The Grey Chronicles

2010.February.3

How Safe is Microsoft’s Safe Mode? II



Did another Internet research why my Compaq Presario 2100 Notebook is only booting in SAFE MODE? Six months ago, I could not even get past the blank and black screen after the BIOS page, with all the tricks employed: pressing F8 repeatedly, manipulating the MSCONFIG utility, modifying the boot.ini, reformating the hard disk, re-installing the operating system, just to gain access to SAFE MODE, but astonishingly Windows XP STILL could load in NORMAL MODE!

It took the whole night yesterday doing all the anti-malware scans in SAFE MODE, i.e., even after tweaking some settings to exclude some files, like PDFs, from the scan and deleting some Application Software which I could re-install later. Yes, the over-compulsiveness in me took over! I ran all anti-malware scans I had previously installed.

For someone, what I did might be overkill, but one cannot be sure by just running one favorite anti-malware and hope it could detect every known malware. During my stint at Yahoo!Answers: Security, most answers highlight that it for a “more secure” environment, personal computers could have one real-time scanning anti-virus software [I used Avira AntiVir] and a number of anti-malware (spyware, trojan, etc.) applications. As malwares are not created equal or by the same individual, anti-malware applications are also not made equal. Some use signature-based rules, while others rely on heuristics scan.

The result: most found traces of notorious cookies from sites I visited four years back, others cleaned the obsolete user logs and initialization files, and several unused registry keys. Surprisingly, only MalwareBytes’ Anti-Malware found Heuristics.Reserved.Word.Exploit located at C:\Documents and Settings\Administrator\Desktop\explorer.png. The System AutoRuns reported that \??\C:\DOCUME~1\Administrator\Local Settings\Temp\ATICDSDr.sys is missing.

Interestingly, viewing the Windows System files, I came across a rather peculiar read-only, hidden, system, yet empty, 2-byte file: winstart.bat. In the system32 folder, a direct-link library file: BASSMOD.dll was also present and both files were dated 31 January 2010. Viewing the file properties was suspect: nothing! Neither file or product version nor the manufacturer was found. Viewing the contents using Notepad, aside from the usual machine-language gibberish, I only surmised that the file was used for playing music calling KERNEL32.dll WINMM.dll MSVCRT.dll user32.dll when loaded. Fortunately, BASSMOD.dll and winstart.bat were not system-protected that I was able to rename it then moved it to a quarantined folder using a reliable freeware, Cedrick Collomb’s Unlocker Assistant.

No AudioShutdown … Reboot … Still in SAFE MODE. I noticed that after the Reboot, for the nth time, I missed the usual playing of the wave file once Windows XP starts. So probably BASSMOD.dll was needed, maybe I should re-register it back. My Internet research turned out nothing about BASSMOD.dll, but there was an issue regarding the ATICDSDr.sys and winstart.bat.

The ATICDSDr.sys is a file from ATI Technologies which provided a utility to connect Compaq Presario 2100 Notebook to other appliances, such as a television, a VCR or another PC monitor. Removed the file missing entry for ATICDSDr.sys using SystemInternals’ AutoRuns. I could just reinstall that later using the Notebook Utility CDs. Prior to doing that, I viewed the Sounds and Audio Devices through the Control Panel. There was no Audio Device present. The checkboxes, slider and command buttons to change the volume settings were all disabled and grayed. Trying the Volume Control, a rather peculiar Message Box popped, stating:

In Windows XP Home or Professional versions, at least those that I have used, there is NO Printers and Other Hardware found in the Control Panel (see left), but rather it is either Sounds and Audio Devices OR Printers and Faxes. There is also a separate Add Hardware shortcut. Maybe this Message Box was a remnant of earlier versions of Windows, or whoever coded the Information text forgot that there are new Control Panel shortcuts for Windows XP!

Closing the Volume Control, and the Control Panel windows, I also tried the Sound Recorder, and another Message Box declared:

Another

Thus, although my Compaq Notebook does not have an Audio Device present, another application is playing audio. Aha . . . the Sound of Silence playing in the background?!

It is already past midnight, and still I am booting Windows XP through SAFE MODE. Tired and rather sleepy, I opened my son’s game: Bricks of Egypt, clicked start to play. Lo and behold, or hear: The music is playing synchronized with the bounching of that elusive ball striking the catch paddle! What gives? Maybe the BASSMOD.dll or the ATICDSDr.sys?


Notes:

Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 LicenseDisclaimer: The posts herein do not necessarily represent any organization’s positions, strategies or opinions. Read the full version of self-imposed rules for this blog: A New Year; New Rules. Unless otherwise expressly stated, the posts are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.
Comments are moderated to keep the discussion relevant and civil. Readers are responsible for their own statements.

Advertisements

1 Comment »

  1. Quality info once again.
    Bookmarking rhis page, becoming a follower of this blog.

    Comment by Install Desktop enhancement Software — 2010.February.10 @ 02:21 | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: