How can I remove a forkbomb from the Startup folder?
Solution 1
How to remove a forkbomb from the Startup folder?
Start your PC in "Safe Mode" (Startup programs do not run in safe mode, and only the basic drivers needed to start Windows are installed).
Then you can delete the offending batch file.
How To Start Windows Vista in Safe Mode
To begin entering Windows Vista Safe Mode, turn on or restart your PC.
You will see the Splash Screen
Before the Windows Vista splash screen appears, press F8 to enter "Advanced Boot Options"
Select "Safe Mode" and press Enter
Screenshots:
Source How To Start Windows Vista in Safe Mode
Solution 2
You can skip loading the contents of the Startup folder by holding down Shift as the computer starts and logs in. (Note that this doesn't work for startup applications loaded from the Registry or other locations, only the actual Startup folder.)
Solution 3
Try booting your laptop in Safe Mode by pressing F8 during the bootup sequence, from there, just locate the file in your Startup folder and delete it.
If you're worried about accidentally opening it, or something similar, you can boot up in Safe Mode with Command Prompt (Provided you can use Command Prompt), and del
ete it that way, instead.
Even safer than that would be to take the hard drive out and connect it to a machine that cannot open a batch file, thus unable to reactivate the sequence, and remove it that way.
If that's unavailable, you could always try and re-image the drive.
Solution 4
Your best bet is to boot into Safe Mode or to a recovery disk or a linux live CD and remove it.
To boot to Safe Mode go ahead and I believe hit F8. Here's instructions, but the big thing is to strike F8 mid-boot.
The command to delete a file in Windows is del
and in Linux is rm
. Note in Linux you may be better off doing it though their file manager since if you don't know Linux you'll have to mount the disk and all that. The recovery console command prompt is what you'll want in the Windows disk.
Solution 5
In addition to the other answers: if by some chance, your problem lies in the registry (for instance, as in @isanae's comment on the accepted answer), you can edit the registry offline either by booting to another install of your version of Windows, or by using a setup/WinPE environment CD.
In short, open up the registry editor in your alternate OS (from WinPE or a setup disc, you can press Ctrl+F10 to open up a command prompt, then enter "regedit"). From there, you can create a new node in the registry tree, then use File -> Load Hive to choose the corresponding files for offline registry editing as follows:
[HKEY_LOCAL_MACHINE\SYSTEM] (%windir%/system32/config/SYSTEM)
[HKEY_LOCAL_MACHINE\SOFTWARE] (%windir%/system32/config/SOFTWARE)
[HKEY_USERS.Default] (%windir%/system32/config/DEFAULT)
[HKEY_CURRENT_USER] (%userprofile%/ntuser.dat)
From here, you can make whatever edits you need (SOFTWARE\Microsoft\Windows\CurrentVersion\Run, for example, holds your startup programs), and then save/close the hive you opened back to the same file.
Related videos on Youtube
Comments
-
Ethan Bierlein over 1 year
I have an older laptop running Windows Vista, from about 2005 and I was fooling around with it a little bit. In a moment of sheer stupidity, I created a Batch file and put the following code in it:
%0|%0
I ran this and I had to restart my laptop. However, I decided to continue upon this destructive path and put the Batch file in the Windows Startup folder. Now I can't login without it destroying my laptop.
How can I remove this forkbomb from the Startup folder?
-
Keavon over 8 yearsAlso, this is a brilliantly simple way to destroy someone's computer. I'll try to remember this one just incase I ever meet someone that I really, really hate and I get 30 seconds with their computer. You could even use live boot media to access the filesystem and create the file without needing a password.
-
rpax over 8 years@Keavon I'll take your advice :) post added to favorites
-
Mark K Cowan over 8 yearsThis is beautiful
-
nixda over 8 yearsThis reminds me of How to mess up a PC running Windows 7?
-
jpmc26 over 8 years@Keavon Better yet, turn it into ransom-ware. ;)
-
Ehsan Sajjad over 8 yearswhat does this line of code actually means?
-
GalacticCowboy over 8 years@EhsanSajjad - every time it executes, it spawns two new instances of itself. (which each spawn new instances, etc.) Eventually it consumes all available resources, and the computer becomes unusable. In a batch script, %0 stands for the executing batch script.
