Userinit.exe

Ishan · Sep 11, 2009

Hey i had a virus in my laptop which wasn't showing in task manager but i caught it through hijack this scan.
It showed me an entry after a ';' in userinit.exe entry.
I fixed it through hijack this.. But it was temporary as after every logon the same entry repeated with a different file name.
So i backed up the whole registry.. Searched for userinit.exe entry in it and deleted it.
Now when i start windows and click on my user name on welcome screen it shows me "loading your personal settings" and then immediately shows "logging off". This happened because i deleted the user login process file.
Now i can't restore the registry from any windows mode as for that login is required.
I have another windows xp installed in other drive also coz i use two different windows xp installations.
Now please help!

hell_storm2006 · Sep 11, 2009

Well my friend, i think you made a mistake in identifying the virus. What you deleted was not a virus but a very important Windows file which manages all the log-on, booting process and manages all the process flow that Windows needs to perform before you get to the main desktop. You deleted that, and now Windows doesn't know what to do when it tries to log-on! Its a blind man without sticks! :razz:

Suggest you try to do a repair. Or a new installation!

di9it · Sep 14, 2009

How did u take the backup of ur registry? Manually or using some software..?

Ishan · Sep 15, 2009

manually yaar! just exported whole registry! Please help! Any Solution to restore the registry from another XP OS installed?

vandit · Sep 16, 2009

Abe Ishan , just export the keys which has userinit.exe (the ones you deleted) from the other win XP installation . Open safe mode with cmd prompt and import it from there. (The userinit.exe does not run in the safe mode with cmd prompt mode till you explicitly open explorer.exe , I think.) and it is not a Virus. That's for sure.

hell_storm2006 · Sep 16, 2009

It may give rise to instability the first time you boot your PC coz the userinit registry entry would have all the entries of the other PC. So give it a try and lets see where you end up!

v-6mata · Sep 17, 2009

Hi Ishan,

try the below steps and check and let me know what happens.

Cause of the issue:
**********************
This issue occures if the value of Explorer.exe and userinit.exe in registry is changed .

Resolution
*************
Step 1:- Hit cltrl+alt+del in keyboard to open Task manager .

Step 2:-Click on File->New task to open the dialouge box.

Step 3:-Type explorer.exe and hit ok to bring the desktop.

Step 4:-After desktop appears ,open registry through "Start" "Search" "Regedit"

Step 5:-Take back up of the registry, if needed system restore point can be created.

Step 6:- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and check the Shell Value by double clicking on Shell key and Make sure it has Value of explorer.exe.

Step 7:- On the Same Registry Path ,check the userinit value by double clicking userinit key and make sure it has path c:\windows\system32\userinit.exe .

Step 8 :-Close the Registry after modification and restart the computer and check.

Regards,
Mathan Raj A

vandit · Sep 20, 2009

@v6-mata

He isn't able to start windows (it immediately logs off ; as he has mentioned it clearly ) so how will he do the things you said ? Explain please.

return_of_vengeance · Sep 25, 2009

abe virus na chakkar ma te to user process ni file j delete kari didhi.... keep it up bro....JAY CHAUHAN
-----------------------------------------
Posted again:
-----------------------------------------
ishu e file registry ma pachi nakhi de. badhu thik thai jase ane sawar sanj ek ek goli antibiotic no dose deto rehje
-----------------------------------------
Posted again:
-----------------------------------------
ishu e file registry ma pachi nakhi de. badhu thik thai jase ane sawar sanj ek ek goli antibiotic no dose deto rehje

yrana2002 · Sep 29, 2009

This method worked for me... though it doesnt have a very good success rate.

1. Get your Windows xp CD, boot with it and open Recovery Console
2. Login as administrator when it asks you password, give the password. If you dont use a password leave it blank
3. Once you cross through this tuff stage, now comes the easy part. Type the following command at the terminal
(I assume your CD-rom drive is lettered as D: and your affected windows installation is in C: )
expand D:\i386\userinit_ex C:\windows\system32\userinit.exe

This, if done correctly, will give you a success message.

Basically, your userinit.exe is infected by the trojan and you're replacing or over-writing the infected file with the original healthy version of the file on Windows installation disk.

Userinit.exe

Ishan

In the zone

hell_storm2006

Ambassador of Buzz

di9it

thinking di9it'al

Ishan

In the zone

vandit

In the zone

hell_storm2006

Ambassador of Buzz

v-6mata

Right off the assembly line

vandit

In the zone

return_of_vengeance

Journeyman

yrana2002

Ambassador of Buzz