Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All attempts to remove Recovery Console fail


  • This topic is locked This topic is locked
20 replies to this topic

#1 Gammers

Gammers

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 17 September 2009 - 03:37 PM

Hello All,

Please help. I have made every attempt I can think of to remove the recovery console directory -- I am unable to do so. I do understand the arguments for keeping this directory, but I need to remove it so that I can do some system work on my C drive.

I have followed the instructions by Microsoft reiterated in this message:
http://www.bleepingcomputer.com/forums/ind...t&p=1310423

I was able to delete the "Cmldr" file

I have used the command prompt to show and remove the attributes (SHR) of the folder. I have tried to delete even a singular file from within the folder, as a test, and from the command prompt -- no dice.

I have changed the boot.ini to not reflect the system recovery menu item.

I have gone into administrator and changed the "ownership" of this folder to manage it.

I have uninstalled combofix (which is what installed the recovery console), thinking this would release it.

What next? I can format the C drive to get rid of this but I am TOO stubborn to try and take the easy way. I REALLY want to defeat that which is keeping me from deleting this folder.

HELP!

Thanks in advance for helping :thumbsup:

Gammers

EDITED TO ADD: gone into safe mode as administrator, still not able to delete. The message is: Cannot delete 1384BUS.sy_ Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use. The latter file is the first file in the cmdcons dir. Attempts to do any other file or dir in the cmdcons results in the same message.

WinXP SP2, C drive is the location of the dir. Drive C has 6.15 Gb empty on it. This is a dual boot system (2 XP copies) Drives are C (OS), D, E, F, G (OS). Attempts to delete that dir from the 2nd boot fail as well.

Edited by Gammers, 17 September 2009 - 03:52 PM.


BC AdBot (Login to Remove)

 


#2 Gammers

Gammers
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 18 September 2009 - 01:07 AM

Hello All,

Sure hoping for an answer on a removal of the recovery console. I ended up having to delete the partition that this was on to get rid of it and operate on my C drive. I would really like to be able to use Combofix in the future, in the event of need, but it won't be helpful to not be able to get rid of the recovery console afterwards. I have another means to maintain my system without the recovery console.

At anyrate, I was really hoping for someone here to assist -- I've perused the web and haven't found any answers on this.

Thanks in advance.

Gammers

#3 joseibarra

joseibarra

  • Members
  • 1,254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:03:23 PM

Posted 18 September 2009 - 06:48 AM

What part of the Microsoft article for removing RC did not work (which step) that ended up resulting in your trying to use the command prompt?

I went through all the steps up to the point of deleting my RC but I have never let ComboFix install RC for me or tried to remove RC.

I do not believe ComboFix is something to be installed in case you think you need it sometime later. It is better to not engage in activities that will necessitate it's use.

ComboFix is to be installed when you need it and with help from people that understand ComboFix.

ComboFix needs to be properly uninstalled when you are finished with it. Maybe by not uninstalling ComboFix correctly, things are now askew.

I am such an unexpert with ComboFix I probably shouldn't even be talking about it, but that is my .02!

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#4 Gammers

Gammers
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 18 September 2009 - 12:21 PM

Hello Jose,

Thanks for responding. Good question you asked. Typically hugely careful with computing, I was at a website and suddenly got hit with the Antivirus System Pro virus. I dealt with it manually, but then decided it might be a good idea to use ComboFix to touch up the machine.

After the fact, at some point (and I can't recall what occurred exactly now) and, I believe while working on a BartsPE CD, I found myself going into the System Recovery console to get straightened out (I was unable to boot). Not understanding how to deal with things at that point, I explored learning the recovery console, ending up having to use fixmbr, bootcfg etc. Woohoo, I got back in sync -- some lessons learned for next time.

Unfortunately, while trying to get squared away in the recovery console, I had no clue how to answer some of the questions (i.e. enter load identifier and enter load options). I finally figured that out with some tech documents. Even so, being thrust into that situation with not being able to boot, I might have erred in running fixmbr before fixboot, which I have subsequently learned should be run first on a dual boot system. SOOOOO, in working through those things I might have locked up the cmdcons folder as if it was an OS. I didn't want to find out by working through the recovery console again. Instead I did the work around with deleting the partition and resetting up my dual boot.

Today, now knowing how to get bailed out of the ridiculous mess I was in (thank you Partition Magic), I am going to install ComboFix again w/recovery console, and see if I can delete it. IF I can do so easily, THEN I know that I boofed something when doing fixmbr.

Again, thanks for responding. Oh, and ComboFix worked brilliantly -- it is a tool I want to be able to use in the future, but I sure don't want to be locking up my drive with things I can't rid myself of, as I use my dual boots for keeping all of my machines fully functional.

Gammers

#5 Gammers

Gammers
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 19 September 2009 - 02:29 AM

Bump...

Question... After ComboFix has installed the Recovery Console and done its thing, has anyone been able to delete their Recovery Console? i.e. using the instructions found here:

http://support.microsoft.com/kb/555032

I have done all manner of headstand and cannot delete the RC without deleting the partition. I suspect this is a permissions thing going on during the install of the RC OR it may have to do with dual boots OR the way I handle my dual boots.

Could some of you try deleting your ComboFix installed RC's to see if you can do so using the above mentioned Microsoft instructions?

I have a dual boot and do some rather playful things with it (delete the contents of my C or G bootable Win XP, then drag/drop the files for that drive to get a new setup going again -- has worked brilliantly for years.) Outside of wiping this drive, installing WinXP to only one partition, running ComboFix and again trying to delete the RC per instructions -- I can't test whether it is my setup or something else.

At anyrate, I ran fixboot and fixmbr to see if that would fix this inability to delete the RC, it didn't work.

Your help is appreciated.

Gammers

#6 Gammers

Gammers
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 19 September 2009 - 11:26 PM

Follow up... Cannot delete the cmdcons directory (Recovery Console)

To check if this was my harddrive and the way I have set it up, I wiped the drive -- removing all partitions. I created and formatted a partition NTFS. I redid the master boot record.

I installed a clean/simple fresh install of Windows XP2 (using the Windows XP install CD that I bought with my Dell computer). I installed the wireless driver so that I could access the internet. I ran ComboFix. It offered, downloaded and installed a newer version. It downloaded and installed the Recovery Console.

After running ComboFix, I uninstalled it per instructions (combofix /u). I followed the instructions from Microsoft to delete/uninstall the Recovery Console. I could not remove it.

It is difficult to believe that other people are not having this same problem with removing the RC after runing/uninstalling ComboFix. I suspect that the installation of ComboFix sets some special protection of the RC that it does not remove in its uninstall when it changes certain settings on the computer.

Is there some way to get in touch with the person who writes and maintains ComboFix? Surely they would want to know about this problem.

Thanks in advance.

Gammers

#7 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:02:23 PM

Posted 20 September 2009 - 08:53 AM

ComboFix often removes file and folder access permissions. So you need to take ownership of the folder cmdcons which you already have done. You are the owner now, but have you set the permissions of what you can do with that folder. Right-click on the folder, select Security tab, and check Allow in front of Full Control and save settings. If this does not work, other consideration would be a locked folder. Some process is using that folder and this is why it cannot be removed. So you may want to use Unlocker ( http://ccollomb.free.fr/unlocker/ ).

#8 Gammers

Gammers
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 20 September 2009 - 04:26 PM

Greetings Romeo,

Thanks for responding! :thumbsup:

I did use unlocker during the days I was working on trying to delete the cmdcons folder, no joy -- it would not unlock it (I tried renaming, unlocking, etc. and so on). I've also fiddled with the "ownership" settings, and again, that did not work. At one point, while playing with the ownership settings (and I could not duplicate it a 2nd time), I saw a "pop up" telling me that one of the files I knew to be in that folder could not have its permissions changed. I did not want to go too wild playing with the ownership settings, I'm not brilliant with them and I didn't want to lock myself out of something.

Despite trying to get full ownership of the cmdcons folder, the "special" box remain unchecked i.e. no permission there. I highly suspect that there is some setting that the creator of ComboFix set for that folder while ComboFix operates on the system that does not get reset upon the removal of ComboFix (i.e. combofix /u). I also noted that certain settings in the Windows Explorer, Tools\Folder Options\View\Advanced Settings did not get reset to what they were before the running of ComboFix i.e. I always have things set so that I can see system files/folders, all file extensions, etc. -- there were a few of my settings that were changed after running/removing ComboFix.

So... What I really need is someone who can experiment with this situation on their machine. They must install the current ComboFix on a machine which does not have the cmdcons dir on the C drive yet. Once ComboFix ignites, installs the RC, does its thing on the system, then the uninstall is done -- they can go see if they can remove the cmdcons folder using the MS instructions. They will likely not be able to remove it, even as I wasn't after much testing, and UNLESS they are very wise in setting ownership permissions and UNTIL they can figure out the key to unlocking all permissions that are holding this folder. I "suspect" that is the problem, but there may be some hidden file that loads that keeps that RC active?

Bottomline, I suspect this is a "bug" in the present ComboFix. It is a brilliant program and I really want to be able to use it in the future, but even as I do not want viruses/trojans/rogues on my system with out the ability to remove them, I do not want the cmdcons folder on it without the ability to remove it either.

As I mentioned, eventually and because I could not figure out how to unlock that cmdcons folder AND did not want it on the system all the time, I had to delete the C partition to get rid of it. I could not find and did not know of any other solution. Surely there is one that is not so radical, but I couldn't find it. I'm hoping one of the forum Gurus will work on this.

If this isn't an ownership thing, could it be that some process is holding that folder on the machine? If so, I need to know what and how to stop it.

I really appreciate the option to use ComboFix at times, but won't be able to do it if I can't learn how to get rid of that folder after I use CF and then delete it.

SO....... CALLING ALL GURUS! CALLING ALL GURUS! Can anyone figure out what is locking up the cmdcons folder on C drives so that they cannot be deleted after install by ComboFix?

Thanks a ton... This is now a burr in my shorts, really want to figure it out.

Gammers

#9 caperdog

caperdog

  • BC Advisor
  • 954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nova Scotia
  • Local time:03:23 PM

Posted 20 September 2009 - 05:01 PM

ok i like puzzles .... if you remove the line in boot.ini that has to do with RC and reboot are you then able to delete the file and folder ?
how about booting with a win98 boot disk and deleting from a dos environment. win98 wouldn't know what RC was so as long as permissions allow it should delete it

#10 Gammers

Gammers
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 21 September 2009 - 12:03 AM

Greetings Caperdog,

Thanks for responding :thumbsup:

You wrote:
>>ok i like puzzles .... if you remove the line in boot.ini that has to do with RC and reboot are you then able to delete the file and folder? how about booting with a win98 boot disk and deleting from a dos environment. win98 wouldn't know what RC was so as long as permissions allow it should delete it<<

Great! Its nice to have someone hop in on this. :flowers: I "did" remove the line in the boot.ini. That was part of the MS instructions (see below). Didn't work and mind you I went through the pace umpteem times, just to make sure I wasn't missing a beat. I didn't use a Win98 boot disk, I do believe I booted with Partition Magic and attempted to format the C drive and was unable to do so. I did boot into the second partition (on the G drive) and attempted to use the command prompt (remove the attribs of the cmdcons dir on the C drive, use the "del" command), but of course the 2nd partition boots from a ntldr on the first partition (although the boot.ini dd not have that line in it.) I also used the 2nd partition (G drive) and attempted to format the C drive, couldn't do it due to the cmdcons folder. I believe I booted with my Partition Magic CD on several occasions and attempted to format the C drive, and I do not believe I could do so. I tried every trick I knew before resorting to deleting the partition and rebuilding it. Again...I used all of the things that I "know to do" which is a bunch, but obviously not enough.

Finally... I am now afraid to use ComboFix again until I resolve this cmdcons non-deletion issue.

Thanks for helping. Do you have a test machine with a single boot of Win XP and no cmdcons folder? If so, could you experiment with installing ComboFix, the RC and then deleting it? Perhaps someone else can too.

Gammers

======
How to remove Windows Recovery Console
After installing Windows Recovery Console there may be time that you may need to remove Recovery Console due server upgrade, disk maintance etc.

Please follow these instruction to accomplish this task:
1. Log on as local administrator.
2. Double click on "My Computer" icon on the desktop.
3. In "My Computer" open: Tools -> Folder Options -> View -> Mark the checkbox
"Show hidden files and folders" -and clear the "Hide protected operating system
files" checkbox (please press on "Yes" to the confirm message).
4. Double click on the %systemdrive% (usually "C" drive) and delete "cmdcons" folder and the cmldr file from
the root drive.
5. Right-click boot.ini on the system partition and select Properties, then clear the "Read-only" checkbox.
6. Double click on the "boot.ini" file (the file reside in the root of the %systemdrive%).
7. Remove the line C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
8. Save the boot.ini file and close the text editor.

#11 caperdog

caperdog

  • BC Advisor
  • 954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nova Scotia
  • Local time:03:23 PM

Posted 21 September 2009 - 04:30 PM

Hi Gammers
at the moment i have no test machine, i hope to have one back next week. work is getting crazy and i have to travel a lot and work long days right now, but as time permits i will do the test. it may be a few weeks before i can get an answer posted here. thats the best i can do.

#12 Gammers

Gammers
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 22 September 2009 - 05:33 PM

Hello Caperdog,

Excellent. I will be very excited to see what you learn on the test box. I would almost bleep one of my good machines to test this, but if I did, I would surely want someone throwing ideas at me (those that I hadn't tried) to see if we could get to the root of the situation.

I'm still hoping that one of the helpers in this forum has a test machine that they might try this on. Install a box with WinXP (SP2 and security fixes), use ComboFix, delete ComboFix after use, then see if the typical will delete the cmdcons directory. Surely someone has a box they can test on?

In the meanwhile, I await your testing :thumbsup: Perhaps someone will hop in to help in the meanwhile -- this puzzle is one I would like to resolve.

Gammers

#13 Gammers

Gammers
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 26 September 2009 - 01:00 AM

Greetings all,

I'm wondering if someone at this site knows the creator of ComboFix and can let him know about this "permissions" issue -- I feel sure that it is not meant to be.

Now...from a post elsewhere on the web (written by me)...

~~~~~~~~~~~~~
I found the solution to the problem... :thumbsup: Prefacing the giving of it...

1. I have a dual boot system and, although I can get banged up, I have quite a few means for restoring my system, not everyone does. So, for those who do not have so many options, please think twice before removing the Recovery Console.

2. I don't think this should have become an issue -- I'm not sure why the RC's cmdcons folder cannot be removed, as it should be able to, after ComboFix installs the RC. ComboFix is a WONDERFUL tool, I appreciate it very much, but I think this may be a bug :flowers: i.e. the matter of not being able to delete the cmdcons folder per MS instructions and after ComboFix has installed it.

And another post elsewhere after finding the fix.

~~~~~~~~~~~~~~~~~~~~~~~~~
Howdy All,

Drum rollllllll... Sphew! I found the solution to deleting the Recovery Console's cmdcons folder after ComboFix has installed the RC.

To reiterate (so that this is in one message if someone is ever looking for the solution)...

Problem:
1. I downloaded ComboFix from [a reputable site]
2. I ran ComboFix and permitted it to install the Recovery Console (RC) when it asked to do so
3. After running ComboFix, I then did as directed, I uninstalled ComboFix with Start\Run and combofix /u
4. I noticed that there was now a cmdcons folder on my C drive. I learned that this was the RC (obviously installed by ComboFix, as I had permitted that). I tried to delete the cmdcons folder and could not. I followed the instructions at MS (see below link) and still could not delete the cmdcons folder.

Microsoft
KB articles #307654 and #555032

Now then... I have subsequently learned that IF "I" install the RC myself, using the instructions here:

Microsoft.com KB article #307654

I have no problem deleting the cmdcons folder per MS instructs.

SO the PROBLEM of not being able to delete the cmdcons folder only occurs after ComboFix installs the RC (at least todays version of ComboFix, subsequent versions might then have this problem fixed).

Mind you the above WAS a problem -- I repeatedly tested it, repeatedly could not delete the cmdcons folder UNTIL...

THE FIX:
The problem is due to an ownership/permission thing!

Ha! I would NOT recommend that anyone delete the RC before they make sure they have a nice running system after ComboFix has cleaned it up.

1st fix (and I am joking on this one):
Delete the partition holding the cmdcons folder.
NO NO NO, DON'T DO THAT, I am just joking, but that was my 1st fix when I was in a hurry and could NOT figure out the problem and an easier solution!

REAL FIX:
After ComboFix has run and you have tested to make sure that you are nice and safe in rebooting and running your machine (you might make doubly/triply sure -- and even wait a while if you don't have a nice backup situation like I do)... AFTER you are positive that you want to remove the RC's cmdcons folder...

