Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wlctrl32.dll/userinit.exe Problem


  • This topic is locked This topic is locked
7 replies to this topic

#1 Saruto

Saruto

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 26 April 2008 - 07:05 PM

Right, I was just surfing the internets when I realized that my internet seemed a little slower than normal. I decided to run my spyware program XoftSpyXE and it found a bunch of trojans called the "Reno BAT Trojan". I clicked remove to get rid of them and it said they were all removed except for WLCtrl.dll and I needed to restart to remove it. So I did. And that's when the bleep hit the fan. After I restarted the computrer I logged in and a little command window appeared in the upper left corner of the screen with the description of "userinit.exe" After it disappears none of my icons, start menu or anything loads. However I could still run programs by using "New Task > Run". I looked up some stuff and decided to run SDFix to try and remove it. I rebooted in Safe mode and ran SDFix but halfway through it said "FRONTND: Line 1 is too long" and kept looping that. After that I tried to restart in Safe Mode again and retry but now I couldn't even open anything with New Task. I restarted in regular mode to see if that would work and surprisingly my Star Menu and icons loaded up but I can't open most of them. If I try to open Firefox or run iTunes a little command box flickers in the corner. I can't tell what it says since it flashes and closes so fast. I only got Firefox open by accident since I search for a file in the Control Panel and it opened up Firefox. I can't open System Restore or run any of my ani-virus programs. If I try to delete or replace WLCtlr32.dll it says it's in use or write-protected. :thumbsup: Any help with this is appreciated.


UPDATE: I tried rebooting in Safe Mode again and I was able to delete the WLCtlr.dll file. However, upon restarting my computer I saw the little "userinit.exe" window again and this anotehr one that says "Personalized settings". I still can't open up any programs either in Safe Mode or Regular.

Edited by Saruto, 26 April 2008 - 08:03 PM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:52 PM

Posted 26 April 2008 - 08:13 PM

here's an advanced guide to running system restore from a safe mode command prompt for windows xp

http://support.microsoft.com/kb/q304449/

you have a very dangerous infection

Edited by DaChew, 26 April 2008 - 08:14 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 Saruto

Saruto
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 26 April 2008 - 08:18 PM

here's an advanced guide to running system restore from a safe mode command prompt for windows xp

http://support.microsoft.com/kb/q304449/

you have a very dangerous infection



Thanks, I'll try that. I also found this file called "delextra.exe" that pops up every time I try to open a program.

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:52 PM

Posted 26 April 2008 - 08:28 PM

you really need to prepare for the hijackthis forum or reload, this is not one I could lead you thru, this infection will
require the trained helpers there and their advanced tools

if you do get back up where you could do a hijackthis log it probably won't last past the next reboot

Edited by DaChew, 26 April 2008 - 08:29 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#5 Saruto

Saruto
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 26 April 2008 - 08:29 PM

you really need to prepare for the hijackthis forum or reload, this is not one I could lead you thru, this infection will
require the trained helpers there and their advanced tools

if you do get back up where you could do a hijackthis log it probably won't last past the next reboot


The only problem with that is I can't get HijackThis to freakin RUN.

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:52 PM

Posted 26 April 2008 - 08:34 PM

the only guy I found that got this delextra.exe fixed was having to use system restore every reboot until an expert
removed the infection

and could he boot before he started trying to run fixes himself

not a good sign

I was wrong this infection is very very dangerous

Edited by DaChew, 26 April 2008 - 08:34 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#7 Saruto

Saruto
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 26 April 2008 - 09:06 PM

UPDATE: Okay, I found a file called "spools.exe" that was keeping my programs from opening. I deleted it and now I can open my programs but Windows asks me what type of file I want to open the files with. If I select the files shortcut through the menu everything works fine. Not sure if spools.exe will reinstall itself...

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,853 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:52 PM

Posted 26 April 2008 - 10:16 PM

Hello Saruto,

Now that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/143950/delextraexespoolsexemany-other-things-wrong/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users