userinit.exe problem

Jersey47 · May 27, 2008

Hey guys,

let me just start by saying I realise there are other threads on this issue or similar issues but I have been unable to solve my problem with the advice given on those threads.

Ok so I believe I must have quarantined the file as it was infected by the trojandownloader.xs trojan and now when I log onto windows it states that Im missing the file and as such nothing else appears on the desktop.

So far I've tried using the xp cd (pro) and going through the recovery process typing in the following lines;

D:
CD: i386
Expand userinit.ex_C:\Windows\System32

However once i hit enter after the last line it says access denied.

I'm at wits end and any help would be really appreciated.

chaslang · May 29, 2008

Welcome to Major Geeks!

Note: trojandownloader.xs does not infect the userinit.exe file.

First please look to see if your C:\Windows\system32\userinit.exe file already still exists. If you are able to actually login to Windows (even if you do not have a Desktop) then your userinit.exe file is not missing. You have just been bitten by the things that a Vundo infection can cause. You may be able to get your Desktop to appear by running explorer.exe from Task Manager.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

Jersey47 · May 29, 2008

Thanks for the welcome and the reply!!

At the moment once I log into windows a box comes up with a message saying my userinit.exe file is unable to initalise and as such I am able to do nothing from that blank screen (Task manager doesn't appear when cntrl alt dlt) so haven't been able to do anything from the read me malware guide.

chaslang · May 29, 2008

Okay then boot into the Recovery Console again and then run the below commands in the order given. Do not change to the D drive!

cd system32
copy d:\i386\userinit.ex_
expand userinit.ex_ userinit.exe
exit

After the exit your PC should reboot. Take out the CD and try to boot into normal Windows.
Any luck?

Jersey47 · May 30, 2008

hmmmm when I try to type in the following command copy D:\i386\userinit.ex it says the system cannot find the secified file.

chaslang · May 30, 2008

It is not userinit.ex it is userinit.ex_

The underscore is part of the file name. Also I assumed that D is your CD drive since that is what you gave in your first message.

Jersey47 · Jun 6, 2008

Sorry about the time between replies, ok I was able to copy the file when I added the _ to the file name, however I am then unable to do the next command, it says it is unable to find the specified file I believe.

Oh and yes my drive is D.

chaslang · Jun 6, 2008

First you must give us exact word for word error message or it is difficult to help you.

You have to be in the system32 folder on your hard disk to expand the file just copied to it. You must run the commands exactly as written and in the order written. Make sure that the userint.ex_ file is actually on your harddisk in the system32 folder by doing a dir userinit.* command to list all file beginning with userinit

Log in or Sign up

userinit.exe problem

Jersey47 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Jersey47 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Jersey47 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Jersey47 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member