Malware

Question

Gravatar
Locked

Booting using a start up disk

By RAMOSL ·
Hi all:
I have a Desktop machine that looks that was affected by a virus. It is running on Windows XP Home SP2. When it asks for the loggin information seems that is going to access the user profile but at that points it saves the profile and gets back to the signon. I created a startup disk in another machine using drive a and the machine is currently at the does level. Now I want to run a virus program that is installed in the infected machine drive c:\howver, the startup disk does not have the configuration to have the machine recognizing the has a c drive. Is there something I can do at the startup disk config.sys or autoexec.bat to access the drive c: after the machine is at the does command prompt?

Tks

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Answers

gravatar
Collapse -

Try this

by Jacky Howe In reply to Booting using a start up ...

Here is the solution to the logon - logoff issue in Windows XP.

Enter the Recovery Console

Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)

Type the following command and press Enter.

CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)
At the prompt type in
COPY USERINIT.EXE WSAUPDATER.EXE

Quit Recovery Console by typing EXIT and restart Windows.

You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

"WARNING MODIFYING REGISTRY INFORMATION IS DANGEROUS"
Backup the Key before making changes.

Now, change the USERINIT value in the registry
Click Start, Run and type REGEDIT. Navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

In the right pane you will see that the value of the Userinit key is incorrectly set to "wsaupdater.exe,"


In the right-pane, change the value of Userinit to C:\WINDOWS\system32\userinit.exe,

Type the above value exactly as given, including the comma. Also, change the path to userinit.exe appropriately if Windows is installed in a different drive.

Close Registry Editor and restart Windows.

Back to Malware Forum
1 total post (Page 1 of 1)  

Start or search

Related Discussions

Related Forums