|
|
|
|
|
Posted by cquirke (MVP Windows shell/use on June 25, 2007, 10:25 am
If you were Registered and logged in, you could reply and use other advanced thread options
On Sun, 24 Jun 2007 23:53:53 -0700, Lady Dungeness
>I don't have this problem -- yet -- but I'm setting up a new system
>and would like to know HOW to uncheck "Automatically Restart on
>Errors." Never thought about it before -- but you guys have me
>convinced!
Start, Settings, Control Panel, System icon
- Advanced tab, Startup and Recovery section
- [_] Automatically restart, OK
:-)
>--------------- ----- ---- --- -- - - -
Error Messages Are Your Friends
>--------------- ----- ---- --- -- - - -
|
|
Posted by vin on June 25, 2007, 11:48 am
If you were Registered and logged in, you could reply and use other advanced thread options
> >--------------- ----- ---- --- -- - - -
> Error Messages Are Your Friends
> >--------------- ----- ---- --- -- - - -
problem is, like friends, you have to know how to read em', lest you
get mixed signals.
|
|
Posted by Alex Krawarik [MSFT] on July 3, 2007, 1:57 pm
If you were Registered and logged in, you could reply and use other advanced thread options
you'd like to save first, non-executable files like pics or QIF files or
something, burn a CD/DVD with that data before you wipe.
> Apologies for the dual post -- wrong group earlier:
>
> i've managed to cause more throuble than I solved -- attempting to
> repair a friends PC that was LOADED with virus/trojans, but it would
> not let me boot into safe mode (it *would* boot normally however, but
> when trying safe mode it blue screens and recycles). Trouble is I
> thought I could get around it by setting /safemode in
> msconfig -- bad idea as now I can't boot normally and safe mode has
> the same issues, so I'm in an endless boot to safe/blue screen loop --
> does anyone have any suggestions how to disable safe mode boot if it
> was configured in msconfig?? Thanks
>
|
|
Posted by cquirke (MVP Windows shell/use on July 7, 2007, 4:31 am
If you were Registered and logged in, you could reply and use other advanced thread options
>Your safest option is, of course, to wipe the box.
See http://cquirke.mvps.org/reinst.htm
Checklist:
1) Is hardware good?
- visual check for bad capacitors, clogged fans, loose metal
- MemTest86 RAM test, preferably 24 hours
- eject boot CDRduring test, spot spontaneous reboots
- HD physical test; HD Tune (www.hdtune.com) or vendor's diags
2) Do you have all the materials you need?
- ability to boot off reguired non-HD drives
- all installation disks must work, and be malware-clean
- OS installation disk and product key
- if HD > 137G, must be XP SP1 or later, else partition < 137G
- product key must match \i386 file set (e.g. Pro, OEM/DSP)
- if XP or later, OS license must not be in use elsewhere
- driver disks that match the hardware, esp. if needed to boot
- application disks, along with product keys etc.
- ISP and other login passwords that were "remembered" by PC
- any DRM licenseware fluff
- any data encryption keys that may be bound to old hardware
- if older than XP, need add-on firewall (esp. if Win2000)
- if older than XP SP2, "crucial" patches for RPC, LSASS ay least
3) Can you prepare an "undo" and do you have resources for this?
- strongly recommended, e.g. BING to a spare HD
4) Have you backed up your data, will it restore, is it clean?
- beware default MS practice of dropping downloads into data set
- beware infectable "data", e.g. MS Office macros, HTML, exploits
- beware malware hidden in mailboxes
- be aware of data vs. program version issues
5) Is the PC isolated from all malware?
- data hygiene as per (4)
- clean installation disks vs. recent code downloads or USB flash
- all neworking disconnected, including all wireless
6) Post-installation checks
- ensure firewall is working, enable other defenses
- go online and get av updates, then patches
- scan all "data" before restoring it
- ideally, import email into app that does not hide malware
- e.g. Eudora, which creates incoming attachments as files
- then you can scan all these revealed attachments
- after that, can import back into malware-hiding email app
- activate OS if required, only when all is OK
If you have (1) to (6) waxed, then sure you can "just" wipe and
rebuild, and chances of re-infection should be no worse than they were
the last time the PC was infected. User education may be needed.
