Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

.... WTH

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

.... WTH

Unread postby Shay » August 18th, 2005, 9:54 pm

I have gotten rid of Aurora, I have Adaware and do a scan everytime I reboot, still nothing...
I go to add/remove programs, remove the crap, and they show up every reboot!!!

Here's my log
------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:58:55 PM, on 8/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\MSLSA32.exe
C:\windows\sp2update.exe
C:\WINDOWS\System32\msnsmgs.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\MSLSA32.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\lsa.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\mousebm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\msgic32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\JENKINS LAWN CARE\c4t.exe
C:\Documents and Settings\JENKINS LAWN CARE\lc.exe
C:\Documents and Settings\JENKINS LAWN CARE\lc.exe
C:\Documents and Settings\JENKINS LAWN CARE\lc2.exe
C:\Documents and Settings\JENKINS LAWN CARE\ysb2.exe
C:\Documents and Settings\JENKINS LAWN CARE\ysb.exe
C:\Documents and Settings\JENKINS LAWN CARE\ysb.exe
C:\Documents and Settings\JENKINS LAWN CARE\ysb2.exe
C:\Documents and Settings\JENKINS LAWN CARE\top2.exe
C:\Documents and Settings\JENKINS LAWN CARE\top.exe
C:\Documents and Settings\JENKINS LAWN CARE\c4t2.exe
C:\Documents and Settings\JENKINS LAWN CARE\lc2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\JENKINS LAWN CARE\top2.exe
C:\Documents and Settings\JENKINS LAWN CARE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft LSA layer] MSLSA32.exe
O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update.exe
O4 - HKLM\..\Run: [Windows Messenger] msnsmgs.exe
O4 - HKLM\..\Run: [mljrak6i] C:\WINDOWS\System32\mljrak6i.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [xmp] C:\WINDOWS\xmp.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Microsoft LSA layer] MSLSA32.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msnsmgs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft LSA layer] MSLSA32.exe
O4 - HKCU\..\Run: [Windows Messenger] msnsmgs.exe
O4 - HKCU\..\RunServices: [Windows Messenger] msnsmgs.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media ... e-c267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DC077BD-70CF-4ACB-9902-E26D14BEB296}: NameServer = 205.152.37.23 205.152.144.23
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: lsa driver service (lsaDriver) - Unknown owner - C:\WINDOWS\lsa.exe
O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINDOWS\System32\mousebm.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

-----------------------

What can I Do?
I get about 10 pop-ups everytime I connect to the net... and after a reboot I run adaware even if I ran it right before i rebooted, and bam, 300 new infected files.
Shay
Regular Member
 
Posts: 15
Joined: August 18th, 2005, 9:51 pm
Advertisement
Register to Remove

Unread postby Mat2 » August 19th, 2005, 6:58 am

Hi & Welcome to MWR

I would be glad to help you with your computer problems.
HijackThis logs take awhile to research. Please be patient with me. I know that you want your problems solved quicky, and I will work hard to help you.

Please observe these rules while we work:

1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.

If you can do those two things, everything should go smoothly
User avatar
Mat2
Retired Graduate
 
Posts: 1003
Joined: May 29th, 2005, 4:41 am
Location: Behind The Server

Unread postby Mat2 » August 19th, 2005, 10:34 am

Hi there, and welcome to the forums! :hello2:

You may want to print out these instructions or save them as a text file with Notepad to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Read this instructions carefully and feel free to ask if you're unsure about something

You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder

Please download LQFix. Extract the files to a folder. Don't run it yet.
Also download FxIstbar. Do NOT run it yet

Boot into Safe Mode.

1. Restart your computer. As your computer restarts, repeatedly press the F8 key on your keyboard until the Windows Advanced Options menu appears.
2. Use the arrow key to select Safe Mode, and then press ENTER.
3. Use an arrow key to select an operating system and press ENTER.
4. When prompted whether you want your Windows to run in safe mode, click Yes.

Double click on FxIstbar.exe, follow onsreen instructions

Double click LQFix.bat. A DOS window should open and close, this is normal. Once done, reboot Windows.

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

Press Control-Alt-Del to enter the Task Manager.

Click on the Processes tab and end the following processes (if Present):

C:\windows\sp2update.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\WINDOWS\lsa.exe


Exit the Task Manager when finished.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update.exe
O4 - HKLM\..\Run: [Windows Messenger] msnsmgs.exe
O4 - HKLM\..\Run: [mljrak6i] C:\WINDOWS\System32\mljrak6i.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [xmp] C:\WINDOWS\xmp.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msnsmgs.exe
O4 - HKCU\..\Run: [Windows Messenger] msnsmgs.exe
O4 - HKCU\..\RunServices: [Windows Messenger] msnsmgs.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media ... e-c267.cab
O23 - Service: lsa driver service (lsaDriver) - Unknown owner - C:\WINDOWS\lsa.exe


Click on Fix Checked when finished and exit HijackThis.

Using Windows Explorer, locate the following files/folders, and delete them (if Present) :

C:\windows\sp2update.exe
C:\WINDOWS\etb
C:\WINDOWS\lsa.exe
C:\WINDOWS\msresearch.exe
C:\Program Files\ISTsvc


Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we will take another look.
User avatar
Mat2
Retired Graduate
 
Posts: 1003
Joined: May 29th, 2005, 4:41 am
Location: Behind The Server

Unread postby Shay » August 19th, 2005, 1:31 pm

thanks, i will try this and post a HJT log after done!
Shay
Regular Member
 
Posts: 15
Joined: August 18th, 2005, 9:51 pm

Unread postby Shay » August 19th, 2005, 2:00 pm

Ok I did what you said:
Heres the HJT log:
---------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:58:30 PM, on 8/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\MSLSA32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\shs1.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\MSLSA32.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\lsa.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\JENKINS LAWN CARE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft LSA layer] MSLSA32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wupdate32] C:\shs1.exe
O4 - HKLM\..\RunServices: [Microsoft LSA layer] MSLSA32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft LSA layer] MSLSA32.exe
O4 - HKCU\..\RunServices: [Windows Messenger] msnsmgs.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media ... e-c267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DC077BD-70CF-4ACB-9902-E26D14BEB296}: NameServer = 205.152.37.23 205.152.144.23
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: lsa driver service (lsaDriver) - Unknown owner - C:\WINDOWS\lsa.exe
O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINDOWS\System32\mousebm.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

------------------------------------

When I restarted this time I didn't get the barrage of 10 pop-ups as soon as I connected. So obviously it fixed a lot so far! How clean am I now, and thanks so far! I really appreciate it
Shay
Regular Member
 
Posts: 15
Joined: August 18th, 2005, 9:51 pm

Unread postby Mat2 » August 19th, 2005, 2:42 pm

Hi Shay

Thanks for the log, i will go over it and report back shortly
User avatar
Mat2
Retired Graduate
 
Posts: 1003
Joined: May 29th, 2005, 4:41 am
Location: Behind The Server

Unread postby Mat2 » August 19th, 2005, 2:58 pm

Hi there, and welcome to the forums!

First thing you need to is restart windows into safe mode as follow:

Click Start.

Select Shutdown.

Select Restart and click OK.

During restart, hold down the F8 key on your keyboard until the Windows Startup menu appears.

If your PC starts beeping then release the key for a few seconds before holding it down again.

Select Safe Mode from the Startup menu, and press the Enter button on your keyboard.

Windows should start in Safe Mode. If Windows doesn't restart in Safe Mode then please try again.

… start
… control panel
… add/remove programs

Find and remove these programs (if they are present)

windupdates

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O4 - HKCU\..\RunServices: [Windows Messenger] msnsmgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media ... e-c267.cab
O23 - Service: lsa driver service (lsaDriver) - Unknown owner - C:\WINDOWS\lsa.exe


Click on Fix Checked when finished and exit HijackThis.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\lsa.exe
userinit.exe
xpjava.exe


Exit Explorer, and reboot as normal afterwards.

If you were unable to find any of the files then please follow these additional instructions:

Download Pocket Killbox and unzip it; save it to your Desktop.

Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

Let the system reboot.

Post back a fresh HijackThis log and we will take another look.
User avatar
Mat2
Retired Graduate
 
Posts: 1003
Joined: May 29th, 2005, 4:41 am
Location: Behind The Server

Unread postby Shay » August 19th, 2005, 5:38 pm

uh oh...
Did what you said, got to the part of using explorer and removing those 3 files...

None of the 3 files were in c:\windows
however i found 2 userinit's in different folders and deleted them...

the other 2 files i couldnt find on the comp, so i just restarted.

i rebooted and my comp is now stuck on the screen where ur desktop icons are suppose to be but its not loading up any further than that.

im using my laptop at the moment. :?
Shay
Regular Member
 
Posts: 15
Joined: August 18th, 2005, 9:51 pm

Unread postby Mat2 » August 19th, 2005, 5:49 pm

Hi

Sorry :oops:

Can you boot into safe mode?

if so , goto Start, all programs, accessories,system tools, system restore

select Restore my computer to an earlier time


See if that gets things up and running

or

During restart, hold down the F8 key on your keyboard until the Windows Startup menu appears.

If your PC starts beeping then release the key for a few seconds before holding it down again.

Select Last Known Good Configuration from the Startup menu, and press the Enter button on your keyboard.

Let's see if these help
User avatar
Mat2
Retired Graduate
 
Posts: 1003
Joined: May 29th, 2005, 4:41 am
Location: Behind The Server

Unread postby Shay » August 19th, 2005, 6:18 pm

neither worked.
safe mode just takes me to the black screen where it says safe mode on all 4 corners.

the last known good config takes me to the desktop with no iocns.
Shay
Regular Member
 
Posts: 15
Joined: August 18th, 2005, 9:51 pm

Unread postby Mat2 » August 19th, 2005, 6:22 pm

Have you got a Windows Xp disk or is a recovery disk.
User avatar
Mat2
Retired Graduate
 
Posts: 1003
Joined: May 29th, 2005, 4:41 am
Location: Behind The Server

Unread postby Shay » August 19th, 2005, 6:25 pm

Mat2 wrote:Have you got a Windows Xp disk or is a recovery disk.


i have an xp disk.

it says only use this cd to reinstall the os on a dell comp. this cd is not for reinstallation of programs or drivers
Shay
Regular Member
 
Posts: 15
Joined: August 18th, 2005, 9:51 pm

Unread postby Mat2 » August 19th, 2005, 6:42 pm

Hi

Sorry for delay, You will need to repair Windows xp as follows:

Insert your Windows XP into CDrom, when the computer restarts when prompted Press any key

Then press Enter to setup windows xp

Agree License by press F8

Now select the copy of windows then press R, this will start the repair process

All this will do is reinstall Xp and it will leave your programs etc intact.

If any non approved drivers are found just press YES
User avatar
Mat2
Retired Graduate
 
Posts: 1003
Joined: May 29th, 2005, 4:41 am
Location: Behind The Server

Unread postby Shay » August 19th, 2005, 7:08 pm

i put the disk in, and reboot, but im not prompted anything, the comp just wants to reboot back to the desktop screen, its not giving me any options for reinstalling.
Shay
Regular Member
 
Posts: 15
Joined: August 18th, 2005, 9:51 pm

Unread postby Mat2 » August 20th, 2005, 7:05 am

Hi

I apologies for my mistake. :(

1. Restart your computer. As your computer restarts, repeatedly press the F8 key on your keyboard until the Windows Advanced Options menu appears.
2. Use the arrow key to select Safe Mode with Command Prompt, and then press ENTER.
3. Use an arrow key to select an operating system and press ENTER.
4. When prompted whether you want your Windows to run in safe mode, click Yes.

There is a copy of userinit.exe in C:\windows\servicepackfiles\i386 folder.
copy it in to c:\windows\system32.

Type :

Copy C:\windows\servicepackfiles\i386 folder\userinit.exe c:\windows\system32

Also please can you tell me the make and model of your computer, so i can find out how to change the boot sequence. So you can boot from CD.
User avatar
Mat2
Retired Graduate
 
Posts: 1003
Joined: May 29th, 2005, 4:41 am
Location: Behind The Server
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: mAL_rEm018 and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware