Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I have a very "special" problem on my hands. Yesterday, I came back from my house to my dorm room and got on my computer. I checked an e-mail from tickle.com and soon after I started experiencing some problems. I checked my task manager and had a lot of files running that I had never seen before. I terminated all the ones I could and then ran msconfig to make sure they wouldn't start back up. The rest of the files that were running could not be deleted or terminated. So I booted into safe mode with command prompt and deleted all the files that I could. So I reboot the computer and now when I type in my password at the login screen, it logs me in and IMMEDIATELY logs me out. It doesn't matter if I use the admin account or anything. I've also tried booting into EVERY safe mode, last known good configuration, debugging, EVERYTHING! I cannot log into my computer. Anybody have any ideas? ANYTHING would be appreciated.
0 
Another thought...I inferred from your post that by leaving the PC in the dorm when you "went home," you knowly or unknowly allowed anyone to use it, correct?
i_XpUser
0
No, the administrator account cannot be logged onto, either. And I had my computer locked the entire weekend and nobody knows the password, to my knowledge. My roomate is also my best friend for most of my life so I trust him.
0
Ok but who else beside Gasper the friendly Ghost added "a lot of files running that I had never seen before." Something doesn't sound right. Just rememnber all PC are dumb & lifeless without user interactions.
i_XpUser
0
Refer to my first post where I said I checked an e-mail from a stupid site. From then on, my computer started running sluggishly and then I checked the task manager and noticed those files.
0
Reading email (without clicking on any attachedlinks) does no harm. Alright, I'm bowing out on this one. Wishing you the best of luck ...
Good day.
i_XpUser
0
Oh, I did click on an attached link because I knew who the e-mail was from and it seemed legit. From the attached site I tried to go do a different site and my internet explorer closed out. That's when I knew that bad stuff was going on. Any help will be appreciated!
0
This was a common problem when removing malware from PC’s. There is a registry key that may need repaired.
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Currentversion\Winlogon
UserInit=c:\windows\system32\???????.exe,
Should be:
UserInit=c:\windows\system32\userinit.exe,
(the comma is supposed to be there)
You will need to use something like ERD commander to access the system and check this key.
Or use a command line registry editor like:
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/RegistryTips/Commandshell/XPcommandlineregistrytool.html
To check the key.
0
And is there any way I can download that ERD commander for free instead of paying? Give me a little bit more help, I've never had to deal with a problem of this magnitude.
0
And is there any way I can access the registry without being logged on? I really don't know what to do.
0
Usually what happens is malware will place its file name in the registry key in place of userinit.exe.
If the malware file is deleted and the key is not fixed it will cause the logon\logoff that you are having.
If userinit.exe was deleted from c:\windows\system32 then you would need to replace the file with the proper version.
There should be a copy in c:\windows\servicepackfiles\i386
0
Alright, but what I'm asking is how can I copy the file from c:\windows\servicepackfiles\i386 to c:\windows\system32 without being able to use my command prompt or do anything? I don't know how to make/use these bootable CDs with ERD or the BartPE or UBCD4win or anything.
0
Before doing a reinstall, make sure you have read/write access to the %systemroot%.
You could also do a parallel install and change the permissions that way, if thats the problem.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