-
Mark K Cowan over 8 yearsGiven the amusing nature of the question, I'm surprised nobody suggested
format C:
or `del /S C:` as ways to remove the forkbomb from the Startup folder (note to beginners: do not try those commands, they'll remove everything else as well)
-
-
user541686 over 8 yearsIf you can re-image the drive by booting into another tool somehow then you can just delete the file from there.
-
Mutantoe over 8 yearsJust out of curiosity, how did you get those screenshots?
-
DavidPostill over 8 years@Mutantoe Google image search ;)
-
WernerCD over 8 years"Image search" didn't show me these pictures at all
-
user541686 over 8 yearsHave you actually tried this or did you just read it somewhere? I just tried it on Windows 8.1 and it didn't seem to work.
-
DavidPostill over 8 years@WernerCD google "windows vista safe mode" images and "windows vista splash screen" images ;)
-
Michael Bailey over 8 yearsIf you boot to a live CD it's much safer than taking the hard drive out and re/unmounting it. Not like Live CDs can.
-
Michael Bailey over 8 yearsKinda confused how this is a different answer other than that point though to be honest.
-
Burhan Ali over 8 yearsThey would have been created using a virtual machine.
-
Quill over 8 yearsI have the same opinion on the duplicate answer you posted after mine, @MichaelBailey
-
Michael Bailey over 8 yearsWhat? This doesn't list Live CD as an option. A noobie taking a hard drive out and setting it up for another machine should probably come after a live CD. Also I thought I was first answer but hey that can be a network bug for all I know so that's whatever
-
isanae over 8 yearsNote that Windows will start stuff in the RunOnce registry keys even in safe mode if they are prefixed with *. If you felt adventurous enough to put a fork bomb in your startup folder, make sure you don't do the same in the registry.
-
nhinkle over 8 yearsI've done this before on Windows 7 and it works fine. You have to press and hold Shift the whole time after you press Enter on your password until the desktop appears, maybe a bit longer to be safe.
-
DavidPostill over 8 yearsFor what it's worth you posted 69 seconds before @MichaelBailey and I posted 84 seconds after Michael. We were probably all editing our answers at the same time. After submitting it's down to network timing. I'm working of a slow mobile tethered connection :/
-
DavidPostill over 8 years@isanae Thanks, I didn't know that.
-
Soren Bjornstad over 8 yearsI have gotten it to work before, but I can't say for sure which versions of Windows.
-
user541686 over 8 yearsAre you sure it skipped the contents of the startup folder? I feel like when I tried it, it skipped the registry but not the startup folder. @nhinkle
-
DavidPostill over 8 years@EhsanSajjad What line where are you asking about?
-
Ehsan Sajjad over 8 yearsthe line in the question, which OP put in the batch file
-
DavidPostill over 8 years@EhsanSajjad
%0
is the name of the batch file.|
is the pipe symbol. So a batch file containing%0|%0
says run me again and pass my output into a new copy of me recursively. -
Ehsan Sajjad over 8 yearsAnd it is called forkbomb?
-
Cole Tobin over 8 years@EhsanSajjad yes. Essentially, if you save your forkbomb as, say,
fork.bat
, running it will runfork.bat|fork.bat
. That means for every timefork.bat
is run, two more copies will be started. -
Ben Voigt over 8 yearsNote that if you use this method to fix user-local registry settings from a second user account on the same Windows install, it's absolutely essential to unload the hive before attempting login. If you leave the hive mounted, it can't be loaded to the correct location under
HKEY_USERS
and Windows will permanently change the profile to point to a newly made mostly empty hive. (mostly empty = same state as a user logging in for the first time ever). Just retracing your steps won't fix it. -
Cyphase over 8 yearsEven suggesting re-imaging the drive seems excessive.
-
Shamtam over 8 years@BenVoigt Interesting issue that I wouldn't have thought of. If Windows does permanently change the profile, do you happen to know where the new hive (assuming it doesn't overwrite the already-mounted old hive) is created/stored?
-
Ben Voigt over 8 yearsIf I remember right (but it has been a few years) the new registry hive file goes in the same directory but with a numeric file extension.
-
Quill over 8 yearsIt's a more of a last resort kind of thing
-
Mark K Cowan over 8 yearsYou may also need to look in WOW6432Node, I'd assume that the startup-run stuff in there will also be honoured
-
badboy24 over 8 years@Mehrdad It was definitely the folder in either 98 or XP (last time I had to use it), no idea if it's changed since then