Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

W2K won't give safe mode option


  • Please log in to reply

#1
ibroussard

ibroussard

    Member

  • Member
  • PipPip
  • 12 posts
I'm running W2K Server SP2. Yesterday, I picked up s browser hijacker, most likely a coolwebsearch hijacker (SMSSU.EXE, tmntsrv32.exe, etc.). I plan on trying many of the techniques listed in the malware forum to get rid of it. However, almost all of them require me to reboot and get into safe mode at some point. I just realized that I can't get into safe mode for some reason.

I never see the black and white startup screen with the "bars" at the bottom saying windows is starting up. I know what it looks like because it shows up on my laptops running W2K Pro. I start tapping F8 immediately after the "configuration" screen (using the current configuration), but it never recognizes it. I've also tried holding down F8, but it doesn't go into safe mode that way either.

I don't know if it matters, but the machine is set up for "auto logon" so it can be restarted without supplying a user ID and password.

Any ideas why I can't get into safe mode? The machine runs okay except that my homepage is hijacked by a webcruiser site. Also, the machine is now running out of virtual memory after being idle for a while. I think that is caused by SMSSU.EXE or tmntsrv32.exe because if I kill the process, the virtual memory used goes down quite a bit, then starts building again when they restart themselves. I guess I will worry about the virtual memory problem if it continues after I remove the hijacker.

Thanks,
Ira
  • 0

Advertisements


#2
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Hello and welcome to Geeks to Go! :tazz: I'm kool808 .

* Close all open programs.
* Click Start, Run and type MSCONFIG in the box and click OK
* The System Configuration Utility appears, On the BOOT.INI tab, Check the "/SAFEBOOT" option, and then click OK and Restart your computer when prompted.
* The computer restarts in Safe mode.
* Perform the troubleshooting steps for which you are using Safe Mode.
When you are finished with troubleshooting in Safe mode, open MSCONFIG again, on the BOOT.INI tab, uncheck "/SAFEBOOT" and click OK to restart your computer

If this wont work read this: http://www.pchell.co.../safemode.shtml

===============================

Please read THIS first before posting.

We'll need you to use a free diagnostic tool HiJackThis, read the short tutorial HERE

Post a log as a new topic in the Malware Removal Forum. It will get a better response there from the people most qualified to analyze logs.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
ibroussard

ibroussard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks for the suggestions. I tried running MSCONFIG, but it isn't on the infected PC. I searched all drives and couldn't find it. I came across the "SAFEBOOT" option for the boot.ini file, so I created another startup option and added /SAFEBOOT:MINIMAL to it. When I selected that, it came up in safe mode. However, I still don't know why F8 won't work during "normal" startup.

After all the hardware "stuff" messages, my boot process is as follows...

1. Black and white screen with "OS Loader V4.00" at the top for about three seconds.

2. B&W screen showing the boot.ini selections. I select the "normal" entry, which results in a quick message at the bottom of this screen saying "Ntdetect V4.0 checking hardware..."

3. After a few seconds, the screen from (2) is replaced with a B&W screen with only the phrase "OS Loader V4.00..." at the top. This screen lasts a few seconds.

4. Next screen is a B&W screen with the "Press spacebar now to..." message at the top. It lasts a few seconds, then goes away.

5. Next screen is a B&W screen entitled "Hardware/Profile configuration recovery menu". It gives me time to choose a hardware configuration. I choose the default one.

6. Next screen is a B&W screen with no text, just increasing "....." for a few seconds.

7. Next screen is a color screen with the Windows 2000 Server logo and small startup progress bar, stating it is starting.

Note that I never see the B&W screen with the startup bar that goes almost all the way across the bottom of the screen and says "Press F8..."

Thanks,
Ira
  • 0

#4
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
Ira,

refresh my memory as I do not have a win2k machine in front of me at the moment....

is there a file called c:\msdos.sys?

Open it in notepad....what is in there?
  • 0

#5
ibroussard

ibroussard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
gerryf,

I did a file search on msdos.sys on all drives and came up empty.

Regards,
Ira
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP