[itdiscuss] Virus Cleaning Problems
Dustin Drewery
ddrewery at crossroadsokc.com
Mon Jan 18 16:02:30 EST 2010
I just finished fixing this same problem. In my situation the
c:\windows\system32\userinit.exe file was no longer being used. It had been
switched in the registry to a bad copy of winlogon32.exe.
You will need to use something like BartPE to boot up and edit the registry
(http://www.nu2.nu/pebuilder/) then change the key back over so that it uses
userinit.exe. In some cases the userinit.exe file actually gets overwritten
but you should be able to pull it off the bartpe disk.
Once you boot in bartpe, use the command prompt to open regedit. You'll
want to click on HKEY_USERS then load the hive
C:\Windows\System32\Config\software and save it as something like myHive.
Open it up and find HKEY_USERS \ MyHive \ Microsoft \ Windows NT \
CurrentVersion \ Winlogon and changethe value back to
c:\windows\system32\userinit.exe. When you're done, you want to makes sure
and unload the hive then reboot.
That should get you up and operational. Hopefully that's the same problem.
I'm telling you this by memory so if you don't see something that I
mentioned, let me know and I'll try and remember better J.
dustin-sig
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org]
On Behalf Of Roger Wright
Sent: Monday, January 18, 2010 2:18 PM
To: 'IT Discussion Forum'
Subject: Re: [itdiscuss] Virus Cleaning Problems
I had a similar issue lately where malware had corrupted the MS Networking
Client. I had to remove it and reinstall it and all was fine.
Roger Wright
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org]
On Behalf Of blloyd at buskercom.com
Sent: Monday, January 18, 2010 3:13 PM
To: discuss at itdiscuss.org
Subject: Re: [itdiscuss] Virus Cleaning Problems
I don't know if you can boot into safe mode as I forgot to try that. Lord
willing, I will have to check that out tonight or tomorrow.
Bill Lloyd
IT Manager
2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604 Ext.: 250
Fax: 770-417-1747
Cell: 404-379-6963
blloyd at buskercom.com
This email and any accompanying attachments may contain confidential and
proprietary information. If you are not the intended recipient, you are
requested to delete this entire communication immediately. Emails cannot be
guaranteed to be secure or free of errors or viruses. The sender does not
accept any liability or responsibility for any problems that may result from
emails you receive.
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org]
On Behalf Of Roger Wright
Sent: Monday, January 18, 2010 3:09 PM
To: 'IT Discussion Forum'
Subject: Re: [itdiscuss] Virus Cleaning Problems
And Safe Mode works or not?
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org]
On Behalf Of blloyd at buskercom.com
Sent: Monday, January 18, 2010 3:00 PM
To: discuss at itdiscuss.org
Subject: Re: [itdiscuss] Virus Cleaning Problems
I didn't because Bitdefender boots via CD using a Linux OS.
This same problem occurs regardless of the user who logs on.
Bill Lloyd
IT Manager
2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604 Ext.: 250
Fax: 770-417-1747
Cell: 404-379-6963
blloyd at buskercom.com
This email and any accompanying attachments may contain confidential and
proprietary information. If you are not the intended recipient, you are
requested to delete this entire communication immediately. Emails cannot be
guaranteed to be secure or free of errors or viruses. The sender does not
accept any liability or responsibility for any problems that may result from
emails you receive.
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org]
On Behalf Of Roger Wright
Sent: Monday, January 18, 2010 2:57 PM
To: 'IT Discussion Forum'
Subject: Re: [itdiscuss] Virus Cleaning Problems
Have you booted into safe mode to do your cleaning?
I've found a dual scan with MalwareBytes and VIPREPCRescue to be best for
cleaning.
Perhaps the user's profile is corrupt. What happens when you log on as a
different user.
Roger Wright
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org]
On Behalf Of blloyd at buskercom.com
Sent: Monday, January 18, 2010 2:22 PM
To: discuss at itdiscuss.org
Subject: [itdiscuss] Virus Cleaning Problems
Recently I cleaned off a PC at our church that had 5 different
viruses/Trojans on it. I use Bitdefender to scan and clean the system.
Once I got the system cleared I rebooted the system and attempted to log in.
However, the only thing the system does now is log on and immediately log
the user out. Any ideas of what might be wrong or what I can do to fix the
problem?
Thanks,
Bill Lloyd
IT Manager
2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604 Ext.: 250
Fax: 770-417-1747
Cell: 404-379-6963
blloyd at buskercom.com
This email and any accompanying attachments may contain confidential and
proprietary information. If you are not the intended recipient, you are
requested to delete this entire communication immediately. Emails cannot be
guaranteed to be secure or free of errors or viruses. The sender does not
accept any liability or responsibility for any problems that may result from
emails you receive.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://optimus.thompsonic.com/pipermail/discuss/attachments/20100118/e3a0ca49/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 15364 bytes
Desc: not available
Url : http://optimus.thompsonic.com/pipermail/discuss/attachments/20100118/e3a0ca49/attachment-0002.jpeg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 14873 bytes
Desc: not available
Url : http://optimus.thompsonic.com/pipermail/discuss/attachments/20100118/e3a0ca49/attachment-0003.jpeg
More information about the discuss
mailing list