• CONTEST ALERT - Experience the power of DDR5 memory with Kingston Click for details

Userinit.exe

Status
Not open for further replies.

Ishan

In the zone
Hey i had a virus in my laptop which wasn't showing in task manager but i caught it through hijack this scan.
It showed me an entry after a ';' in userinit.exe entry.
I fixed it through hijack this.. But it was temporary as after every logon the same entry repeated with a different file name.
So i backed up the whole registry.. Searched for userinit.exe entry in it and deleted it.
Now when i start windows and click on my user name on welcome screen it shows me "loading your personal settings" and then immediately shows "logging off". This happened because i deleted the user login process file.
Now i can't restore the registry from any windows mode as for that login is required.
I have another windows xp installed in other drive also coz i use two different windows xp installations.
Now please help!
 

hell_storm2006

Ambassador of Buzz
Well my friend, i think you made a mistake in identifying the virus. What you deleted was not a virus but a very important Windows file which manages all the log-on, booting process and manages all the process flow that Windows needs to perform before you get to the main desktop. You deleted that, and now Windows doesn't know what to do when it tries to log-on! Its a blind man without sticks! :razz:

Suggest you try to do a repair. Or a new installation!
 
OP
Ishan

Ishan

In the zone
manually yaar! just exported whole registry! Please help! Any Solution to restore the registry from another XP OS installed?
 

vandit

In the zone
Abe Ishan , just export the keys which has userinit.exe (the ones you deleted) from the other win XP installation . Open safe mode with cmd prompt and import it from there. (The userinit.exe does not run in the safe mode with cmd prompt mode till you explicitly open explorer.exe , I think.) and it is not a Virus. That's for sure.
 

hell_storm2006

Ambassador of Buzz
It may give rise to instability the first time you boot your PC coz the userinit registry entry would have all the entries of the other PC. So give it a try and lets see where you end up!
 

v-6mata

Right off the assembly line
Hi Ishan,

try the below steps and check and let me know what happens.

Cause of the issue:
**********************
This issue occures if the value of Explorer.exe and userinit.exe in registry is changed .

Resolution
*************
Step 1:- Hit cltrl+alt+del in keyboard to open Task manager .

Step 2:-Click on File->New task to open the dialouge box.

Step 3:-Type explorer.exe and hit ok to bring the desktop.

Step 4:-After desktop appears ,open registry through "Start" "Search" "Regedit"

Step 5:-Take back up of the registry, if needed system restore point can be created.

Step 6:- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and check the Shell Value by double clicking on Shell key and Make sure it has Value of explorer.exe.

Step 7:- On the Same Registry Path ,check the userinit value by double clicking userinit key and make sure it has path c:\windows\system32\userinit.exe .

Step 8 :-Close the Registry after modification and restart the computer and check.

Regards,
Mathan Raj A
 

vandit

In the zone
@v6-mata

He isn't able to start windows (it immediately logs off ; as he has mentioned it clearly ) so how will he do the things you said ? Explain please.
 
abe virus na chakkar ma te to user process ni file j delete kari didhi.... keep it up bro....JAY CHAUHAN
-----------------------------------------
Posted again:
-----------------------------------------
ishu e file registry ma pachi nakhi de. badhu thik thai jase ane sawar sanj ek ek goli antibiotic no dose deto rehje
-----------------------------------------
Posted again:
-----------------------------------------
ishu e file registry ma pachi nakhi de. badhu thik thai jase ane sawar sanj ek ek goli antibiotic no dose deto rehje
 
Last edited:

yrana2002

Ambassador of Buzz
This method worked for me... though it doesnt have a very good success rate.

1. Get your Windows xp CD, boot with it and open Recovery Console
2. Login as administrator when it asks you password, give the password. If you dont use a password leave it blank
3. Once you cross through this tuff stage, now comes the easy part. Type the following command at the terminal
(I assume your CD-rom drive is lettered as D: and your affected windows installation is in C: )
expand D:\i386\userinit_ex C:\windows\system32\userinit.exe

This, if done correctly, will give you a success message.

Basically, your userinit.exe is infected by the trojan and you're replacing or over-writing the infected file with the original healthy version of the file on Windows installation disk.
 
Status
Not open for further replies.
Top Bottom