Solved ComboFix - cannot delete cmdcons afterwards

[Gammers]

Hello All,

I'm a little lost for where to put this message and sure hoping one of your techies will help me resolve this mystery. Basically, I'm trying to figure out how to delete the cmdcons folder on C drive after its installation during the course of using ComboFix.

In short, I used ComboFix, then uninstalled it as prescribed (combofix /u). I then found the cmdcons folder (recovery console) on my C drive. I tried to delete the folder, could not. Followed the MS instructions and could not (MS Article ID: 555032). Even booted into my dual boot on drive G and tried to delete the cmdcons folder on drive C, could not. I tried to format drive C from my G boot, could not do so because of that folder. I "think" I even tried to format the C drive after having booted with a Partition Magic CD, could not.

I even deleted all partitions on the hard drive, rebuilt a 10gb primary, did fixmbr (at some point along the way), installed a minimal WinXP and then went through the pace with ComboFix again -- trying to delete the cmdcons folder afterwards. I could not.

I've tried everything in my knowledge to figure out why that cmdcons folder is sticking there after its install via ComboFix and I can't. As long as I can't, I'm very nervous about running ComboFix again simply because I am stubborn and don't want anything on the machine I can't remove.

So, I'm wondering if there are any techies in here that have a test box they might use. Might they install ComboFix, then uninstall it with combofix /u, and then see if they can delete the cmdcons folder as prescribed by MS -- if not, can they figure out what is holding it there and how to get it off the machine?

Thanks in advance for anyone who can help me solve this mystery -- it is driving me berzerk.

Gammers
The old ladies BP is a'rising

 

[Gammers]

Resolved found the fix

Greetings all,

I found the solution to the problem... Prefacing the giving of it...

1. I have a dual boot system and, although I can get banged up, I have quite a few means for restoring my system, not everyone does. So, for those who do not have so many options, please think twice before removing the Recovery Console.

2. I don't think this should have become an issue -- I'm not sure why the RC's cmdcons folder cannot be removed, as it should be able to, after ComboFix installs the RC. ComboFix is a WONDERFUL tool, I appreciate it very much, but I think this may be a bug i.e. the matter of not being able to delete the cmdcons folder per MS instructions and after ComboFix has installed it.

The following is from a post I made elsewhere after finding the fix.

Howdy All,

Drum rollllllll... Sphew! I found the solution to deleting the Recovery Console's cmdcons folder after ComboFix has installed the RC.

To reiterate (so that this is in one message if someone is ever looking for the solution)...

Problem:
1. I downloaded ComboFix from [a reputable site]
2. I ran ComboFix and permitted it to install the Recovery Console (RC) when it asked to do so
3. After running ComboFix, I then did as directed, I uninstalled ComboFix with Start\Run and combofix /u
4. I noticed that there was now a cmdcons folder on my C drive. I learned that this was the RC (obviously installed by ComboFix, as I had permitted that). I tried to delete the cmdcons folder and could not. I followed the instructions at MS (see below link) and still could not delete the cmdcons folder.

Microsoft KB articles #307654 and #555032

Now then... I have subsequently learned that IF "I" install the RC myself, using the instructions here:

Microsoft.com KB article #307654

I have no problem deleting the cmdcons folder per MS instructs.

SO the PROBLEM of not being able to delete the cmdcons folder only occurs after ComboFix installs the RC (at least todays version of ComboFix, subsequent versions might then have this problem fixed).

Mind you the above WAS a problem -- I repeatedly tested it, repeatedly could not delete the cmdcons folder UNTIL...

THE FIX:
The problem is due to an ownership/permission thing!

Ha! I would NOT recommend that anyone delete the RC before they make sure they have a nice running system after ComboFix has cleaned it up.

1st fix (and I am joking on this one):
Delete the partition holding the cmdcons folder.
NO NO NO, DON'T DO THAT, I am just joking, but that was my 1st fix when I was in a hurry and could NOT figure out the problem and an easier solution!

REAL FIX:
After ComboFix has run and you have tested to make sure that you are nice and safe in rebooting and running your machine (you might make doubly/triply sure -- and even wait a while if you don't have a nice backup situation like I do)... AFTER you are positive that you want to remove the RC's cmdcons folder...

Log on as local administrator.

First follow these MS instructions:
1. Restart your computer, click Start, click My Computer, and then double-click the hard disk where you installed the Recovery Console.
2. On the Tools menu, click Folder Options, and then click the View tab.
3. Click Show hidden files and folders, click to clear the Hide protected operating system files check box, and then click OK.

Now then... Here is what I did to resolve my problem...

