Re: Logon problem after removing spyware

From: JoeW (anonymous_at_discussions.microsoft.com)
Date: 09/28/04 

Date: Tue, 28 Sep 2004 09:45:35 -0700

Michael has some real good cures here. One problem may
occur though: you cannot get access to the registry editor
anymore. In that case, you are toast! Have not been able
to recover from that.
>-----Original Message-----
>>From MVP Rick Rogers:
>
> Did you run a spyware removal program lately? The
userinit value may have
>been corrupted by the removal of blazefind. It adds
wsaupdater.exe to the
>logon value in the system registry, sometimes appending
it, sometimes
>replacing it. Running Adaware or other cleaners detects
and removes
>wsaupdater.exe, but doesn't correct the registry damage.
If this is the
>case, then you may need to load the registry hive from
another installation
>and change it. This is the key:
>
>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon
>
>Userinit string value should be:
>
>C:\WINDOWS\system32\userinit.exe,
>
>On the damaged installations it's one of these:
>
>C:\WINDOWS\system32\wsaupdater.exe,
>C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32
\wsaupdater.exe,
>
>Another "quickie" method of resolution is to load the
Recovery Console (see
>below), copy userinit.exe as wsaupdater.exe from the
command prompt, then
>restart normally. Once in, go and change the registry
value back to what
>it's supposed to be and delete the copied file.
>
>HOW TO: Install and Use the Recovery Console in Windows
XP [Q307654]
>http://support.microsoft.com/?kbid=307654
>
>This can also be done by using the 6 disk boot floppy set
mentioned in the
>above article, as it loads enough of the Recovery Console
so that you can
>copy the file. This is particularly useful if you have an
OEM installation
>that includes only a Restore CD, or no disk at all.
>
>You could also try a Repair Install instead of the above
as follows:
>NOTE, while a repair install should leave your data files
intact, if
>something goes wrong during the repair install, you may
be forced to start
>over and do a clean install of XP. If you don't have
your data backed up,
>you would lose your data should that eventuality occur.
>
>Assuming your system is set to boot from the CD-ROM drive
and you have an
>actual XP CD as opposed to a recovery CD, boot with the XP
>CD in the drive and perform a repair install as outlined
below. If the
>system isn't set to boot from the CD or you are not sure,
you need to enter
>the system's BIOS. When you boot the system, the first
screen usually has
>instructions that if you wish to enter set press a
specific key, when you
>see that, do so. Then you will have to navigate to the
boot sequence, if
>the CD-ROM drive is not first line, set it first in the
boot sequence. Save
>your settings and exit with the XP CD in the drive. The
system will reboot.
>
>When the system boots, a few screens into the process you
may see a message
>instructing you
>to hit any key in order to boot from the CD along with a
countdown. When
>you see this be sure to
>hit a key on the keyboard, if you miss this instruction
and the system fails
>to boot from the CD, it's too
>late, you'll need to reboot and try again.
>
>Once you have pressed a key, setup should begin. You
will see a reference
>asking if you need to load special drivers and another
notice that if you
>wish to begin the ASR (Automatic Recovery Console)
depress F2. Just let
>setup run past all of that. It will continue to load
files and drivers.
>
>Then it will bring you to a screen. Eventually, you will
come to a screen
>with the option to (1) setup Windows or (2) Repair
Windows Installation
>using the Recovery console. ***The selection you want
at this screen is
>"Setup Windows,"
>NOT "Repair Windows Installation.
>
>The first option, to setup Windows is the one you want
and requires you to
>press enter. When asked, press F8 to accept the end user
agreement. Setup
>will then search for previous versions of Windows. Upon
finding your
>version, it will ask if you wish to Repair your current
installation or
>install fresh. Press R, that will run a repair
installation. From there
>on, follow the screens.
>
>Note, in some cases, you won't receive the repair option,
only an option to
>reinstall. We have discovered that sometimes this is
caused by damaged
>boot.ini file that can be repaired as follows and also
note, in the
>instructions, "K" refers to the CD drive in which you
have placed the XP CD,
>replace that drive letter with the appropriate letter on
your system, "K" is
>simply an example.
>
>Reboot, this time taking the immediate R option (this is
the section I told
>you to skip above. In this case, you will need to get to
the Recovery
>Console to perform the function below), and if the CD
letter is say K: give
>these commands
>
>COPY K:\i386\ntldr C:
>COPY K:\i386\ntdetect.com C:
> (two other files needed - just in case)
>ATTRIB -H -R -S C:\boot.ini
>DEL C:\boot.ini
>BootCfg /Rebuild
>
>Once you've completed this function, reboot and see if
you can access XP as
>sometimes, the problem is the damaged boot.ini. If you
still cannot access
>XP, then reboot and re-run the repair install
instructions at the beginning
>of this message.
>
>If you only have a recovery CD, your options are quite
limited. You can
>either purchase a retail version of XP which will allow
you to perform the
>above
>among other tools and options it has or you can run your
system recovery
>routine with the Recovery CD which will likely wipe your
drive, deleting all
>files but will restore your setup to factory fresh
condition.
>
>
>--
>Michael Solomon MS-MVP
>Windows Shell/User
>Backup is a PC User's Best Friend
>DTS-L.Org: http://www.dts-l.org/
>
>"Bob H." <anonymous@discussions.microsoft.com> wrote in
message
>news:39b101c4a4aa$3ef844b0$a401280a@phx.gbl...
>> Removed Blazefind last night and am experiencing same
>> problem as Joan and Mark. Is recovery console only way
>> back in? Is there a way to bypass logon?
>
>
>.
>

Relevant Pages

  • Re: Adminstrator Password
    ... >>That said, if you are trying to do a repair install, ... >>Assuming your system is set to boot from the CD-ROM ... >>actual XP CD as opposed to a recovery CD, ... >>CD in the drive and perform a repair install as outlined ...
    (microsoft.public.windowsxp.accessibility)
  • Re: XP HOME BOOT FAILURE
    ... Boot the system, start tapping F8, when the menu appears, select ... download install and run the application: ... A repair install should bypass that but it will ... >> on, follow the screens. ...
    (microsoft.public.windowsxp.accessibility)
  • Re: "My Computer" system folder freezes
    ... You must have gone to the Recovery Console which is the first "R" selection ... The repair install is later. ... actual XP CD as opposed to a recovery CD, boot with the XP ... Once you have pressed a key, setup should begin. ...
    (microsoft.public.windowsxp.basics)
  • Re: WINDOWS XP WONT BOOT
    ... you can to a repair install but you cannot do it ... Now, if a retail disk doesn't work, you could install XP to a different ... When I rebooted, it told me to hit> any key to start CD ROM boot and then it went back into> the same old screen as I originally described. ... The disc I was using> was the Windows XP disc that came with my Dell but since I> bought it, the hard drive had to be changed and I now have ...
    (microsoft.public.windowsxp.accessibility)
  • Re: Windows Boot Problem
    ... provides more recovery options without having to face losing all your data ... install fails (You don't likely even have a repair install option with your ... >> with the option to setup Windows or Repair Windows Installation ...
    (microsoft.public.windowsxp.basics)
Quantcast