Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry editing has left me unable to logon


  • Please log in to reply
11 replies to this topic

#1 dashie

dashie

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 13 June 2005 - 04:17 PM

OK, following the advice of 'Autoruns' software, I deleted a registry key on my brothers (trojan and worm-infested pc). I now cannot logon: when I startup, even in safe mode, clicking a username leads to saved settings and then back to logon screen; an infinite loop, and no hilarity, ensues.

Before I am forced to resort to a reinstall of XP SP1a, is there any way past this? I am now at my house, with access to a cable modem via my own win xp sp2 machine. I have a knoppix disc, and probably can find my bootdisk. If I get to DOS login or something, is the registry salvageable? If so, what value should be at that key?

TIA,

dashie

Win XP Home, SP2

BC AdBot (Login to Remove)

 


#2 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:04:24 PM

Posted 13 June 2005 - 04:26 PM

The key name would be helpful. Did you perhaps remove the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit key?
Derfram
~~~~~~

#3 dashie

dashie
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 13 June 2005 - 06:13 PM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit key? (Only one slash, but you knew that, right?)

Thanks for tracking that down, any ideas on what to do?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

that was it alright! How forget ful of me. I can see where this is going...

#4 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:04:24 PM

Posted 13 June 2005 - 06:36 PM

Try the repair instructions ('Resolution') listed in Ad-aware KB article 04060901.

If that doesn't do it, we may have to add the key back manually.

Edited by ddeerrff, 13 June 2005 - 06:39 PM.

Derfram
~~~~~~

#5 dashie

dashie
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 13 June 2005 - 06:54 PM

I can't logon to Windows, so I can't use any programs on the hard drive. Maybe I'm being *really* dumb: if the Recovery console mentioned in your link is in Ad-Aware, how do I access it? (I do have Ad-Aware on the HD)

Thx for your interest so far, mate.

#6 dashie

dashie
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 13 June 2005 - 07:01 PM

Alright, I just completed reading the article. I will try that later today. It's late & I'm tired - I didn't read very closely.

If I can acess the registry, I will need to reinstate the *values* for the missing key precisely. Please do me a small favour - I will post my outcomes here tomorrow, could you check back? Thanks again.

dashie.

Edited by dashie, 13 June 2005 - 07:03 PM.


#7 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:04:24 PM

Posted 13 June 2005 - 08:25 PM

You access the recovery console from your OS installation disk.

I'm not particularly conversant with the recovery console, perhaps one of the other regulars here can jump in.

I had another thought. The recovery console may give you the option of booting from 'last known good' configuration. That might get you back in business.
Derfram
~~~~~~

#8 dashie

dashie
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 13 June 2005 - 08:27 PM

Thx!

I will try this - it all depends on whether the CD drive is recognised. This has been most use ful - results tomorrow night, fingers crossed.

Thx again,

dashie

#9 dashie

dashie
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 15 June 2005 - 05:27 PM

Oh well. I was so hopeful, too...

The blasted PC doesn't recognise the CD when I put the XP disk in. It's the full blown SP1a version of XP; it should, in theory, have Recovery Console on it, but though the CD drive spins, and a green light next to it comes on, the pc just carries on as I described above.

Is there a best option to choose after hitting F8? I recko0n I've chosen everything from Safe Mode to Boot Logging & everything in between...no options to boot from CD appear, ever.

Even if I wanted to completely reinstall XP, how could I? Am I SOL with a worthless piece of junk now? :thumbsup:

#10 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:05:24 PM

Posted 15 June 2005 - 05:37 PM

You need to enter the Bios (usually by pressing either Del, F1, F2 or F10). Once in the Bios, find the Boot Order and set your CD Drive as the first boot device. Boot with the XP CD in the drive and follow the instructions in How to Run a Repair Install.

Edited by Leurgy, 15 June 2005 - 05:38 PM.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#11 dashie

dashie
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 15 June 2005 - 08:27 PM

You need to enter the Bios (usually by pressing either Del, F1, F2 or F10). Once in the Bios, find the Boot Order and set your CD Drive as the first boot device. Boot with the XP CD in the drive and follow the instructions in How to Run a Repair Install.

Thanks - that bit was the crucial step.

I couldn't fix stuff by the method Lavasoft outlined - I simply could not copy the file (my suspicion is that their instructions led me to copy the old, installed userinit.exe); so I reinstalled XP, and seem to have retained the old data.

A success, even so. Thanks, muchly!

#12 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:05:24 PM

Posted 16 June 2005 - 05:00 AM

Glad we were able to help you and your brother out. Thanks for posting back and letting us know. :thumbsup:

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users