Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Using ComboFix with Windows XP on dual boot computer

  • Please log in to reply
1 reply to this topic

#1 etssp


  • Members
  • 2 posts
  • Local time:08:34 PM

Posted 19 May 2017 - 09:43 PM

I couldn't find a separate thread for reporting ComboxFix bugs, so I'll post this here. If it belongs elsewhere, please move it.
Summary of the problem: ComboFix can not install Recovery Console (RC). The cause appears to be having a dual boot computer.
I had great difficulty using ComboFix on my system. I have a dual boot system with Windows XP SP3 one partition and Windows 8 on another partition. When booting in WinXP, the C: partition has XP and the E: partition has Win8. I was running ComboFix from the D: partition.
When I first ran ComboFix it said it need the Recovery Console. It tried to connect to the internet, but wasn't able to connect even though the connection was working. Disabling my firewall didn't help. I then tried installing RC manually using the command
f:\i386\winnt32.exe /cmdcons
from my WinXP installation disk. This didn't work as my disk is SP1. I then created a WinXP SP3 slipstreamed disk following the instructions at
The link to SP3 at Microsoft no longer works. This site gives instructions on how to download SP3 from archive.org.
I was finally able to install RC, but ComboFix still gave the same error. It could not find RC or it was not the correct version. It would have helped if ComboFix could be more specific. Anyways, I finally found out how to manually give RC to ComboFix using the instructions at
The Microsoft links to the Setup boot disk for WinXP SP2 are dead. I was able to download the software from
I dragged the software into ComboFix and go the error message that RC was already installed! I then deleted RC using the instructions at
Note that as my computer is dual boot, these files were on my E: partition. Dragging the disk software into ComboFix the next time finally resulted in no error messages. Of course, I wanted to delete RC again, but cmdcons couldn't be deleted, as described in the following link.
I found an alternate method to delete RC by just reinstalling RC from the WinXP SP3 disk. The files were then easy to delete. So we have several strange behaviour of ComboxFix.
1) Not being able to connect to the internet, probably because the file it was looking have been deleted.
2) Not finding RC, even though it had been installed.
3) Dragging setup disk software into ComboFix and saying that RC is already there.
To prevent these problems in the future:
1) ComboFix should not go to Microsoft to get the RC file, since the files have been deleted.
2) Properly recognise that RC has been installed on dual boot computers.
3) Get rid of the permissions that prevent cmdcons being deleted if ComboFix installs RC.

Edit: Moved topic from Windows XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,090 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:04 AM

Posted 20 May 2017 - 05:13 AM

As a general policy, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it or if there is a problem with the computer caused by running the tool. We recommend that people should not be using ComboFix without being advised to do so by a trained expert (see here) who is assisting them deal with a malware problem. When issues arise due to complex malware infections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.

Also be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, FRST, OTL, Zoek and RSIT should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning a strategy for effective disinfection and a determination if using ComboFix is even necessary. FRST has become our tool of choice since it provides equivalent information and (unlike ComboFix) works on all operating systems.

While our policy is not to offer advice on running ComboFix unless we asked someone to run it, we are willing to assist with resolving problems caused after using it and we are certainly willing to help with malware disinfection. If that assistance requires running ComboFix, you will be advised what to do in order to get the tool to run properly or investigate any error messages.

If you need individual assistance with a malware infection or issues related to using ComboFix, please follow the instructions in the Preparation Guide For Requesting Help starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.

If you choose to follow the above instructions and post a FRST log, please reply back in this thread with a link to the new topic. If not, at least you know doing that is an option available to you.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users