My system is Windows XP Home, Sp 3. As a result of running Combofix, the Microsoft Windows Recovery Console was installed. I want to remove it and have followed two different sets of Microsoft-originated instructions to no avail. Hidden files and folders
are shown and protected operating system files are not hidden.
The removal process completes OK, except I cannot delete the \Cmdcons folder. No matter what I do to the properties of this folder, I still get a message that says it cannot be removed. Access is denied because of of the 1394BUS.SYS file.
When the computer boots, I still get the screen which offers the choice between the MWRC and Windows and the boot continues to Windows.
I logged into Safe Mode and looked at the security tab for cmdcons. I am the owner and administrator and there are no others. Cmdcons seems to be permanently hidden. All the rest of the steps to eliminate the recovery console have been taken successfully.
The file attributes Hidden, System and
Read-only are set on the \cmdcons directory. Unchecking the read-only check box will not clear all these. You must use \windows\system32\attrib.exe to remove these settings. As \windows\system32 is usually in the %PATH% environmental
variable, they can be easily changed from a CMD prompt or simply using the run command:
attrib c:\cmdcons -r -s -h
None of the other directories HRS attributes are set within \cmdcons (i.e. \cmdcons\system32, \cmdcons\dudrvs or \cmdcons\dudrvs\4541876). However, lots of files are set read-only (178 to be precise). One would have to use
del /f to delete these.
The safest way to remove the command console startup line from
boot.ini is to use the System control panel. Open the the System control panel (start-pause/break), select the
Advanced tab, and click the Settings button in the Startup and Recovery pane. This will open the
Startup and Recovery window. In the System startup pane, click the
Edit button. This will open the boot.ini file in Notepad. Remove the line:
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
Use the file menu to SAVE and then EXIT (or CTRL-S and then ALT-F,X).
Alternatively, as CMDCONS only uses about twelve megabytes of storage, one could just leave it there and set the Time to display list of operating systems: time to zero in the System startup pane of the
Startup and Recovery window. That way, it could be used in an emergency. The Operating Systems list can always be reached from the F8 boot menu. (I have the Microsoft Windows Recovery Console installed on all my Windows XP systems.)
BTW, the command:
will show the security setting on \cmdcons. (If you're the owner or have full access, it can change them, too.)
The boot.ini and other changes were made successfully. Only the cmdcons folder remains. The alternate OS that flashes on bootup isn’t operable at this point (“do not select this /debug”), and I really don’t want it to be.
I like the idea of your alternate of just keeping the folder but “putting it out of the way”. It avoids a lot of risky stuff for me.
I went to System Properties-Advanced-Settings-System Startup and changed the time to display list of operating systems to zero. But Windows doesn’t seem to like the idea of zero and keeps resetting it to the previous value of 1 or 2 seconds. If I make sure
the desired OS is shown in the default operating system box, can I just uncheck the “time to display….” box and accomplish the same thing? I’m a little nervous about doing this unless it’s OK. I’ve had so many little changes completely crash a system in
I tried running cacls c:\cmdcons, but the image flashed on the screen so fast that it wasn’t readable if, in fact, there was anything there.
Maybe the problem here came from installing the MWRC from Combofix rather than from Microsoft.
I didn't click enough "OK" buttons. The choice window doesn't appear anymore and boot.ini shows "timeout=0" . Good solution.
However, I just noticed something else: The activity on the screen during bootup which shows BIOS at work and gives the opportunity to open and edit the BIOS is no longer there. Apparently I can't even get to the BIOS anymore. I changed the boot time back
to a few seconds and that didn't have any effect on the BIOS screen. Bootup time seems much shorter--as though the BIOS isn't even running, although that doesn't seem possible.
What has happened and how do I fix it?
Did this solve your problem?
Sorry this didn't help.
Last updated: March 30, 2018