usrinit removal problem

Removal:

*** Turn off System Restore , if your infected***

1) Run a FREE online virus scan, http://housecall.trendmicro.com/housecall/start_corp.asp   - Even though you hopefully already have a virus scanner, it’s always nice to get another opinion.

2) Adware Personal SE: http://files3.majorgeeks.com/files/c3cbd51329ff1a0169174e9a78126ee1/spyware/aawsepersonal.exe  - be sure to run the update after you have completed the install.

3) CWSheddar - http://files3.majorgeeks.com/files/c3cbd51329ff1a0169174e9a78126ee1/spyware/cwshredder.exe  - This is good to run just to make sure.

4) HiJackThis - which you’re already have, so just post log to site I gave you above to make sure the other products didn't miss anything.

If hijack this looks ok, reboot and move along to PREVENTION.

Prevention:

1) Virus software: If you have money buy, Kaspersky, www.kaspersky.com , otherwise go with: AVG 7.0 FREE - http://free.grisoft.com/freeweb.php/doc/2/ . Kaspersky is extremely useful for it blocks malicious scripts from the web, which a large percent of spyware comes from, also has definitions for adware/riskware/malware/etc.

2) Software firewall: Sygate Personal Firewall: http://smb.sygate.com/download_buy.htm - both a Pro version for money, or use the free edition. This is user friendly and one of the only software firewalls that prevent .DLL injection, which is commonly used with trojans/keyloggers.

3) Run windows updates to make sure you are fully patched. Also might want to try: http://www.microsoft.com/technet/security/tools/mbsahome.mspx - great to to analyze your system. You'd want to run this as soon as you plug into the internet.

4) Spyware Blaster - http://www.javacoolsoftware.com/spywareblaster.html
This is great for blocking dialers and other spyware form accessing your computer. Works with both IE & Mozilla and updates and free as well. Doesn't have to be running, just install, updated, "enable all protection" and follow those steps once a week or so.

5) Always a good idea to have a backup browser, these days tons of exploits are publically released against Internet Explorer. I'd check out Firefox: http://www.mozilla.org/products/firefox/

Additonal clean up:
CCleaner - http://www.majorgeeks.com/download.php?det=4191
This program will clean out, temp, temp internet files, all the other junk that sites around on the computer, will help performance.

RegCleaner - http://www.majorgeeks.com/download.php?det=460
This program will remove any missing or invalid registry entries as well as perform a complete backup of changes you made. Very nice addition to system maintainance.

Conclusion:
With these programs I’m confident this resolve your issue. I use these same programs on a daily basis and have yet to be let down. Please don’t hesitate to reply with any questions or concerns. I’ll also provide you with a few link resources to keep up to date on daily threats!

Resources/References:
SANS Institute:
http://isc.sans.org/
This site has a daily diary that keeps on top of all the latest threats. I live by this site. If you a real security freak, you can get the system tray icon at: http://www.labreatechnologies.com/ISCAlert.zip

McAfee Portal Site:
http://myavert.avertlabs.com/myavert/default.aspx?index=1
Great to see the latest virus/exploit threats on a daily level, which is the most active, etc.

Analyst's Diary (virustotal.com)
http://www.viruslist.com/en/weblog

Congrats and good luck,

Jorden

hmmm i think that either you deleted the valid userinit.exe file OR the registry was containing this usrinit.exe file value and as the file is removed now...... the registry is blank! :-?

It normally happens in BlazeFind adware removal procedure, as described in these two links,
Unable to Log On To Windows XP After Removing wsaupdater.exe
http://www.lavasofthelp.com/articles/v6/04/06/0901.html

Unable to logon to Windows after removing BlazeFind using a spyware removal utility?
http://www.winxptutor.com/wsaremove.htm

So in your case, if you are having an ERD commander like CD which can be booted with to enter into the system, we can try to edit the registry to restore the correct values,,,,, OR try a repair install of Win2000, which will not delete your data and programs, and will restore all the windows files and registries :)

How to Perform an In-Place Upgrade of Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;292175&Product=win2000

knox.... he cannot enter into the system even to try atleast one software from the list...... the problem here is that the Userinit registry key in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon is either have wrong value or blank...... its needed to be pointed to the correct file that is C:\Winnt\System32\Userinit.exe, :)

and btw he mentioned that he is having Win2000.... and Win2000 has no system restore to turn off! :)

Make a boot disk of:
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html

This has a built in registry editor which will alow you to fix the key:

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"

It should say something like:
"C:\WINDOWS\system32\userinit.exe,"

I think you can get the original userinit.exe back by booting off your XP disk, going to recovery console, and using the EXPAND command. See: http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/prgg_det_pvfh.asp?frame=true for EXPAND syntax.

If he can do all that, your bootdisk idea is a huge waste of time.

Good Luck,

Jorden