Log on as local administrator.

First follow these MS instructions:

1. Restart your computer, click Start, click My Computer, and then double-click the hard disk where you installed the Recovery Console.
2. On the Tools menu, click Folder Options, and then click the View tab.
3. Click Show hidden files and folders, click to clear the Hide protected operating system files check box, and then click OK.

Now then... Here is what I did to resolve my problem...

A. Click upon the "cmdcons" folder to select it, then right click upon it and select "Sharing and Security" (in other words, make SURE that you are on the cmdcons folder and not some other one)
B. Click the "Security" tab, click the "Advanced" button
C. On the "Permissions" tab notice who has "Special" permissions on this folder (you will see this is in the "Permission entries" -- the "Permission" column.)

PROCEED AT YOUR OWN RISK
You, as user, should probably be an Administrator, having Administrator permissions to continue.

D. In my "Permission" section the user "Everyone" was noted as having "Special" permission. As a note, after having installed ComboFix when my network machines were up and running at the same time, a user named "S-1-5-21..." had "Special" permission. In addition, I (as user) had "Special" permission.

I clicked upon the user (not me as user) who had "Special" permission (aside from me). In one case that was "Everyone," in the other case that was the user "S-1-5-21..." After clicking upon the user that had "Special" permission, I clicked the "Remove" button, then the "Apply" button, and then "OK," and "OK" to get out of the Security settings.

Now then, go back to following the MS instructions again:

4. At the root folder, delete the Cmdcons folder and the Cmldr file.

[NOTE: you should be able to delete these now. If you cannot, explore your "Special" permissions thing again to see if there is another user with "Special" permissions that you should remove OR see if YOU must have "ownership" of the folder.

[CAUTION!!! Be sure NOT to delete your "ntldr" by mistake like I did one time or you will rue the day you wanted to part with the RC]

5. At the root folder, right-click the Boot.ini file, and then click Properties.

6. Click to clear the Read-only check box, and then click OK.

Warning: Modifying the Boot.ini file incorrectly may prevent your computer from restarting. Make sure that you delete only the entry for the Recovery Console. Also, change the attribute for the Boot.ini file back to a read-only state after you finish this procedure. Open the Boot.ini file in Microsoft Windows Notepad, and remove the entry for the Recovery Console. It looks similar to this:

C:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons

7. Save the file and close it.

Voila! SOLVED! You should have been able to successfully delete the cmdcons folder. If not, I suspect that the program that installed it did something funny to the permissions.

Gammers
PS. Thanks to those who took a bit of their time to assist me! It was much appreciated.

Edited by Gammers, 26 September 2009 - 01:12 AM.


#14 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:02:23 PM

Posted 26 September 2009 - 06:10 AM

I had already posted that solution but looks like you were in a hurry. If a user has Full Control it grants all Special Permissions. Read my post #7

#15 Gammers

Gammers
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 26 September 2009 - 06:09 PM

Hello Romeo,

>>I had already posted that solution but looks like you were in a hurry.<<

I wish your post had given the solution :trumpet: Unfortunately, that didn't come until I figured it out yesterday. BUT...your post #7 did lean in the right direction :inlove:

You originally wrote:
>>Right-click on the folder, select Security tab, and check Allow in front of Full Control and save settings.<< and then >>If a user has Full Control it grants all Special Permissions.<<

Unfortunately, clicking "Full Control" does not necessarily give you full control, nor does clicking it necessarily give you "Special Permissions." It certainly doesn't check the "Special Permissions" box, though you may have Special Permissions IF something doesn't louse that up. This case proves the last several points.

In my case, the "Full Control" box was checked, the "Special Permissions" box was unchecked. The latter is the case on most all folders on my drive, yet I can delete those folders and I could not delete the cmdcons folder. So how could anyone guess that I really didn't have "Full Control?" I assumed that "Unlocker" would override that which was going on -- wrong.

It wasn't UNTIL the "Special Permissions" of another user were removed that I actually had the control to delete that folder. Lesson learned.

In the meanwhile, how many people would have known enough about the nuances of permissions to understand this, :thumbsup: i.e. isn't Full Control what it says it is?

Gammers
* Glad to have resolved the mystery! :flowers:

Edited by Gammers, 26 September 2009 - 06:14 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users