Userinit.exe

Discussion in 'Software Q&A' started by Ishan, Sep 11, 2009.

Thread Status:
Not open for further replies.
  1. Ishan

    Ishan New Member

    Joined:
    Jun 12, 2005
    Messages:
    366
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Bharuch,Gujarat,India
    Hey i had a virus in my laptop which wasn't showing in task manager but i caught it through hijack this scan.
    It showed me an entry after a ';' in userinit.exe entry.
    I fixed it through hijack this.. But it was temporary as after every logon the same entry repeated with a different file name.
    So i backed up the whole registry.. Searched for userinit.exe entry in it and deleted it.
    Now when i start windows and click on my user name on welcome screen it shows me "loading your personal settings" and then immediately shows "logging off". This happened because i deleted the user login process file.
    Now i can't restore the registry from any windows mode as for that login is required.
    I have another windows xp installed in other drive also coz i use two different windows xp installations.
    Now please help!
     
  2. hell_storm2006

    hell_storm2006 New Member

    Joined:
    Aug 25, 2008
    Messages:
    587
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Kolkata, Nagpur, Pune
    Well my friend, i think you made a mistake in identifying the virus. What you deleted was not a virus but a very important Windows file which manages all the log-on, booting process and manages all the process flow that Windows needs to perform before you get to the main desktop. You deleted that, and now Windows doesn't know what to do when it tries to log-on! Its a blind man without sticks! :razz:

    Suggest you try to do a repair. Or a new installation!
     
  3. di9it

    di9it thinking di9it'al

    Joined:
    Feb 21, 2009
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    0
    How did u take the backup of ur registry? Manually or using some software..?
     
  4. OP
    OP
    Ishan

    Ishan New Member

    Joined:
    Jun 12, 2005
    Messages:
    366
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Bharuch,Gujarat,India
    manually yaar! just exported whole registry! Please help! Any Solution to restore the registry from another XP OS installed?
     
  5. vandit

    vandit New Member

    Joined:
    May 31, 2005
    Messages:
    458
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    If I had a webcam u could have seen me, before you
    Abe Ishan , just export the keys which has userinit.exe (the ones you deleted) from the other win XP installation . Open safe mode with cmd prompt and import it from there. (The userinit.exe does not run in the safe mode with cmd prompt mode till you explicitly open explorer.exe , I think.) and it is not a Virus. That's for sure.
     
  6. hell_storm2006

    hell_storm2006 New Member

    Joined:
    Aug 25, 2008
    Messages:
    587
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Kolkata, Nagpur, Pune
    It may give rise to instability the first time you boot your PC coz the userinit registry entry would have all the entries of the other PC. So give it a try and lets see where you end up!
     
  7. v-6mata

    v-6mata New Member

    Joined:
    Sep 8, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    Hi Ishan,

    try the below steps and check and let me know what happens.

    Cause of the issue:
    **********************
    This issue occures if the value of Explorer.exe and userinit.exe in registry is changed .

    Resolution
    *************
    Step 1:- Hit cltrl+alt+del in keyboard to open Task manager .

    Step 2:-Click on File->New task to open the dialouge box.

    Step 3:-Type explorer.exe and hit ok to bring the desktop.

    Step 4:-After desktop appears ,open registry through "Start" "Search" "Regedit"

    Step 5:-Take back up of the registry, if needed system restore point can be created.

    Step 6:- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and check the Shell Value by double clicking on Shell key and Make sure it has Value of explorer.exe.

    Step 7:- On the Same Registry Path ,check the userinit value by double clicking userinit key and make sure it has path c:\windows\system32\userinit.exe .

    Step 8 :-Close the Registry after modification and restart the computer and check.

    Regards,
    Mathan Raj A
     
  8. vandit

    vandit New Member

    Joined:
    May 31, 2005
    Messages:
    458
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    If I had a webcam u could have seen me, before you
    @v6-mata

    He isn't able to start windows (it immediately logs off ; as he has mentioned it clearly ) so how will he do the things you said ? Explain please.
     
  9. return_of_vengeance

    return_of_vengeance New Member

    Joined:
    Aug 16, 2006
    Messages:
    176
    Likes Received:
    0
    Trophy Points:
    0
    abe virus na chakkar ma te to user process ni file j delete kari didhi.... keep it up bro....JAY CHAUHAN
    -----------------------------------------
    Posted again:
    -----------------------------------------
    ishu e file registry ma pachi nakhi de. badhu thik thai jase ane sawar sanj ek ek goli antibiotic no dose deto rehje
    -----------------------------------------
    Posted again:
    -----------------------------------------
    ishu e file registry ma pachi nakhi de. badhu thik thai jase ane sawar sanj ek ek goli antibiotic no dose deto rehje
     
    Last edited: Sep 25, 2009
  10. yrana2002

    yrana2002 New Member

    Joined:
    Sep 23, 2005
    Messages:
    507
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    The Black Pearl
    This method worked for me... though it doesnt have a very good success rate.

    1. Get your Windows xp CD, boot with it and open Recovery Console
    2. Login as administrator when it asks you password, give the password. If you dont use a password leave it blank
    3. Once you cross through this tuff stage, now comes the easy part. Type the following command at the terminal
    (I assume your CD-rom drive is lettered as D: and your affected windows installation is in C: )
    expand D:\i386\userinit_ex C:\windows\system32\userinit.exe

    This, if done correctly, will give you a success message.

    Basically, your userinit.exe is infected by the trojan and you're replacing or over-writing the infected file with the original healthy version of the file on Windows installation disk.
     
Thread Status:
Not open for further replies.

Share This Page