Cannot access laptop in safe mode.

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I'm having trouble getting into my son's Toshiba laptop. He came home
from Uni with his PC riddled with Trojans and worms and not able to log
on to the machine, it went through the motions, then announced it was
saving settings and then logged off. I managed to get into it in safe
mode but after the admin login the desktop remained empty. I started
task manager and fired up explorer and his desktop appeared and I then
ran his AV which found infections in explore.exe,
iexplore.exe,rundll.32.exe and userinit.exe.
The AV software (AVG 7 Pro) "healed" said infections, but on a restart
the same problems were there, only now I cannot log in safe mode, either
with Dos prompt or network support, no matter what flavour I choose it
comes up with the Welcome screen, which tries to log me in but then goes
into its "logging off and saving settings" routine
I have also tried to boot from the CD and run the recovery console but
this then asks for an admin password and as far as I know, none has been
set ( the PC was bought "up and running" from a supplier).
How can I get into this PC, so as he can get his work off it? It isn't
fitted with a floppy drive and it is no use using a USB drive as the
drivers would not be loaded even if I could get into it. It's obvious
that there is still a serious infection on this machine and probably the
only thing to do would be a reformat and reinstallation, but that would
lose him a lot of work. Backups? We're talking student here 8-)
Any help with this gratefully received.
Mike H
7 answers Last reply
More about cannot access laptop safe mode
  1. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    This takes about 15 minutes as compared to 15 hours of troubleshooting
    trojans, worms and viruses

    Boot on a floppy or into safe mode with command prompt
    delete the c:\program files
    reboot on the XP CD and reinstall XP into a NEW directory like: C:\WinXP
    Reboot and deltete the old: C:\Windows

    It takes about 15 minutes as compared to 15 hours of troubleshooting
    trojans, worms and viruses

    "Mike Hyndman" <mike@tmphyndman.demon.co.uk> wrote in message
    news:defcv0l7rrtta7r4gi9sq5pk0d7qco6a9r@4ax.com...
    > I'm having trouble getting into my son's Toshiba laptop. He came home
    > from Uni with his PC riddled with Trojans and worms and not able to log
    > on to the machine, it went through the motions, then announced it was
    > saving settings and then logged off. I managed to get into it in safe
    > mode but after the admin login the desktop remained empty. I started
    > task manager and fired up explorer and his desktop appeared and I then
    > ran his AV which found infections in explore.exe,
    > iexplore.exe,rundll.32.exe and userinit.exe.
    > The AV software (AVG 7 Pro) "healed" said infections, but on a restart
    > the same problems were there, only now I cannot log in safe mode, either
    > with Dos prompt or network support, no matter what flavour I choose it
    > comes up with the Welcome screen, which tries to log me in but then goes
    > into its "logging off and saving settings" routine
    > I have also tried to boot from the CD and run the recovery console but
    > this then asks for an admin password and as far as I know, none has been
    > set ( the PC was bought "up and running" from a supplier).
    > How can I get into this PC, so as he can get his work off it? It isn't
    > fitted with a floppy drive and it is no use using a USB drive as the
    > drivers would not be loaded even if I could get into it. It's obvious
    > that there is still a serious infection on this machine and probably the
    > only thing to do would be a reformat and reinstallation, but that would
    > lose him a lot of work. Backups? We're talking student here 8-)
    > Any help with this gratefully received.
    > Mike H
  2. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    On Tue, 25 Jan 2005 08:01:27 -0600, <Lsu Edu @ msn.com> wrote:

    >This takes about 15 minutes as compared to 15 hours of troubleshooting
    >trojans, worms and viruses
    >
    >Boot on a floppy or into safe mode with command prompt
    >delete the c:\program files
    >reboot on the XP CD and reinstall XP into a NEW directory like: C:\WinXP
    >Reboot and deltete the old: C:\Windows
    >
    >It takes about 15 minutes as compared to 15 hours of troubleshooting
    >trojans, worms and viruses

    Many thanks for your reply, but as I said earlier, as soon as I log in
    in safe mode it immediately saves settings and logs out again. This
    happens no matter what flavour of safe mode I use, command prompt,
    networking etc. I am thinking of making a Win98 "boot CD" (no floppy
    drive on this PC) and seeing if this will let me access the hard for the
    purpose of file extraction but where to is the problem.
    Again, many thanks
    Mike H
  3. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    The problem is in Restore. Anti-virus applications do not scan Restore Points.
    When you reboot all the virus are right back into your system files. You
    must deactivate Restore first before shutting down.
    Delete all Restore points and reboot. You should set your BIOS to boot on the
    CD-Rom in that you do not have floppy drive. If the entire system is that
    infected, you may need to do a complete clean install of XP.

