitive diagnosis. If you can't do the work yourself
(and there is no shame in admitting this isn't your cup of tea), take the
machine to a professional computer repair shop (not your local equivalent
of BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may be
so infested that Windows will need to be clean-installed. If possible, have
all your data backed up before you take the machine into a shop.

Malke