Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp keeps rebooting after comboFix


  • Please log in to reply
7 replies to this topic

#1 Josesote

Josesote

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 23 July 2009 - 02:19 PM

Yesterday I ran ComboFix in one of the office's computer and it took out a nasty rootkit that was slowing down the computer. But today when I ran ComboFix in another PC, also with Windows Xp, it went thru all the steps, then it said it needed to reboot the machine, it did it but it keeps rebooting only. It only arrives to the Window's welcome screen and then restarts again.
I tried F8 in Safe Mode and also Last Good Configuration but is the same result: keeps restarting.
Can anyone tel me what should I do? Please, dont tell me: "Combofix is a powerful utilty, you shouldnt have used it without guidance" :thumbsup:)
Thank you so much for any help!

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Josesote

Josesote
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 23 July 2009 - 04:50 PM

Just to inform.
It seems I cant get help, so I will reformat my hard disk.
I went into the windows with a Live CD and replaced the Kernell and some other files in the system32 folder, as microsoft recomends for when the computer keeps rebooting, but it was unsuccesful.
Now Im trying to backup my files to do a clean installation.
Im not happy anyway, I would prefer to know the problem and to fix it instead of reformat, thats the easy way for sure, but not the most "rich" in terms of experience...

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:03:46 AM

Posted 23 July 2009 - 07:02 PM

More likely than not:

You will have to create a small 'fix CD' to solve this problem.
Please download RC.ISO and save it somewhere you can find it.
Also download MagicISO and install it.

Start MagicISO. You should see a window informing you about the full version of MagicISO.
In the bottom right select Try It! and the program will open.
Click on File and then on Open and navigate to the RC.ISO file you downloaded. Select it, and click Open.

First, You'll need to add a clean version of userinit.exe to the current RC.ISO
  • In the upper right pane, double click on the i386 folder.
  • Right click in the upper right pane and select Add Files...
  • Navigate to C:\Windows\System32 and select userinit.exe
  • Then click Open to add userinit.exe to the CD image.
  • Click File and select Save As...
  • Name the file RCplus and save it somewhere you can find it.
Next, we'll need to burn the newly created image to a disk that we can use to fix the problem.
  • Put a blank CD-R disk in your CD burner and close the tray. If an AutoPlay window opens, close it.
  • Click on Tools and select Burn CD/DVD with ISO.... A window will appear.
  • Click on the little folder to the right of CD/DVD Image File then navigate to the newly created RCplus.iso Image file and click Open.
  • In the CD/DVD Writing Speed drop-down menu choose the 8X setting.
  • Under Format make sure that Mode 1 is selected.
  • And finally, click on the Burn it! button to burn RCplus.iso to disk.
Once the disk is burned, put it in the machine you want to fix and restart it.
Boot to the CD just as you would with a Windows XP disk.
At the Welcome to Setup screen, press R to enter the Recovery Console.
Choose the installation to be repaired by number (usually 1) and press Enter.
When you are asked for the Administrator password, enter the password or leave it blank (default) and press Enter.

At the C:\Windows> prompt, type the following commands pressing Enter after each one. Note: Watch the spaces.

D:
cd i386
copy userinit.exe c:\windows\system32
exit

After putting in the third command, you should receive the message 1 file copied which will indicate that the operation succeeded.
Now take out the CD and reboot your computer to normal mode. Try to log in and it should let you back in.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 Josesote

Josesote
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 23 July 2009 - 07:21 PM

"First, You'll need to add a clean version of userinit.exe to the current RC.ISO
In the upper right pane, double click on the i386 folder.
Right click in the upper right pane and select Add Files...
Navigate to C:\Windows\System32 and select userinit.exe
Then click Open to add userinit.exe to the CD image."

I will give it a try!
Question:
To get the new userinit.exe, should I use the original Windows Xp?
You said that I need to navigate to C:\Windows\System32 and select userinit.exe
Should I get that userinit.exe from any machine running windows xp or from the original windows xp cd?
Thanks!

#5 Josesote

Josesote
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 23 July 2009 - 07:58 PM

Garmanma:
Thank you very much for the explanation, I did everything as you said, copied the file to system32 succesfully but at the end the result is the same. The computer rebooted again! :thumbsup:
Very strange problem...
Guys, dont worry about this, Im reformating now.
Anyway, is someone has an idea of what could be the problem tell me please.
Also I would like to know what should I do in the future to dont have this problem again.
Yesterday I was so happy with ComboFix, it removed that annoying rootkit from windowsclicks.com, that spybot, antimalware and hijackthis didnt even see... But today Im afraid to use it, without more experience...

#6 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 26 July 2009 - 08:09 AM

Josesote

Yesterday I was so happy with ComboFix, it removed that annoying rootkit from windowsclicks.com, that spybot, antimalware and hijackthis didnt even see... But today Im afraid to use it, without more experience

...
Josesote

Can anyone tel me what should I do? Please, dont tell me: "Combofix is a powerful utilty, you shouldnt have used it without guidance





Actually you really should NOT be using it except if asked to do so by a Trained Helper


ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer

.
As you have maybe discovered there is a very good reason FOR this advise; as you may find if you do do a google search about it ,if used inappropriately it can render a computer forever unbootable :flowers:

If you do require help with an infection do post back and someone can help you ....... :thumbsup:

#7 Josesote

Josesote
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 28 July 2009 - 10:27 AM

I see it now.
Anyway, that computer needed a fresh install of windows and I was able to recover all my documents.
Thanks for the help.
Next time I will ask first :thumbsup:
By the way, what do you recomend to read to learn about the anatomy and behavior of spyware and all types of malware. What changes they do to the registry, where they hide, all these things? Im very curious to learn, and is a good idea to fight them properly.

#8 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 30 July 2009 - 02:11 PM

You might like to read to start with( available from a Google search) >>>How Stuff Works

How does spyware work

( and a PS; with any program it is useful to read up about it before you run it

as to ComboFix...I found via a Google search THIS very useful information on understanding a bit about the tool and why it is ONLY for use on specific infections and ONLY when requested by a Trained Helper who knows what they are looking for

It is also one reason why, if you run it on a computer that does NOT require the tool it CAN wipe off the OS :flowers: ) :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users