    Accessing Motherboard BIOS
    http://michaelstevenstech.com/bios_manufacturer.htm

    Clean Installation XP
    http://www3.telus.net/dandemar/cleanxp.htm

    "Mike Hyndman" wrote:

    > On Tue, 25 Jan 2005 08:01:27 -0600, <Lsu Edu @ msn.com> wrote:
    >
    > >This takes about 15 minutes as compared to 15 hours of troubleshooting
    > >trojans, worms and viruses
    > >
    > >Boot on a floppy or into safe mode with command prompt
    > >delete the c:\program files
    > >reboot on the XP CD and reinstall XP into a NEW directory like: C:\WinXP
    > >Reboot and deltete the old: C:\Windows
    > >
    > >It takes about 15 minutes as compared to 15 hours of troubleshooting
    > >trojans, worms and viruses
    >
    > Many thanks for your reply, but as I said earlier, as soon as I log in
    > in safe mode it immediately saves settings and logs out again. This
    > happens no matter what flavour of safe mode I use, command prompt,
    > networking etc. I am thinking of making a Win98 "boot CD" (no floppy
    > drive on this PC) and seeing if this will let me access the hard for the
    > purpose of file extraction but where to is the problem.
    > Again, many thanks
    > Mike H
    >
  4. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Hi, Mike.

    Your choices, in order:

    1. Get a Windows expert to clean all the malware off the computer. This
    could take days, judging from reports I've seen from some MVPs, who make
    their livings from doing this for clients.

    2. Do it yourself - but only if you have plenty of time and a pretty good
    understanding of Windows. Start by running Ad-Aware SE Personal and
    Spybot - Search and Destroy, and all the other malware cleanup programs that
    are mentioned several times a day in these newsgroups.

    3. Boot from the WinXP CD-ROM and do a Repair Install as described by
    Microsoft in this KB article:
    How to perform an in-place upgrade (reinstallation) of Windows XP
    http://support.microsoft.com/default.aspx?scid=KB;en-us;q315341

    Or see MVP Michael Stevens' version of the same instructions:
    How to Perform a Windows XP Repair Install
    http://michaelstevenstech.com/XPrepairinstall.htm

    This will reinstall WinXP itself, but will leave your installed applications
    and data. Unfortunately, this means that much of the malware might survive,
    too. But you should be able at least to boot into WinXP and backup all the
    irreplaceable data.

    4. Boot from the WinXP CD-ROM and do a clean install, including a reformat
    of the HD. This will get rid of the bad stuff, but it will also get rid of
    the good stuff, so you will have to reinstall all applications that you want
    to keep. Even if you decide to do this, you might want to try the in-place
    upgrade first so that you can backup his "lot of work". Don't bother to
    backup WinXP, because you'll be reinstalling that from the CD. Don't bother
    to backup applications, because you'll be reinstalling those from their CDs
    or other original media so that their install processes can write the proper
    entries into your new Registry; just having their files on the HD is not
    enough to enable them to run. You'll want to download drivers, etc., from
    the Internet again so that you'll have the current versions.

    After any of these, be sure that you've installed SP2 and any later updates,
    plus a good 2-way firewall and a good antivirus.

    And for gosh sakes, especially if he is a student, teach him how - and how
    important it is - to practice "safe hex"! In fact, the best approach might
    be #2 - and make HIM do it! ;<}

    RC
    --
    R. C. White, CPA
    San Marcos, TX
    rc@corridor.net
    Microsoft Windows MVP

    "Mike Hyndman" <mike@tmphyndman.demon.co.uk> wrote in message
    news:defcv0l7rrtta7r4gi9sq5pk0d7qco6a9r@4ax.com...
    > I'm having trouble getting into my son's Toshiba laptop. He came home
    > from Uni with his PC riddled with Trojans and worms and not able to log
    > on to the machine, it went through the motions, then announced it was
    > saving settings and then logged off. I managed to get into it in safe
    > mode but after the admin login the desktop remained empty. I started
    > task manager and fired up explorer and his desktop appeared and I then
    > ran his AV which found infections in explore.exe,
    > iexplore.exe,rundll.32.exe and userinit.exe.
    > The AV software (AVG 7 Pro) "healed" said infections, but on a restart
    > the same problems were there, only now I cannot log in safe mode, either
    > with Dos prompt or network support, no matter what flavour I choose it
    > comes up with the Welcome screen, which tries to log me in but then goes
    > into its "logging off and saving settings" routine
    > I have also tried to boot from the CD and run the recovery console but
    > this then asks for an admin password and as far as I know, none has been
    > set ( the PC was bought "up and running" from a supplier).
    > How can I get into this PC, so as he can get his work off it? It isn't
    > fitted with a floppy drive and it is no use using a USB drive as the
    > drivers would not be loaded even if I could get into it. It's obvious
    > that there is still a serious infection on this machine and probably the
    > only thing to do would be a reformat and reinstallation, but that would
    > lose him a lot of work. Backups? We're talking student here 8-)
    > Any help with this gratefully received.
    > Mike H
  5. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Dear Byte
    Many thanks for your reply

