Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected with winupdate86.exe - can't bootup even in safemode

  • Please log in to reply
No replies to this topic

#1 Guitar1969


  • Members
  • 1 posts
  • Local time:05:11 PM

Posted 22 November 2009 - 02:42 PM

UPDATE - I got my system back up and running. With BART PE I was able to get to my registry and discovered that my userinit was being redirected to a file from the virus - I reset it to userinit.exe and now I can get in to my system. I've run a number of scans and everything is coming up clean, but the only thing I have not been able to get full access to is Administrator rights. Task Manager was disabled so I adjusted in the registry for it but I am still getting a message that I don't have admin rights to install some programs etc. Is there a tool to reset all of my admin rights back to full access as I had before.


My WinXP SP2 laptop got infected with winupdate86.exe last night. I am running Norton Internet security 2010 but it didn't catch it until it had already infected my computer, then removed the file winupdat86.exe but the damage had already been done. after it removed it I was still having problems with accessing task manager, and the computer was saying I didn't have admin rights even though I did, and was still getting a pop up at startup saying the computer was infected with worm.win32.netsky. it had also created put an "a.exe" file on my descktop which I quickly deleted. I am a bit familiar with virus removal but this one has me stumped.

I ran Norton complete scan, as well as MAlwarebytes and Superantispyware and they all came up clean. I also tried system restore but it said it could not restore. I also downloaded a cleaner repair tool called smitfraudfix that seemed to be designed for the problems I was having and started to run it but it came as an infected program by Norton so I subsequently removed it.

Unfortunately, during all of this something has happened with bootup and now I can't bootup my computer beyond the WinXP login screen, even in Safemode. When I boot up it goes to the XP login screen, I pick my profile(1 of 2 admin accounts) and it starts loading my preferences for the profile, then imediately says "logging off" of my profile and goes back to the login profile screen again - A vicious cycle. This same thing happens in Safemode(Networking and nonnetworking choices). I also tried last know good configuration as well but had the same results. I tried a separate Windows XP startup CD and the same thing happens. I then tried Recover Console on an XP install disk, and when trying to enter the Repair mode, it asks for an administrator password, which I don't have setup on any of my accounts, so don't know how to get beyond it.

I am not sure what to do at this point since I can't even get into Windows XP at this point. I have tried the basics but haven't been able to get into the system at all

Any help or guidance would be greatly appreciated.


Edited by Guitar1969, 23 November 2009 - 12:01 AM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users