St0ney
join:2001-02-25
uranus
1 edit | [Trojan] Cant even login to windows im running windows XP on my infected computer
Over the past few weeks, i been getting a number of warnings from Avast...every time i quarantined/moved the files and just forgot about it...
well today it happened again...so did the same ...moved it. then i noticed my desktop background got changed to one of those fake antispyware software pictures...u know the one that says to the effect" you computer has been infected...blah blah...please click here to remove/ download the latest antivirus software, etc...
it was just a background pic, so i thought ok let me rightclick--->properties---and lo an dbehold theres no change background tab! i only saw three tabs (i think themes, appearance, and settings tab)
weird, so i though restart would do it...
but after i restarted and clicked on the admin profile to login, it doesnt go to desktop ; it will say "loading settings..." then "logging off"
now i cant even get into my desktop.
also i cant do safeboot (F8 at bootup); i have dual boot with mandrake linux...
does anyone have any idea on how to fix this problem? is it a trojan?
i cant even do all the pre-clean steps outlined in this forum, cuz i cant get in to my dekstop or safemode | |
|
St0ney
join:2001-02-25
uranus | Re: [Trojan] Cant even login to windows no help? | |
|
 | |
| |
St0ney
join:2001-02-25
uranus | Re: [Trojan] Cant even login to windows yes i think i may have to boot to the last save registry? please move to ms help then | |
|
| | | 
lilhurricane
iPurple
Premium,Mod
join:2003-01-11
Purple Zone
clubs:  | Re: [Trojan] Cant even login to windows Ok, St0ney - buckle your seatbelt
Moving to MS Help | |
|
| | | |
| | | |
St0ney
join:2001-02-25
uranus
| Re: [Trojan] Cant even login to windows nothing happens as i continuously pound the F8 , at every phase of windows startup, from when it does mem check to detecting drives, to the dual boot menu, all the way to windows logon screen.
i'll have to try the floppy boots sometime later this evening.
I have a windows Xp cd , will that work? or will that just send me to the reformat/reinstall windows xp screen? | |
|
| | | | | 
DOStradamus
MVM
join:2003-11-04
Santa Rosa, CA
| Re: [Trojan] Cant even login to windows Am I right in assuming you're using GRUB/LiLo/etc. for your boot manager?
If so, is it installed into the MBR, or, into the Boot Record of the partition you have Linux installed into?
If installed into the Boot Record of your Linux partition, you can boot off your XP CD, load the Recovery Console, and use DISKPART to change the boot ("Active") partition to your XP one. At that point, you should be able to F8-> Safe Mode.
-NK | |
|
| | | | | 
Mickeyme
You might be right, but, I don't care
Premium
join:2008-09-05
Carson City, NV
| said by St0ney  :I have a windows Xp cd , will that work? or will that just send me to the reformat/reinstall windows xp screen? Seems at this point there is not much else to do but reformat.
If you can't get in even through F8 then I say your screwed.
I hope your not one of those people that keep all this stuff on the hard drive. | |
|
|
auggy
Premium,Mod
join:2001-12-24
Brockville, ON
 ·Cogeco Cable
 ·Bell Sympatico
Host:
Microsoft Help
| Re: [Trojan] Cant even login to windows said by St0ney :also i cant do safeboot (F8 at bootup); i have dual boot with mandrake linux... Why can you not do safeboot? What happens? | |
|
DOStradamus
MVM
join:2003-11-04
Santa Rosa, CA
| said by St0ney :also i cant do safeboot (F8 at bootup); i have dual boot with mandrake linux... Have a floppy drive on that system, or can you add one?
Have another computer running XP, 2k3, or 2K that also has a floppy drive?
If so, create a floppy that will enable you to boot to safe mode:
1. Format a floppy on that other system
2. Get to a command prompt on that other system
3. XCOPY/H C:\NTLDR A:
4. XCOPY/H C:\NTDETECT.COM A:
Only thing left, is to put a BOOT.INI file on that floppy:
Above is for XP installed on the first partition on the drive. Change as needed.
Don't forget to set the FLOPPY as the #1 boot device in BIOS Setup!
Good Luck!
-NK | |
|
MIXZ1
join:2001-01-02
Mexico
·Prodigy Infinitum
| Is it possible that you installed Windows AntiSpyware, which is really a hoax and hijacker? If you did do a google on "remove windows antispyware". One of the tools available is found at »www.spywareremovalblog.com/remov···are2008/ . Do a solid read of the page and you may be able to recover your system without a reformat. Good luck. | |
|
|
St0ney
join:2001-02-25
uranus
| Re: [Trojan] Cant even login to windows said by MIXZ1 :Is it possible that you installed Windows AntiSpyware, which is really a hoax and hijacker? If you did do a google on "remove windows antispyware". One of the tools available is found at » www.spywareremovalblog.com/remov···are2008/ . Do a solid read of the page and you may be able to recover your system without a reformat. Good luck. hmm i dl the program...spyware doctor...its not free.
it did detect backdoor.hackdoor
Trojan.small.dl
Trojan-dodwnloader.agent.sy
rogueantispyware.antivirusxp2008 | |
|
| | ChiTang
Premium,MVM
join:2002-08-23
Alhambra, CA | Re: [Trojan] Cant even login to windows If you deleted the userinit.exe, you have to copy it back. Either from another system or extract from the I386 folder.
--
I used to be indecisive, now I am not sure. | |
|
| | |
St0ney
join:2001-02-25
uranus
| Re: [Trojan] Cant even login to windows no i did not delete it, i just skipped the file...so it still needs to be repaired?
also could it be some virus /trojan changed the userinit file
then avast detected
and i may have possibley quarantined it (moved it to the chest)
and that is why i cant not login?
i searched googl, and some say to go to registry and point userinit to c:\windows\systme32\userinit.exe, | |
|
| | MIXZ1
join:2001-01-02
Mexico
·Prodigy Infinitum
| said by St0ney :said by MIXZ1 :Is it possible that you installed Windows AntiSpyware, which is really a hoax and hijacker? If you did do a google on "remove windows antispyware". One of the tools available is found at » www.spywareremovalblog.com/remov···are2008/ . Do a solid read of the page and you may be able to recover your system without a reformat. Good luck. hmm i dl the program...spyware doctor...its not free. it did detect backdoor.hackdoor Trojan.small.dl Trojan-dodwnloader.agent.sy rogueantispyware.antivirusxp2008 Well, is this the first diagnosis you've seen with these infections? If so, you can google each and try to find a manual method for deleting them one at a time, or gamble on paying for the download and letting it do the work it claims to do.
I have to add I have nothing to do with the company selling the software.
Good luck. | |
|
Razzy
join:2002-10-29
1 edit | If you're logging in and immediately log back out back to login screen, see if userinit.exe exist in C:\Windows\system32. If it's there, you may need to do an offline registry edit, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and find Userinit key. If it doesn't exist, make one. It should have "C:\Windows\system32\userinit.exe," (without the quote and WITH the comma at the end).
To do all that, you'll need a BartPE CD or ERD or hook the HD up to another computer. Recovery console may work but you'll need to know a few commands - and I don't remember atm as I don't use it.
Also, a Windows repair install may work.
Good luck.
EDIT: I just noticed you said you have mandrake dual boot, could boot to that and see if userinit.exe file is on the Windows parition. | |
|
ChiTang
Premium,MVM
join:2002-08-23
Alhambra, CA
| When desktop try to logon, fail and subsequently logs out. Either userinit.exe and/or winlogon.exe fail to load or missing or corrupted or infected.
To go into safe mode:
Reboot computer, at LILI/GRUB boot menu, choose windows, right after choosing windows to boot, keep tapping the F8 key will bring up the boot menu of XP.
It does sounds like you got infected with the fake AntiVirus200x malware. By changing the desktop and remove the default.htm at c:\windows, it will reload itself in a very short time. That malware is very solid. I wish they use thwir energy to help MS to build more solid OS. 
--
I used to be indecisive, now I am not sure. | |
|
|
Mickeyme
You might be right, but, I don't care
Premium
join:2008-09-05
Carson City, NV
1 edit | Re: [Trojan] Cant even login to windows said by ChiTang :To go into safe mode: He can't get into Safe Mode!
said by St0ney :i cant even do all the pre-clean steps outlined in this forum, cuz i cant get in to my dekstop or safemode | |
|
| | ChiTang
Premium,MVM
join:2002-08-23
Alhambra, CA
| Re: [Trojan] Cant even login to windows also i cant do safeboot (F8 at bootup); i have dual boot with mandrake linux...
I interpret it as OP does not know how to get to windows boot menu for safemode cos of the dual boot.
--
I used to be indecisive, now I am not sure. | |
|
| | |
St0ney
join:2001-02-25
uranus
2 edits | Re: [Trojan] Cant even login to windows omg omg i got into safemode menu...i guess i was not pounding f8 fast enough after dual boot screen...what a noob i am
please no reformat please no reformat. oh god please | |
|
| | | |
St0ney
join:2001-02-25
uranus | Re: [Trojan] Cant even login to windows alrighty i am in safe mode, disconnected from network...
goign to run adware, spybot, etc... | |
|
| | | | |
St0ney
join:2001-02-25
uranus | Re: [Trojan] Cant even login to windows ok i running AVASt AV...says userinit.exe infected.
should i delete it? | |
|
| | | | | |
DOStradamus
MVM
join:2003-11-04
Santa Rosa, CA
| Re: [Trojan] Cant even login to windows That is a very wise question to ask. I've seen too many "false positives" from A/V software..
userinit.exe resides in \Windows\System32. Is hafast giving that dir as the location of the file? If not KILL IT.
If so, look at userenv.dll, for example. Do they have the same Date/Time?
4/14/2008 5:42AM 26 KB is the userinit.exe I have in my XP installation.
WHILE YOU'RE AT IT:
CLEAN OUT YOUR "TEMP" DIRECTORIES. It is a favorite "home" for malware ..exe's to launch from.
Run REGEDIT, and clean out:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
-NK | |
|
ravencajun
Premium
join:2004-08-12
Houston, TX
| the best programs currently cleaning out the antivirus xp are malwarebytes and superantispyware both are free try those and see if they help you.
»www.superantispyware.com/
»www.malwarebytes.org/
you can post in the security cleanup area for help from that point.
If you have linux on the other partition you could save your windows data using linux at least before a reformat if it comes to that. | |
|
|
St0ney
join:2001-02-25
uranus | Re: [Trojan] Cant even login to windows spybot detected
haxdoor.h
effectivebandtoolbar
smitfraud.c
spysheriff | |
|
Mickeyme
You might be right, but, I don't care
Premium
join:2008-09-05
Carson City, NV | Now just think you could have done a reformat by now. | |
|
| ChiTang
Premium,MVM
join:2002-08-23
Alhambra, CA
| Re: [Trojan] Cant even login to windows said by Mickeyme :Now just think you could have done a reformat by now. While reformat/reinstall is a guaranteed solution, how does one determine if reformat/reinstall is a faster approach? I bet you don't have an answer either.
It is always 20/20 after the fact.
--
I used to be indecisive, now I am not sure. | |
|
Mickeyme
You might be right, but, I don't care
Premium
join:2008-09-05
Carson City, NV | He has been doing this for 3 days now!
 | |
|
| ChiTang
Premium,MVM
join:2002-08-23
Alhambra, CA
| Re: [Trojan] Cant even login to windows said by Mickeyme :He has been doing this for 3 days now! It is still after the fact. How did you know it would have been quicker to reformat/reinstall 3 days ago.
--
I used to be indecisive, now I am not sure. | |
|
Mickeyme
You might be right, but, I don't care
Premium
join:2008-09-05
Carson City, NV
| I gotten a lot of viruses in my time.
I have found when you get so many that you can't login, it's time!
About 15 minutes of trying and in goes the windows cd.
I finally broke down and bought Acronis so hopefully I have no problems if it happens again.
And my first post, as soon as I seen this post, I said to do it.
I understand you guys/gals what to find a way around a problem, but | |
|
| ChiTang
Premium,MVM
join:2002-08-23
Alhambra, CA
1 edit | Re: [Trojan] Cant even login to windows said by Mickeyme :I gotten a lot of viruses in my time. Viruses can be healed or cleaned.
said by Mickeyme :I have found when you get so many that you can't login, it's time! Only if userinit.exe and winlogon.exe is/are infected and they can be fixed without a reformat/reinstall.
said by Mickeyme :About 15 minutes of trying and in goes the windows cd. I finally broke down and bought Acronis so hopefully I have no problems if it happens again. I didn't find "15 minutes" and/or "acronis" in OP's post, are you seeing things?
said by Mickeyme :And my first post, as soon as I seen this post, I said to do it. You are jumping into your own conclusion.
said by Mickeyme :I understand you guys/gals what to find a way around a problem, but That is the idea of troubleshooting.
!
May be you can come up with a reformat/reinstall FAQ and make it a sticky thread. It will solve all software problem and no more discusion is needed.
A solution for all problems, you are a genious.
The smiley is not smiling, it is laughing.
--
I used to be indecisive, now I am not sure. | |
|
|
DOStradamus
MVM
join:2003-11-04
Santa Rosa, CA | There's a virus that, when loaded, fools the system into thinking WINLOGON is dependant on it... You fix that one, by booting the Recovery Console (off of the Windows CD), and deleting the offender.
-NK | |
|
Mickeyme
You might be right, but, I don't care
Premium
join:2008-09-05
Carson City, NV
1 edit | genious
??
How far do you have to go before realizing there is nothing you can do? | |
|
| ChiTang
Premium,MVM
join:2002-08-23
Alhambra, CA
| Re: [Trojan] Cant even login to windows said by Mickeyme :How far do you have to go before realizing there is nothing you can do? For people who does not know how to fix things, I would say 2 minutes after turning on the PC and realise OS does not load.
I am sure you jump to that concludion very quickly.
--
I used to be indecisive, now I am not sure. | |
|
Razzy
join:2002-10-29 | *scratches* head, he was able to log in safe mode? | |
|
|
|
| (topic locked) |
|
·