Strange problem with xp system. Viruses were suspected on a pc. Ran a few process viewing programs, malware checks, etc. in safe mode. restart pc and desktop is classic xp version. services are stopped, can't start them up manually. It gives error: 'can't start in safe mode'. dial-a-fix renoved disabled policies but still no cigar. also there is even an account named 'administrator' in the user logon like its in safe mode. is this a rootkit. i cant even edit boot.ini. Is there a fix?

Search the registry for SafeBoot and delete the Option key. Restart and all will be normal.

Thanks WAREDAT! You were correct. That is the strangest. Much appreciated.

Can we ellaborate on this a bit more?

Like how and why?
And what this registry key/value is?

This key gets set in safe mode, it should not be there when windows is running normally. A Dword value of 00000001 will be set in Safe Mode Minimal, Dword 00000002 will be set in Safe Mode Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network\

Not sure why it sometimes hangs around when windows is started normally but i've seen it on virus free computers as well.

A little note you can add the key
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Option]
"OptionValue"=dword:00000001 to enable security tab in xp home, just remove it before restarting.

Thanks for the info. I have not come across that before but not really surprised about the problem.

PC stands for Peculiar Computer

:D

WOW! It has started again in safe mode. No services have loaded and desktop theme looks like xp classic. I will search for the registry keys manually that were mentioned by waredat and let you know if i have luck.

T
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network\



I deleted the above values and now it does boot normally. I will post update if anything changes.

That maybe a variant of the rootkit i am seeing now i usually use unhackme it's a bootime rootkit/worm/trojan detector does a really good job.
most rootkit software just finds rootkit this one finds and removes it never had it fail yet.