Restoring Safe Mode affected by Virus

Malware disables - Windows XP - Safe Mode(F8) by corrupting the SafeBoot registry keys & registry restoring method.

Firstly
a)run Malwarebytes.
b) Delete all malwares it finds
c) Reboot
d) Repeat (a)
e) if malwares still exist it means you have to run it in safe mode which is also disabled by viruses.
f) Then follow the below steps utilizing Hiren's BootCd and run malwarebyte again in safe mode.

Steps:-
1) Download Hiren's BootCD 14 Full Tools (30/5/2011) ,[Hiren's BootCD is a completely free bootable CD that contains a load of useful tools you can make use of in a variety of situations like analyzing, recovering and fixing your computer even if the primary operating system can not be booted.] See its utilities here
2) Burn ISO image file to CD
3) Restart system to boot from CD with Hiren's BootCD inserted.
4) When Hiren's BootCD menu appears, Select Windows Mini XP and click "enter".
5) Run Avira AntiVir Personal (24-05-2011)(Right Click HBCD icon at notification area or system tray located in the bottom-right of the primary monitor to select.


Use in "Ask" mode when virus is detected. Delete with "This file only" rule so it will not delete other files deem as the same virus infection. Use "Disarm" if not sure. (Or "Rename" function )

Malicious Files to look out & delete:-

a) Windows NT/hypertrm.exe
b) System 32/dnsq.dll
c) System 32/Com/netcfg.000
d) System 32/Com/netcfg.dll
e) services.exe
f) SMSS.exe
g) LSASS.exe
h) All 51079.exe, lsass.exe.45064.exe, ~.exe. &
~.exe.152319.exe type, commonly at program start menu. (Explorer does not launch at windows startup)

6) Reboot without Hiren's BootCD
7) Restore(Double-Click) SafeBoot registry file uploaded for you as follows:-
SafeBoot-for-Windows-XP-SP3.reg
SafeBoot-for-Windows-XP-SP2.reg
SafeBoot-for-Windows-Server-2003-Standard-R2-SP2
SafeBoot-for-Windows-2000-SP4-Professional.reg file
8) Reboot and press F8 to check!!


Related Post::-
avast-cd-rom-bart
Restoring Safe Mode XP

View blog reactions