Questions

WPA + MSconfig safe mode boot problems

+
0 Votes
Locked

WPA + MSconfig safe mode boot problems

MFabel
I have a catch 22-like problem I can't seem to find my way around. Because my computer was infected by a trojan in ndis.sys I needed to reboot via msconfig into safe mode to run AntiMalware to try to get the infection out of the system.

During my efforts to clean the system I had several messages popping up, some most likely from the infection (eg "khvcol.exe failed to launch"), and two apparently legitimate messages, but likely in hindsight resulting from the Trojan infecting ndis.sys. These were 1. "The driver for the ethernet card is missing, choose how to install a driver" and 2. "The computers configuration has changed significantly so you must reactivate windows within 3 days".

Since I didn't have a working ethernet connection I couldn't reactivate and I wasn't able to sort the ethernet controller - nor the infection - before the 3 days time limit was up. So now that I've finally, thanks to AVG Rescue CD, seem to have managed to get the infection cleaned up I'm stuck in, as I stated earlier, a catch 22-like problem.

To activate Windows I need to log into normal mode. Because msconfig is directing XP to boot into safe mode I have not been able to go back to normal mode to turn off safeboot and activate Windows. And Windows doesn't allow me to log in to safe mode without activating Windows. Every time I boot I keep going to safe mode.

Hitting F8 and manually selecting "boot normally" doesn't work, it still boots into safe mode. Which means I cant access msconfig and I can?t activate Windows.

How can I get the PC to boot back into normal mode when msconfig is telling my PC to boot into safe mode? Is there another way? Maybe some way from using the XP CD and booting into R-mode from the disc? Or, is there another way to activate Windows, without having to log in to normal mode?

PS: I've got a complete backup of all my files which I took as soon as I got suspicious that my system was infected, so theoretically I could just reformat and do a clean install. But that takes quite a lot of time, and I'd rather not, if possible. DS
  • +
    0 Votes
    Charvell

    manually booting (F8) to safe mode with networking and activating windows that way?

    +
    0 Votes
    Ron K.

    Windows Activation Windows give you a toll free number to call. Five minutes? Finished. <br>
    Regardless of all of that if you have your data backed up, if it was me, I'd perform a clean installation. No one seems to listen to me anymore so do whatever. A clean installation, protected properly from the beginning is the way to go.<br>
    I wouldn't even waste time trying to boot normally. Reload and go. Activate it. It seems that Activate Windows is in Start |Accessories| System Tools and Activate Windows. Why bother now activating now if you're planning to start fresh?
    <br>
    You might take a good long look at what you're doing for security too.

    +
    0 Votes
    OH Smeg

    I wouldn't even have tried cleaning the system, I would have just backed up the Data and then attacked the HDD with something like Boot & Nuke to kill anything on the HDD.

    Remember that even with a Format some infections can survive and come back to reinfect the newly installed OS. This is because a Full Format using the M$ Formating tool only writes to every third sector of the HDD leaving 2/3 of the drive untouched to. Wiping Utilities like Boot & Nuke of Kill Disc write zero's to every sector of the drive destroying anything that is on it.

    Downside is that it takes time to wipe a HDD but it's the only way to make sure that you have killed off the infection. If it made such drastic changes to the OS to require reactivation I know that you'll find it's far more than just the Network Driver missing here and even if you get it activated after you get the rest of the Hardware Drivers installed you'll be hit with another activation. And there are no guarantees that it's going to work anyway so it's not unexpected that after spending so much time you'll still have to reinstall but now you will be unable to Activate on Line and your Product Key will be Black Listed.

    Boot & Nuke is available free here

    http://www.dban.org/

    Kill Disc is available free here

    http://www.killdisk.com/downloadfree.htm

    Boot & nuke does a much better job at destroying everything on the HDD but it's not the easiest thing to use with some M'Boards and SATA HDD.

    Col

  • +
    0 Votes
    Charvell

    manually booting (F8) to safe mode with networking and activating windows that way?

    +
    0 Votes
    Ron K.

    Windows Activation Windows give you a toll free number to call. Five minutes? Finished. <br>
    Regardless of all of that if you have your data backed up, if it was me, I'd perform a clean installation. No one seems to listen to me anymore so do whatever. A clean installation, protected properly from the beginning is the way to go.<br>
    I wouldn't even waste time trying to boot normally. Reload and go. Activate it. It seems that Activate Windows is in Start |Accessories| System Tools and Activate Windows. Why bother now activating now if you're planning to start fresh?
    <br>
    You might take a good long look at what you're doing for security too.

    +
    0 Votes
    OH Smeg

    I wouldn't even have tried cleaning the system, I would have just backed up the Data and then attacked the HDD with something like Boot & Nuke to kill anything on the HDD.

    Remember that even with a Format some infections can survive and come back to reinfect the newly installed OS. This is because a Full Format using the M$ Formating tool only writes to every third sector of the HDD leaving 2/3 of the drive untouched to. Wiping Utilities like Boot & Nuke of Kill Disc write zero's to every sector of the drive destroying anything that is on it.

    Downside is that it takes time to wipe a HDD but it's the only way to make sure that you have killed off the infection. If it made such drastic changes to the OS to require reactivation I know that you'll find it's far more than just the Network Driver missing here and even if you get it activated after you get the rest of the Hardware Drivers installed you'll be hit with another activation. And there are no guarantees that it's going to work anyway so it's not unexpected that after spending so much time you'll still have to reinstall but now you will be unable to Activate on Line and your Product Key will be Black Listed.

    Boot & Nuke is available free here

    http://www.dban.org/

    Kill Disc is available free here

    http://www.killdisk.com/downloadfree.htm

    Boot & nuke does a much better job at destroying everything on the HDD but it's not the easiest thing to use with some M'Boards and SATA HDD.

    Col