>If they have some data you'd like to save first, non-executable files
>like pics or QIF files or something, burn a CD/DVD with that data
>before you wipe.
Part of what needs "education" is the OS, i.e. defaults that need to
be changed. For example, what is a "non-executable file" when seen
through a shell that allows executable files to set non-executable
icons for themselves?
So you need to train the OS to show file name extensions and hidden
files, and the user to understand these.
>> i've managed to cause more throuble than I solved -- attempting to
>> repair a friends PC that was LOADED with virus/trojans, but it would
>> not let me boot into safe mode
See:
http://cquirke.blogspot.com/2006/07/repairing-safe-mode-safeboot.html
Executive summary: Safe mode isn't.
Unlike booting Win9x to DOS mode that can't execute Win32PE code, or
Win9x Safe Mode that suppresses at least most integrations, XP's "safe
mode" is at best only relatively malware-safe:
- generic intra-file code infectors
- screen saver, drivers, file associations are still in effect
- Safe Mode depends on malware-editable settings (hence link)
Common advice in these newsgroups is to use Safe Mode Command Only to
clean resident malware. When I raised the flaws in this approach with
MS, the response was: "Safe Mode was not intended as a malware
management platform" - begging the question; what does MS provide that
IS intended as a malware management platform?
I'm using Bart CDR for such purposes, as well as data recovery and
other "from orbit" troubleshooting. As an end user, I'd not expect
familiarity with Bart, but for those who do fixing of Windows systems,
it's invaluable. I find it hard to take techs who "treat" infected
PCs seriously, if they aren't using Bart or something similar.
Google( Bart PE ); settle down for a lot of study.
>> (it *would* boot normally however, but when trying safe mode
>> it blue screens and recycles).
It's common malware practice to anticipate the use of Safe Mode, and
either "own" it, or disable it. See the link I waved last.
>> Trouble is I thought I could get around it by setting /safemode in
>> msconfig -- bad idea as now I can't boot normally and safe mode has
>> the same issues, so I'm in an endless boot to safe/blue screen loop --
Thank MS's default to "Automatically restart on system errors" for
that (and kill that setting; I .REG it from Bart boot).
Question to any MSFT readers out there: What is the point in
auto-rebooting a PC during the boot phase before any remote or local
interaction is possible? In this context at least, why not let it
stop on a BSoD screen? All you're doing is shredding the file system.
Safe Mode Command Only is safer than Safe Mode because it doesn't
invoke Explorer, and thus all the stuff that could be integrated into
it (as well as IE integrations). But the alternate shell it uses, is
not hardwired; it's an editable registry setting.
So malware routinely redefine Safe Boot, Alternate Shell to either run
themselves as shell, or to invalidate the shell (which will then look
like normal Safe Mode boot with Explorer as shell).
>> does anyone have any suggestions how to disable safe mode boot if it
>> was configured in msconfig??
You'd need to edit C:\Boot.ini from outside the OS. Trivial, if you
have Bart to hand. Challenging otherwise. Join the dots.
>------------ ----- --- -- - - - -
Drugs are usually safe. Inject? (Y/n)
>------------ ----- --- -- - - - -
|
| Similar Threads | Posted | | AVG anti-rootkit - normal or safe Mode ? | October 20, 2007, 8:18 am |
| Can't boot to safe mode | June 3, 2007, 5:33 pm |
| cant boot into safe mode have antivirus xp 2008 | November 17, 2008, 1:20 pm |
| Safe Mode with Networking | September 12, 2007, 7:00 pm |
| Installing Anti-Virus Software in Safe Mode | May 11, 2007, 4:04 pm |
| Re: Is this a software intrusion or a normal circumstance | January 3, 2006, 11:41 am |
| Is the PXE a new kind of virus spyware or is it normal? | May 30, 2006, 12:43 pm |
| Windows Anti-Spyware - suppress normal messages? | July 13, 2005, 11:33 am |
| Officescan in disconnected mode | December 26, 2007, 9:14 am |
| Win XP Folders always open in Search Mode | May 22, 2006, 12:50 am |
|
|
|
XML site map