Solved

USERINIT.EXE

Posted on 2008-10-17
19
1,217 Views
Last Modified: 2011-10-19
HI. I TRIED TO START MY PC (WINDOWS XP PACK2) BUT I GET THE USERINIT.EXE APPLICATION ERROR. I'VE TRIED TO FIX IT USING THE CONSOLE, USING THE SOLUTIONS THAT EVERYBODY HAS POSTED ABOUT EXPAND THE USERINIT.EXE FILE FROM THE XP CD....THE POINT IS THAT IN THE WINDOWS\SYSTEM32 DIRECTORY, THE FILE USERINIT.EXE DOES EXIST. AND THAT FILE WSAUPDATER.EXE DOES NOT...SO, WHAT ELSE CAN I DO? I CAN ACCESS THE DESKTOP IN SAFE MODE...AND THE REGISTRY...BUT IT DOESNT SOLVE ANYTHING....

I FORGOT TO SAY THANKS :)
0
Comment
Question by:LAPOTES
  • 8
  • 5
  • 4
  • +1
19 Comments
 
LVL 13

Expert Comment

by:Brum07
ID: 22739281
0
 

Author Comment

by:LAPOTES
ID: 22739349
thanks....can i do this from the console? if so, how do i go back to c: from c:windows\ ?
0
 
LVL 13

Expert Comment

by:Brum07
ID: 22739403
No, you need to create a boot disk, I would go for BARTPE as it is very useful for all kinds of things.

BARTPE creates a Windows XP that runs from a CD, once you have created this and it is running oen up a command prompt and follow the instructions on the link in the previous post.

Regards
0
 
LVL 14

Expert Comment

by:igor-1965
ID: 22739554
LAPOTES - check out the folder C:\WINDOWS\system32\dllcache it must be a copy of userinit.exe there.
In console enter the command:
dir C:\WINDOWS\system32\dllcache\userinit.exe

If files exists, then just copy it:
COPY C:\WINDOWS\system32\dllcache\userinit.exe C:\WINDOWS\system32\userinit.exe

In case if file does not exist, follow the instructions posted by Brum07 - the article clearly states you will be able do it from Windows install CD 2K/XP console recovery.

To navigate between the folders use these commands:
"cd \" or "cd .." or "cd <folder name>"

Brum07 - thanks for the link!
0
 

Author Comment

by:LAPOTES
ID: 22739600
what is bartpe? how do i do that?
0
 

Author Comment

by:LAPOTES
ID: 22739750
ok. im on the c:\>
but when i type cd\system volume information it says the command is not recognized.
i use the command dir and i can see the name of the directory but as d--hs---
thank youuuu
0
 
LVL 14

Expert Comment

by:igor-1965
ID: 22739753
BartPE is the greates toll to build up the recovery CDs: http://www.nu2.nu/pebuilder/

Altrnetively, you might try Microsoft Diagnostics and Recovery Toolset (former ERD): http://www.microsoft.com/downloads/details.aspx?familyid=5D600369-0554-4595-8AB4-C34B2860E087&displaylang=en

But in your case it might be sufficient if you use Windows install CD 2K/XP console recovery.
0
 
LVL 14

Expert Comment

by:igor-1965
ID: 22739821
Try this: dir c:\windows\system32\dllcache\userinit.exe

If file exists: COPY C:\WINDOWS\system32\dllcache\userinit.exe C:\WINDOWS\system32\userinit.exe
0
 

Author Comment

by:LAPOTES
ID: 22739852
I tried that. THe file doesnt exist in dllcache...:(
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 
LVL 14

Expert Comment

by:igor-1965
ID: 22739909
OK, thanks for the clarification.
So let's back to the instructions posted by Brum07.
Try this:

cd\
cd "System Volume Information"

0
 

Author Comment

by:LAPOTES
ID: 22739996
got it. but when i type dir in "system volume information", there are only 4 files.and none of them is restore. and if i type cd _restore*, it says that the name is incorrect.
0
 
LVL 14

Expert Comment

by:igor-1965
ID: 22740078
Could you post the outcome of the command DIR when you run it in "system volume information"?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22740418
You said you can boot in safe mode, can you run Hijackthis and show us the log please?
Download Hijackthis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Paste the log in the "Code Snippet" or "Attach File" window.
 
0
 

Author Comment

by:LAPOTES
ID: 22744550
sorry...i just fell asleep.

the outcome is this:
10/11/05     12:31a     d--hs---     0  .
10/11/05     12:31a     d--hs---     0 ..
10/24/04     10:46a     -a-hs---     0 MountPointManagerRemotDatabase
16/11/04     01/58p     -a-ks---  20480 tracking.log
4 file (s) 20480 bytes
91171393536 bytes free

rpqgamergirl: I cant use the internet on the "ill" computer....

thanks :D

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22745897
>>> I cant use the internet on the "ill" computer....<<<
You would use another pc with online access(like the one you use to post here) to download the tool you need and put it in a flash drive and transfer it to the infected pc.

You can also try downloading and running Winsockfix and see if that helps with the connection problem.


0
 

Author Comment

by:LAPOTES
ID: 22746206
hey,
sorry it takes me so long, but I have a 5 months old baby that does his best to keep me busy :D

ok. here is the log file

thanks for your help and patience
hijackthis.log
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 22746756
Congrats on your 5 month old baby (they're such a cutie at that age) a bundle of joy, :)

Thanks for the log.
A vundo infection plus others are showing in your Hijackthis log, please run MalwareBytes(it also removes vundo, and Combofix afterwards if problem persists.
Download Malwarebytes' Anti-Malware to your desktop. check for Updates before scanning.
http://www.malwarebytes.org/mbam.php
 
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
0
 

Author Closing Comment

by:LAPOTES
ID: 31507082
Thanks alot for your help!!!!. Finally it worked. Now I guess Ill have to tell my husband to buy an update the antivirus.... thanks again :D
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22747546
You're welcome.
Glad to know it's now fixed.
The system was infected most likely due to your version of java (2re1.4.2_03) that's very vulnerable to vundo infection.
I suggest, updating to a later or latest version.

Updating Java:
Go to Start > Control Panel > Add/Remove programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
Select and click Remove.

Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp

Thanks!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now