A. Click upon the "cmdcons" folder to select it, then right click upon it and select "Sharing and Security" (in other words, make SURE that you are on the cmdcons folder and not some other one)
B. Click the "Security" tab, click the "Advanced" button
C. On the "Permissions" tab notice who has "Special" permissions on this folder (you will see this is in the "Permission entries" -- the "Permission" column.)

PROCEED AT YOUR OWN RISK
You, as user, should probably be an Administrator, having Administrator permissions to continue.

D. In my "Permission" section the user "Everyone" was noted as having "Special" permission. As a note, after having installed ComboFix when my network machines were up and running at the same time, a user named "S-1-5-21..." had "Special" permission. In addition, I (as user) had "Special" permission.

I clicked upon the user (not me as user) who had "Special" permission (aside from me). In one case that was "Everyone," in the other case that was the user "S-1-5-21..." After clicking upon the user that had "Special" permission, I clicked the "Remove" button, then the "Apply" button, and then "OK," and "OK" to get out of the Security settings.

Now then, go back to following the MS instructions again:

4. At the root folder, delete the Cmdcons folder and the Cmldr file.

[NOTE: you should be able to delete these now. If you cannot, explore your "Special" permissions thing again to see if there is another user with "Special" permissions that you should remove OR see if YOU must have "ownership" of the folder.

[CAUTION!!! Be sure NOT to delete your "ntldr" by mistake like I did one time or you will rue the day you wanted to part with the RC]

5. At the root folder, right-click the Boot.ini file, and then click Properties.

6. Click to clear the Read-only check box, and then click OK.

Warning: Modifying the Boot.ini file incorrectly may prevent your computer from restarting. Make sure that you delete only the entry for the Recovery Console. Also, change the attribute for the Boot.ini file back to a read-only state after you finish this procedure. Open the Boot.ini file in Microsoft Windows Notepad, and remove the entry for the Recovery Console. It looks similar to this:

C:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons

7. Save the file and close it.

Voila! SOLVED! You should have been able to successfully delete the cmdcons folder. If not, I suspect that the program that installed it did something funny to the permissions.

Gammers

 

[Tmagic650]

"Running the program unsupervised can lead to your computer rendered forever unbootable , it is that powerful a tool , which is why it MUST be run only under strictly supervised conditions"...

Combofix is a powerful tool, but as stated above, it can damage a working computer

 

[Gammers]

Hello Tmagic,

ComboFix is a WONDERFUL tool -- no doubt about it. I was glad to get a bit of experience using it. Of course, I wasn't aware that the recovery console would be installed, but that's a good thing considering the possibilities.

I just wasn't expecting the deal with the undeletable cmdcons folder. Mystery resolved.

In the process of all of this, I learned far more about the recovery console, blowing up partitions on dual boot drives, the ComboFix tool etc.

Gammers

 

[danjoxx]

I have the same problem....e.g can't delete cmdcons folder from the c/drive. access denied. Have followed all the steps above as far as,

Now then... Here is what I did to resolve my problem...

A. Click upon the "cmdcons" folder to select it, then right click upon it and select "Sharing and Security"

The only tabs I get then are, General, Sharing and Customise, there is no Security tab or Advance tab. (OS WinXP sp3)

From Help & Support:

To set, view, change, or remove file and folder permissions
Open Windows Explorer, and then locate the file or folder for which you want to set permissions.
Right-click the file or folder, click Properties, and then click the Security tab.

Greaaat BUT, there is no "Security Tab" to be found (not even dimmed out) on my folders Properties or any other folder tab.


Any idea's folks!

 

[Route44]

I had the same issue just three days ago. I don't know if this will work for you but my firewall was actually the culprit in this case blocking me from going forward.

 

[danjoxx]

Pheew I just solved it. Thanks to Help n Support.... but thanks for your reply.
Control Panel>Folder Options>View>Deselect 'simple file sharing'

I need a drink

 

[danjoxx]

The cmdcons folder is write protected and even removing this, still can't delete the folder, and write protect re-appears again. Here is a pic of the advance tab > Permissions.....

I am the only one that uses this computer and you can see I'm there as Administrator/Kevin.

Is it safe for me to remove everything except Administrator/Kevin?
and what about CREATOR OWNER, which I presume is Microsoft and their Recovery Console, It's probably their ownership that is causing the problem.

Thanks.

 

[Bobbye]

Giving another person your fix is never recommended.

Telling someone to use Combofix when there are directions specifically not to use it unless your helper specifically instructed you to is not recommended.

This forum is for Virus and Malware Removal. Each thread is for the individual who begins it. Anyinstructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please start a new thread and follow the preliminary cleaning steps HERE. Attach the logs.

Giving "instructions" which are followed by "ha ha I'm joking" is hardly a laughing matter.

This thread is closed.