Hi:

Windows 2003 Server, can't boot into safe mode. Upon further
inspection, subkeys for SAFEBOOT are missing from HKEY_LOCAL_MACHINE
\SYSTEM\CurrentControlSet\Control\SafeBoot registry. That is, not
even Minimal nor Network keys are present. ContolSet002, ...,
ControlSet004 are either missing SafeBoot key entirely or the subkeys
as above.

1. What is the procedure to restore these keys, short of a reinstall
of the opsys?

2. Any idea how this could have happened? If a virus/trojan, I didn't
seen anything suspicious under run/runonce (cursory inspection).

Thank you in advance for your help.

-- Roy Zider

Used ERD Commander 2005 for boot.

In news:a9afadc2-185d-4073-b19b-40416e0890a8@h1g2000prh.googlegroups.com,
FUBARinSFO <file1303@gmail.com> typed:
> Hi:
>
> Windows 2003 Server, can't boot into safe mode. Upon further
> inspection, subkeys for SAFEBOOT are missing from HKEY_LOCAL_MACHINE
> \SYSTEM\CurrentControlSet\Control\SafeBoot registry. That is, not
> even Minimal nor Network keys are present. ContolSet002, ...,
> ControlSet004 are either missing SafeBoot key entirely or the subkeys
> as above.
>
> 1. What is the procedure to restore these keys, short of a reinstall
> of the opsys?
>
> 2. Any idea how this could have happened? If a virus/trojan, I didn't
> seen anything suspicious under run/runonce (cursory inspection).
>
> Thank you in advance for your help.
>
> -- Roy Zider
>
> Used ERD Commander 2005 for boot.

This does sounds like malware got your machine. Take a look at the link
below to see if it helps. Another option is to boot up from the Windows 2003
CD and run an upgrade. This will keep all current settings and roles. If the
CD is integrated with the same SP level, then just re-run Windows Update. If
not, run the current SP, then run Windows Update.

Restoring Safe Mode with a .REG file
http://blog.didierstevens.com/2007/0...th-a-reg-file/

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations

Ace:

Yes, indeed it was from an earlier infection. a Win32/Bagle worm
variant
Restore from older backup is not overwriting registry
http://groups.google.com/group/micro...f4712?lnk=raot

I'll do a repair from the install CD, but at some point it's about
time to do a fresh install. Thanks.

-- Roy

Ace:

Further, I did have the Didier Stevens link open in IE when I posted
the note. Just haven't done it, since it wasn't definitive.

-- Roy

In news:1d3c5c18-eaa2-4e81-a452-a3c7153d5fda@w8g2000prd.googlegroups.com,
FUBARinSFO <file1303@gmail.com> typed:
> Ace:
>
> Further, I did have the Didier Stevens link open in IE when I posted
> the note. Just haven't done it, since it wasn't definitive.
>
> -- Roy

This would be the better option to running an ugrade. Let's hope for the
best. If this doesn't work, then let's go for running the upgrade. Of
course, the ultimate option is a clean reinstall.

Ace