TechSpot

Windows XP SP2 Boot To SafeMode disabled by a rootkit

By spaceboyjeffy
Jan 1, 2008
  1. First of all, Happy New Year to everyone: Problem: My system was recently attacked by a rootkit with utilized the smss.exe v5.1.2600.2180 file in Windows/System32 directory. Using Kaspersky Internet Security 7.0 recovery disk & an online version of F-Secure online Rootkit Scanner, I was able to remove the rootkit, etc. -- my system is now clean & back to normal except for one problem. The rootkit edited the registry so that I can no longer boot the computer in safe mode -- it attempts to boot in safe mode, but then spontaneously reboots the computer. As you know, this is a tactic used by some rootkits to keep from removing them while in safe mode -- had I not had a KIS rescue disk to boot from, I would not have been able to remove the rootkit. As you also know, simply using msconfig.exe to check the /SAFEBOOT box will send the computer into an endless loop of reboots. None of the safemode options are functional at this time. Therefore, are there any settings in the XP registry or elsewhere anyone can guide me to to check or correct so as to be able to boot into safe mode again? I'm sure this problem/question has arisen before, but I cannot find any information regarding a solution. Thanks in advance for everyone's expertise and timely response.
    Regards...SpaceboyJeffy
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Hi spaceboyjeffy and welcome to TechSpot

    You may need to do a Windows Repair on your system
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...