Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV deleted logonui.exe


  • Please log in to reply
6 replies to this topic

#1 hatemf90

hatemf90

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 11 April 2009 - 05:00 AM

Hi every one,

Great forum, lots of useful info.

Yesterday I reinstalled windows. Right after I installed the AV (NOD32) it quarantined a file called logonui.exe from system32 directory. So whenever I start the PC I get the classical login box instead of the usual welcome screen... Ive tried putting the file back, but it doesnt work.. Ive tried everything, even getting the file from the XP CD... still get the classic login box with a black background, so how do I put the file back? or is something else missing, like a registry key or something?

Thanks

Edited by hatemf90, 11 April 2009 - 05:01 AM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,248 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:22 PM

Posted 11 April 2009 - 10:37 AM

IMO, worth reading: http://www.wilderssecurity.com/showthread.php?t=238775

Since the possibility exists that it may be a bug in your AV...why not remove it and try a different, free AV that is reliable...for a short time?

I would suggest Avira Free, but AVG, etc. will do.

If the same situation arises with those AV programs, then you can identify the problem.

There are also online scans that can help determine if you have malware problems or not.

(Be advised that some of these scanners will pickup things in "quarantine" from other anti-virus programs - so review the results carefully)

http://www.pandasecurity.com/homeusers/solutions/activescan/
http://us.mcafee.com/root/mfs/default.asp
http://housecall.trendmicro.com
http://www.bitdefender.com/scan8/ie.html
http://support.f-secure.com/enu/home/ols.shtml
http://onlinescan.avast.com/
http://ca.com/us/securityadvisor/virusinfo/scan.aspx
http://www.eset.com/onlinescan/

If you find that you're infected (or the scan doesn't complete or closes unexpectedly), post in the Am I Infected forum located here: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

Louis

#3 hatemf90

hatemf90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 11 April 2009 - 11:06 AM

IMO, worth reading: http://www.wilderssecurity.com/showthread.php?t=238775


lol, I posted that... (same username) asking about why NOD wont leave that file alone...

And Im sure that its not an infection because:
1) it happened after a completely new windows install, if its infected, then it cant come from anything except the installation CD itself... which is unlikely...
2) even if it was, I got the logonui.exe from the internet, and also from the XP CD, and NOD quarantines all of those, like I said in that thread...

I managed to make NOD ignore the file but the problem now is Im still getting the classic login screen even though the file is in place...

EDIT: As a last resort Il probably uninstall NOD and go for a free AV, the best 2 I know are Avira and Avast, but which is better? Im looking a for a solid AV, but doesnt automatically delete system files...

Edited by hatemf90, 11 April 2009 - 11:19 AM.


#4 hatemf90

hatemf90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 11 April 2009 - 01:22 PM

I managed to solve it, I was missing a registry key

But thanks anwyay

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,248 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:22 PM

Posted 11 April 2009 - 04:51 PM

Glad you solved it :thumbsup:.

It might benefit someone...if you gave us details as to how you came to this realization and overcame it.

Louis

#6 hatemf90

hatemf90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 11 April 2009 - 05:58 PM

Sure. When other people faced this problem putting back the file solved it, but when AV quarantined it, it also deleted the registry key linked to it

The missing key is in:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\
CurrentVersion\Winlogon

Key name is UIHost. If its not there, click new => expandable string value, type name UIHost, then Modify it and type logonui.exe

and thats it, worked after that :thumbsup:

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 55,248 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:22 PM

Posted 11 April 2009 - 06:55 PM

Appreciated, happy computing :thumbsup:.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users