How can I remove a forkbomb from the Startup folder?

I have an older laptop running Windows Vista, from about 2005 and I was fooling around with it a little bit. In a moment of sheer stupidity, I created a Batch file and put the following code in it:

%0|%0

I ran this and I had to restart my laptop. However, I decided to continue upon this destructive path and put the Batch file in the Windows Startup folder. Now I can't login without it destroying my laptop.

How can I remove this forkbomb from the Startup folder?

Ethan Bierlein

Posted 2015-08-22T16:46:10.563

Reputation: 1 059

40Also, this is a brilliantly simple way to destroy someone's computer. I'll try to remember this one just incase I ever meet someone that I really, really hate and I get 30 seconds with their computer. You could even use live boot media to access the filesystem and create the file without needing a password. – Keavon – 2015-08-23T04:22:16.570

@Keavon I'll take your advice :) post added to favorites – rpax – 2015-08-23T10:58:00.030

9This is beautiful – Mark K Cowan – 2015-08-23T19:21:32.670

This reminds me of How to mess up a PC running Windows 7?

– nixda – 2015-08-23T21:16:12.053

4@Keavon Better yet, turn it into ransom-ware. ;) – jpmc26 – 2015-08-23T23:28:11.573

9what does this line of code actually means? – Ehsan Sajjad – 2015-08-24T13:03:32.617

9@EhsanSajjad - every time it executes, it spawns two new instances of itself. (which each spawn new instances, etc.) Eventually it consumes all available resources, and the computer becomes unusable. In a batch script, %0 stands for the executing batch script. – GalacticCowboy – 2015-08-24T14:27:31.983

Given the amusing nature of the question, I'm surprised nobody suggested format C: or del /S C:\ as ways to remove the forkbomb from the Startup folder (note to beginners: do not try those commands, they'll remove everything else as well) – Mark K Cowan – 2015-08-25T08:16:27.100

Answers

How to remove a forkbomb from the Startup folder?

Start your PC in "Safe Mode" (Startup programs do not run in safe mode, and only the basic drivers needed to start Windows are installed).

Then you can delete the offending batch file.

How To Start Windows Vista in Safe Mode

To begin entering Windows Vista Safe Mode, turn on or restart your PC.

You will see the Splash Screen

Before the Windows Vista splash screen appears, press F8 to enter "Advanced Boot Options"

Select "Safe Mode" and press Enter

Screenshots:

Source How To Start Windows Vista in Safe Mode

DavidPostill

Posted 2015-08-22T16:46:10.563

Reputation: 118 938

7Just out of curiosity, how did you get those screenshots? – Mutantoe – 2015-08-22T20:14:15.707

20@Mutantoe Google image search ;) – DavidPostill – 2015-08-22T20:14:58.980

1"Image search" didn't show me these pictures at all – WernerCD – 2015-08-22T20:18:59.540

@WernerCD google "windows vista safe mode" images and "windows vista splash screen" images ;) – DavidPostill – 2015-08-22T20:55:34.277

51They would have been created using a virtual machine. – Burhan Ali – 2015-08-22T21:11:30.370

Note that Windows will start stuff in the RunOnce registry keys even in safe mode if they are prefixed with *. If you felt adventurous enough to put a fork bomb in your startup folder, make sure you don't do the same in the registry.

– isanae – 2015-08-23T01:25:29.133

@isanae Thanks, I didn't know that. – DavidPostill – 2015-08-23T07:20:40.403

@EhsanSajjad What line where are you asking about? – DavidPostill – 2015-08-24T13:05:02.830

the line in the question, which OP put in the batch file – Ehsan Sajjad – 2015-08-24T13:05:27.523

4@EhsanSajjad %0 is the name of the batch file. | is the pipe symbol. So a batch file containing %0|%0 says run me again and pass my output into a new copy of me recursively. – DavidPostill – 2015-08-24T13:10:19.573

And it is called forkbomb? – Ehsan Sajjad – 2015-08-24T14:23:15.470

5@EhsanSajjad yes. Essentially, if you save your forkbomb as, say, fork.bat, running it will run fork.bat|fork.bat. That means for every time fork.bat is run, two more copies will be started. – Cole Johnson – 2015-08-24T22:30:14.820

Understood thanks for explanation @ColeJohnson – Ehsan Sajjad – 2015-08-25T04:43:14.447

You can skip loading the contents of the Startup folder by holding down Shift as the computer starts and logs in. (Note that this doesn't work for startup applications loaded from the Registry or other locations, only the actual Startup folder.)

Soren Bjornstad

Posted 2015-08-22T16:46:10.563

Reputation: 331

2Have you actually tried this or did you just read it somewhere? I just tried it on Windows 8.1 and it didn't seem to work. – user541686 – 2015-08-22T20:35:11.597

3I've done this before on Windows 7 and it works fine. You have to press and hold Shift the whole time after you press Enter on your password until the desktop appears, maybe a bit longer to be safe. – nhinkle – 2015-08-23T05:57:01.870

I have gotten it to work before, but I can't say for sure which versions of Windows. – Soren Bjornstad – 2015-08-23T18:26:50.963

Are you sure it skipped the contents of the startup folder? I feel like when I tried it, it skipped the registry but not the startup folder. @nhinkle – user541686 – 2015-08-24T02:19:12.307

@Mehrdad It was definitely the folder in either 98 or XP (last time I had to use it), no idea if it's changed since then – Izkata – 2015-08-25T17:44:21.000

Try booting your laptop in Safe Mode by pressing F8 during the bootup sequence, from there, just locate the file in your Startup folder and delete it.

If you're worried about accidentally opening it, or something similar, you can boot up in Safe Mode with Command Prompt (Provided you can use Command Prompt), and delete it that way, instead.

Even safer than that would be to take the hard drive out and connect it to a machine that cannot open a batch file, thus unable to reactivate the sequence, and remove it that way.

If that's unavailable, you could always try and re-image the drive.

Quill

Posted 2015-08-22T16:46:10.563

Reputation: 300

3If you can re-image the drive by booting into another tool somehow then you can just delete the file from there. – user541686 – 2015-08-22T20:09:03.167

If you boot to a live CD it's much safer than taking the hard drive out and re/unmounting it. Not like Live CDs can. – Michael Bailey – 2015-08-22T21:10:17.387

Kinda confused how this is a different answer other than that point though to be honest. – Michael Bailey – 2015-08-22T21:10:35.660

I have the same opinion on the duplicate answer you posted after mine, @MichaelBailey – Quill – 2015-08-22T22:30:33.573

What? This doesn't list Live CD as an option. A noobie taking a hard drive out and setting it up for another machine should probably come after a live CD. Also I thought I was first answer but hey that can be a network bug for all I know so that's whatever – Michael Bailey – 2015-08-22T23:16:40.553

For what it's worth you posted 69 seconds before @MichaelBailey and I posted 84 seconds after Michael. We were probably all editing our answers at the same time. After submitting it's down to network timing. I'm working of a slow mobile tethered connection :/ – DavidPostill – 2015-08-23T07:11:28.240

Even suggesting re-imaging the drive seems excessive. – Cyphase – 2015-08-25T02:58:13.093

It's a more of a last resort kind of thing – Quill – 2015-08-25T05:24:13.570

Your best bet is to boot into Safe Mode or to a recovery disk or a linux live CD and remove it.

To boot to Safe Mode go ahead and I believe hit F8. Here's instructions, but the big thing is to strike F8 mid-boot.

The command to delete a file in Windows is del and in Linux is rm. Note in Linux you may be better off doing it though their file manager since if you don't know Linux you'll have to mount the disk and all that. The recovery console command prompt is what you'll want in the Windows disk.

Michael Bailey

Posted 2015-08-22T16:46:10.563

Reputation: 320

In addition to the other answers: if by some chance, your problem lies in the registry (for instance, as in @isanae's comment on the accepted answer), you can edit the registry offline either by booting to another install of your version of Windows, or by using a setup/WinPE environment CD.

In short, open up the registry editor in your alternate OS (from WinPE or a setup disc, you can press Ctrl+F10 to open up a command prompt, then enter "regedit"). From there, you can create a new node in the registry tree, then use File -> Load Hive to choose the corresponding files for offline registry editing as follows:

[HKEY_LOCAL_MACHINE\SYSTEM] (%windir%/system32/config/SYSTEM)

[HKEY_LOCAL_MACHINE\SOFTWARE] (%windir%/system32/config/SOFTWARE)

[HKEY_USERS.Default] (%windir%/system32/config/DEFAULT)

[HKEY_CURRENT_USER] (%userprofile%/ntuser.dat)

From here, you can make whatever edits you need (SOFTWARE\Microsoft\Windows\CurrentVersion\Run, for example, holds your startup programs), and then save/close the hive you opened back to the same file.

Shamtam

Posted 2015-08-22T16:46:10.563

Reputation: 295

2Note that if you use this method to fix user-local registry settings from a second user account on the same Windows install, it's absolutely essential to unload the hive before attempting login. If you leave the hive mounted, it can't be loaded to the correct location under HKEY_USERS and Windows will permanently change the profile to point to a newly made mostly empty hive. (mostly empty = same state as a user logging in for the first time ever). Just retracing your steps won't fix it. – Ben Voigt – 2015-08-24T22:57:21.107

@BenVoigt Interesting issue that I wouldn't have thought of. If Windows does permanently change the profile, do you happen to know where the new hive (assuming it doesn't overwrite the already-mounted old hive) is created/stored? – Shamtam – 2015-08-25T04:57:34.160

If I remember right (but it has been a few years) the new registry hive file goes in the same directory but with a numeric file extension. – Ben Voigt – 2015-08-25T05:19:53.483

You may also need to look in WOW6432Node, I'd assume that the startup-run stuff in there will also be honoured – Mark K Cowan – 2015-08-25T08:17:54.083