0

I cannot boot into my Windows version due to a virus, I was able to boot into another partitioned copy of Windows and access msconfig, which I then selected the virus ridden partitioned and checked "safeboot minimal" but DID NOT select "make change permanant". However now when I boot up it always boots to the Windows 8 partition with the virus, and doesn't even give me the option of selelcted a different partition (boot manager).
So I stuck in a Windows 7 installation disk and hit, Repair you computer, selected the virus'ed parition and opened up command prompt.
I tried:

bcdedit {default} /deletevalue safeboot

but no avail, and I'm not sure why.

full output of bcdedit is below.
F:/ is the virus ridden im trying to remove safeboot from.

identifier        {bootmgr}
device            partition=C:
inherit           {globasettings}
desc              windows boot manager
bit and pieces irelevant


identifier        {default}
device            partition=F:
path              \Windows\system32\winload.exe
desc              windows 8
inherit           {bootloadersettings}
recoveryenabled   yes
osdevice          partition=F:
systemroot        \Windoiws
safeboot          Minimal
safebootalternatshell    No

so {default} safeboot is registered and bcdedit is found and runs ok.
what would be the command to remove the safeboot value as the above didnt work?

Cheers

2
Contributors
1
Reply
12
Views
4 Years
Discussion Span
Last Post by rubberman
0

It sounds like this virus has also infected the boot loader. You will need to reinstall a clean MBR to this system drive. You can do that with EasyBCD (a bootable CD/DVD drive). Look here for more details: http://www.linuxbsdos.com/2012/03/10/restore-the-windows-bootloader-to-mbr-after-dual-booting-with-linux/

Once you restore the Windows MBR (Master Boot Record - or boot loader), you should be able to boot into the recovery partition. One word of warning however; I have seen some of these viruses also infect the recovery partition, so it will happily reinfect your system if you run it... :-(

When a client of mine gets this badly munged, then I take the drive out of the system, and scan it with about 3 different professional grade A/V/Malware scanners running on a Security Enhanced enterprise class Linux system and manually clean up the broken parts of the Windows system, restoring broken system files, dlls, etc. from a known-good Windows image. I also backup their user files in case we decide that a clean system re-installation is called for. I suspect that may be the case in your situation.

If that is the case, and we decide to reinstall from scratch, then we first do a complete wipe of the system disc, and reinstall from a Windows DVD. Sometimes we have to order the disc from the system manufacturer, or we install from a commercial DVD and download drivers from the system manufacturer after it is back running. The last thing we do is reinstall their user files from the backup.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.