    >The problem is in Restore. Anti-virus applications do not scan Restore Points.
    >When you reboot all the virus are right back into your system files. You
    >must deactivate Restore first before shutting down.
    >Delete all Restore points and reboot. You should set your BIOS to boot on the
    >CD-Rom in that you do not have floppy drive. If the entire system is that
    >infected, you may need to do a complete clean install of XP.
    this is what I ended up doing but to a different directory, this allowed
    me to get in quickly and remove his work then did a reformat and
    reinstalled from the Tosh set up discs.
    He has promised not to let it happen again, yea right!

    again many thanks.
    Mike H
  6. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Regardez RC


    >Hi, Mike.
    >
    >Your choices, in order:
    >
    >1. Get a Windows expert to clean all the malware off the computer. This
    >could take days, judging from reports I've seen from some MVPs, who make
    >their livings from doing this for clients.
    Not an option due to a state of penury (father of a student)
    >
    >2. Do it yourself - but only if you have plenty of time and a pretty good
    >understanding of Windows. Start by running Ad-Aware SE Personal and
    >Spybot - Search and Destroy, and all the other malware cleanup programs that
    >are mentioned several times a day in these newsgroups.
    Can't log into it, it logs off immediately after logging in.
    >3. Boot from the WinXP CD-ROM and do a Repair Install as described by
    >Microsoft in this KB article:
    >How to perform an in-place upgrade (reinstallation) of Windows XP
    >http://support.microsoft.com/default.aspx?scid=KB;en-us;q315341
    Tried that but I was asked for an Admin password and as far as I know
    none was set, the PC was bought up and running from a "superstore" It
    let me have three guesses at the PW and then sulked and wouldn't talk to
    me any more.
    >
    >Or see MVP Michael Stevens' version of the same instructions:
    >How to Perform a Windows XP Repair Install
    >http://michaelstevenstech.com/XPrepairinstall.htm
    >
    >This will reinstall WinXP itself, but will leave your installed applications
    >and data. Unfortunately, this means that much of the malware might survive,
    >too. But you should be able at least to boot into WinXP and backup all the
    >irreplaceable data.
    This is what I ended up doing, but I had to "borrow" (since returned) a
    dedicated XP disc as the Tosh only ships with mirror discs.

    >After any of these, be sure that you've installed SP2 and any later updates,
    >plus a good 2-way firewall and a good antivirus.
    He had SP2 installed and thought he had a decent AV but I think he has
    been frequenting some dodgy music sharing sites and downloaded something
    he hadn't bargained for. He also spends a lot of time on the well known
    virus propagation utility known as MSN.
    >And for gosh sakes, especially if he is a student, teach him how - and how
    >important it is - to practice "safe hex"! In fact, the best approach might
    >be #2 - and make HIM do it! ;<}
    safe hex eh? I like that 8-)
    He promises to be good in future ;-)
    Again many thanks
    Mike H
  7. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    On Tue, 25 Jan 2005 12:55:52 +0000, Mike Hyndman
    <mike@tmphyndman.demon.co.uk> wrote:

    Sorry to all for not getting back sooner, but after several attempts to
    get into the PC (logs off immediatley after logging off in all manners
    of safe and normal modes) I borrowed an XP disc (the Tosh PC only ships
    with "mirror" discs which compleatly "wipes" the hard drive before
    restoring the PC to its original condition)
    I installed (TEMPORARILY) the op system to a "Windoze" directory and was
    then able to log in as normal, remove all his work, docs, music!! etc.,
    to CD which I then scanned an another PC for infections, then
    reformatted the laptop and reinstalled the Toshiba disks, leaving him
    with it in the condition it was when it left the shop.
    Thanks to all
    Mike H
Ask a new question

Read More

Laptops Windows XP