AVG Crash and Burn loop

Discussion in 'Software' started by pussum, Dec 7, 2006.

  1. pussum

    pussum Private E-2

    http://www.adwarereport.com/mt/arch...medium=ppc&utm_term=flooder ake&utm_content=1

    Ok, so yesterday my avg does a scan and picks up a "trojan" and deletes it. Well my PC starts a loop of nothing but rebooting. Long story short I reformatted my PC. My boss had her scan done and it found the same thing. Me thinking we had some sort of network virus did a little research and came up with that site. My question is, sadly, she has already deleted the "trojan" thus deleting her winlogon.exe. We know that if she reboots she will start looping and we don't have a MS disk with her serial # what can we do? Is it to late to follow those directions?

    Thanks in advance!
     
    pussum, Dec 7, 2006
    #1
  2. pussum

    pussum Private E-2

    Just as an afterthought here. We have multiple copies of xp pro laying around. Sadly all of them have been installed on PC's already. My question is, can I do a repair from one of the cd's onto her computer to try to put the .exe file back into her system or will it not work due to the fact that the key on her computer is different than the key for the CD?
     
    pussum, Dec 7, 2006
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Login logout loop
    Enter the Recovery Console

    Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)

    Type the following command and press Enter.

    CD SYSTEM32
    (If that does not work, try CHDIR SYSTEM32)

    COPY USERINIT.EXE WSAUPDATER.EXE

    Quit Recovery Console by typing EXIT and restart Windows.

    You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

    Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.

    Click Start, Run and type REGEDIT. Navigate to:

    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ WindowsNT \ CurrentVersion \ Winlogon

    In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\userinit.exe,"

    Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately if Windows is installed in a different drive.

    Close Registry Editor and restart Windows. The Quick Launch settings should be retained now.
     
    TimW, Dec 7, 2006
    #3
  4. pussum

    pussum Private E-2

    Thanks Tim! I did it this way for one computer, but I figured out something else that works as well. Thanks you.
     
    pussum, Dec 8, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds