Cannot Delete Recovery Console

My system is Windows XP Home, Sp 3.  As a result of running Combofix, the Microsoft Windows Recovery Console was installed.  I want to remove it and have followed two different sets of Microsoft-originated instructions to no avail.  Hidden files and folders are shown and protected operating system files are not hidden.

The removal process completes OK, except I cannot delete the \Cmdcons folder.  No matter what I do to the properties of this folder, I still get a message that says it cannot be removed.  Access is denied because of of the 1394BUS.SYS file.

When the computer boots, I still get the screen which offers the choice between the MWRC and Windows and the boot continues to Windows.

How can I complete the removal?
 

Question Info


Last updated March 30, 2018 Views 451 Applies to:
Apparently, ComboFix sets some special permissions when it installs the Recovery Console.

See the directions here:  http://www.techspot.com/vb/topic135243.html

Because you have Windows XP Home, you won't be able to see the Security tab described in the procedure unless you boot into Safe Mode or use the alternative described here --> http://www.dougknox.com/xp/tips/xp_security_tab.htm

Don't forget to -- carefully -- edit the boot.ini file, because that's what causes the menu to pop up offering the choice between Windows and the Recovery Console.
-----
LemP
Volunteer Moderator
MS MVP (Windows Desktop Experience) 2006-2009
Microsoft Community Contributor (MCC) 2011-2012

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I logged into Safe Mode and looked at the security tab for cmdcons.  I am the owner and administrator and there are no others.  Cmdcons seems to be permanently hidden.  All the rest of the steps to eliminate the recovery console have been taken successfully.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

The file attributes Hidden, System and Read-only are set on the \cmdcons directory.  Unchecking the read-only check box will not clear all these.  You must use \windows\system32\attrib.exe to remove these settings.  As \windows\system32 is usually in the %PATH% environmental variable, they can be easily changed from a CMD prompt or simply using the run command: attrib c:\cmdcons -r -s -h

None of the other directories HRS attributes are set within \cmdcons (i.e. \cmdcons\system32, \cmdcons\dudrvs or \cmdcons\dudrvs\4541876).  However, lots of files are set read-only (178 to be precise).  One would have to use del /f to delete these.

The safest way to remove the command console startup line from boot.ini is to use the System control panel.  Open the the System control panel (start-pause/break), select the Advanced tab, and click the Settings button in the Startup and Recovery pane.  This will open the Startup and Recovery window.  In the System startup pane, click the Edit button.  This will open the boot.ini file in Notepad.  Remove the line:

  C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

Use the file menu to SAVE and then EXIT (or CTRL-S and then ALT-F,X).

Alternatively, as CMDCONS only uses about  twelve megabytes of storage, one could just leave it there and set the Time to display list of operating systems: time to zero in the  System startup pane of the Startup and Recovery window.  That way, it could be used in an emergency.  The Operating Systems list can always be reached from the F8 boot menu.  (I have the Microsoft Windows Recovery Console installed on all my Windows XP systems.)

BTW, the command:

  cacls c:\cmdcons

will show the security setting on \cmdcons.  (If you're the owner or have full access, it can change them, too.)

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Thanks for the suggestions.

The boot.ini and other changes were made successfully.  Only the cmdcons folder remains.  The alternate OS that flashes on bootup isn’t operable at this point (“do not select this /debug”), and I really don’t want it to be.

I like the idea of your alternate of just keeping the folder but “putting it out of the way”.  It avoids a lot of risky stuff for me.

I went to System Properties-Advanced-Settings-System Startup and changed the time to display list of operating systems to zero.  But Windows doesn’t seem to like the idea of zero and keeps resetting it to the previous value of 1 or 2 seconds.  If I make sure the desired OS is shown in the default operating system box, can I just uncheck the “time to display….” box and accomplish the same thing?  I’m a little nervous about doing this unless it’s OK.  I’ve had so many little changes  completely crash a system in the past.

I tried running cacls c:\cmdcons, but the image flashed on the screen so fast that it wasn’t readable if, in fact, there was anything there.

Maybe the problem here came from installing the MWRC from Combofix rather than from Microsoft.  
 

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

You have to click "OK", not "CANCEL" for the operating system timeout to change after setting the timeout to 0 (zero, zed, null, cero, etc.).

  Also, you can set the operating system timeout to zero directly in boot.ini itself.

I.E.:

  [boot loader]

  timeout=0

  ...

 

To see the cacls output, run cacls from the cmd.exe CLI (Command Language Interpreter).  i.e. type:

  Start->r->cmd<enter>

This will open CMD in a separate windows.  Then, typing:

  cacls c:\cmdcons

Will allow you to see the output of the cacls command.  Also, typing:

  attrib c:\cmdcons -s -h -r

will turn off the corresponding System, Hidden, and Read-only file attribute bits for c:\cmdcons.  Once this is accomlished, typing:

  rmdir c:\cmdcons /s /q

should then remove the directory and its contents.  Be sure that you have removed the /cmdcons line from boot.ini, first.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I didn't click enough "OK" buttons.  The choice window doesn't appear anymore and boot.ini shows "timeout=0" .  Good solution.

However, I just noticed something else:  The activity on the screen during bootup which shows BIOS at work and gives the opportunity to open and edit the BIOS is no longer there.  Apparently I can't even get to the BIOS anymore.  I changed the boot time back to a few seconds and that didn't have any effect on the BIOS screen.  Bootup time seems much shorter--as though the BIOS isn't even running, although that doesn't seem possible.

What has happened and how do I fix it?

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.