Computer wont boot to a functional desktop

Discussion in 'Malware Help (A Specialist Will Reply)' started by ormski, Jul 11, 2007.

  1. ormski

    ormski Private E-2

    My mate is having a problem with his pc. He recently got broadband installed and has Mcafee installed but not up to date. I went round to help him the other day and his pc will boot to the welcome screen, but before you click on his username, a box pops up from Mcafee saying Mcafee Activeshield has found a suspect file on your computer. We recommend you scan your pc etc etc. Everytime you press ok, it pops up again everytime. If you click his username the desktop eventually loads but very slowly, and all you get is the wallpaper, no icons or taskbar. The warnings from Mcafee keep popping up everytime you press ok. Nothing works on the desktop. If you press ctrl, alt, delete for the task manager, it eventually appears after about a minute. CPU activity is 100% all the time. On the processes tab, there is a file called userinit.exe which appears maybe a few hundred times sometimes! Obviously this is causing the cpu to run at 100% so nothing else can be done. Have tried loading a cd but nothing happens. Any ideas before we resort to a new install!! I am pretty sure he doesn't have his xp cd anymore either! If you boot to safe mode, you just get the safe mode screen but no taskbar.
    He has Windows XP Home edition, Service pack 1.
     
    ormski, Jul 11, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Does the PC boot okay in safe mode?

    I suggest you uninstall McAfee right now since it seems to be making things more difficult/slower. Then I suggest you run the below two tools and attach the logs here. See: HOW TO: Attach Items To Your Post


    Run this Virtumonde aka Trojan Vundo Removal and do not attach the requested log right away. Run it multiple times until it comes up clean and then attach the final log.


    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it will produce a log ( c:\combofix.txt ) for you. Attach this log to your next
      reply
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.
     
    chaslang, Jul 11, 2007
    #2
  3. ormski

    ormski Private E-2

    the pc boots ok in safe mode with no popups but its just the safe mode blank screen with no taskbar. Can I run the two tasks in safe mode as nothing seems to work in normal mode as the cpu is taking up all the resources.
     
    ormski, Jul 11, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes you can run them in safe mode.

    Which process is showing up as using all of the CPU?
    Have you uninstalled McAfee? If may help reduce the overload since it may be getting overloaded due to trying to fight the malware. Sometimes it is necessary to remove a security application or two just to help you get started on real fixes. Obviously McAfee is not stopping nor is it helping anyway.
     
    chaslang, Jul 11, 2007
    #4
  5. ormski

    ormski Private E-2

    The process thats using up all the resources is userinit.exe . It appears over a hundred times in the processes window, sometimes as much as 400 times which is obviously taking all the resources and not allowing me to do anything. Uninstalling Mcafee might be a problem as the cpu is pre-occupied with all the other activity and not letting me do anything. The only way i can see is by opening the task manager and going File, New Task (run) and browsing to the Mcafee install folder and seeing if there is an uninstall program there, and try to run it. Unless there is another way to uninstall it. I will be going over probably tomorrow to tackle the problem again on his pc.
     
    ormski, Jul 12, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    userinit.exe is a require Windows process if running from C:\windows\system32\userinit.exe but Windows Task Manager will not tell you where it is running from. However it should only run during startup and login and it should only be running once. Without userinit.exe, you would not even be able to login to the PC at all.

    You may be better off trying to run in safe mode and running things via Task Manager. You should first just trying running explorer.exe to see if you can get a Start button and Desktop. Running appwiz.cpl from Task Manager should bring up Add/Remove programs from which you could try uninstalling McAfee.
     
    chaslang, Jul 12, 2007
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds