log on log off virus

**steppenwolf** · 7 February, 2010, 10:22

Sorry for your trouble friend and thanks for the advice. I would like to help you somehow. Just need more details. If you don't solve the problem.....

**cgscott** · 7 February, 2010, 11:23

Found this zap.

1. Boot using your winxp cd.

2. Enter recovery console.

3. at the command prompt go to
C:/windows/system32

4. next type:
copy userinit.exe wsaupdater.exe

5. exit and reboot normally. You should now be able to logon. But you're not done yet!

6. run regedit

7. find the Userinit key in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Cu rrentVersion\Winlogon\

8. modify the entry:
C:\WINDOWS\System32\wsaupdater.exe
so that it reads:

C:\WINDOWS\System32\userinit.exe
That should do the trick! no reinstalling windows required!

**xant14** · 7 February, 2010, 11:28

I am interested in this thread, nice reply CGS. Waiting to see if it works m8.

**steppenwolf** · 7 February, 2010, 11:59

Originally posted by cgscott

Found this zap.

1. Boot using your winxp cd.

2. Enter recovery console.

3. at the command prompt go to
C:/windows/system32

4. next type:
copy userinit.exe wsaupdater.exe

5. exit and reboot normally. You should now be able to logon. But you're not done yet!

6. run regedit

7. find the Userinit key in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Cu rrentVersion\Winlogon\

8. modify the entry:
C:\WINDOWS\System32\wsaupdater.exe
so that it reads:

C:\WINDOWS\System32\userinit.exe
That should do the trick! no reinstalling windows required!

Wow.... Great work man. Excellent..

**Itsme** · 7 February, 2010, 12:29

Originally posted by cgscott

Found this zap.

1. Boot using your winxp cd.

2. Enter recovery console.

3. at the command prompt go to
C:/windows/system32

4. next type:
copy userinit.exe wsaupdater.exe

5. exit and reboot normally. You should now be able to logon. But you're not done yet!

6. run regedit

7. find the Userinit key in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Cu rrentVersion\Winlogon\

8. modify the entry:
C:\WINDOWS\System32\wsaupdater.exe
so that it reads:

C:\WINDOWS\System32\userinit.exe
That should do the trick! no reinstalling windows required!

I had this problem some time ago where the userinit entry was overwritten.

as said it took some sorting, windows recovery console did not work but the suggestion above should.

I used BartPE and a remote registry editor to remove the suspect userinit entry as I could not get into my system.

Hope you succeed

**patkins** · 8 February, 2010, 14:34

Originally posted by zaphodbb

deep joy, now my pc has a nasty virus as well as me. i wanted to watch a film called the tie guk brotherhood online,(korean) i think it translates into your ~~~~ed now bro. anyway when i started to watch it my av (avira) flagged up there was a virus. and as usual i got options like ... A /do you you want this virus on your hard drive to totally destroy it.... B/ do you want this virus and spend the next 3 weeks googling the ~~~~er for a solution... or C/ deny access RECOMMENDED..... HMMMM tough call eh, ok so lets deny access for it after the 4 times i was asked, and because i feel like shit with the man flu, i turn the pc off and return to my death bed without doing virus checks. serves me right i know, but this is just a warning to all on dk to be extra careful, this log on log off virus is not an easy fix and its gonna take me a while to get it resolved. so peeps dont be a dumbass like me, and dont trust your antivirus, if you get a message run everything you have, malware bytes, sasw, before you close down or you will be in a world of shite like me

Sorry Zap to hear of your illness,however,I am more concerned about your CP virus. Is it contageous? sHOULD i be wearing a mask in front of the screen? Should I disinfect my connections? Signed WORRIED.

log on log off virus

log on log off virus

Comment

Comment

Comment

Comment

Comment

Comment