Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

(HELP)It started after catching Intsernet Security 2010


  • Please log in to reply
2 replies to this topic

#1 us30mc

us30mc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 29 January 2010 - 05:09 PM

:thumbsup:

I contracted Internet Security 2010. I had to leave for a few minutes and my computer had automatically shut off because of my settings.(Normal)


I went to log on, the music sounded and started load. Then it went to saving personal settings and logging off. It does this on both user accounts of course and I'm really computer illiterate. I'm surprised I can even turn it on.

Can anyone help with maybe some idiot proof instructions.

Edited by us30mc, 29 January 2010 - 05:11 PM.


BC AdBot (Login to Remove)

 


#2 us30mc

us30mc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 31 January 2010 - 06:35 PM

I contracted Internet Security 2010. I had to leave for a few minutes and my computer had automatically shut off because of my settings.(Normal)


I went to log on, the music sounded and started load. Then it went to saving personal settings and logging off. It does this on both user accounts of course and I'm really computer illiterate. I'm surprised I can even turn it on. Tried safe mode, debug, etc. Went through the F8 key but completely lost

Can anyone help with maybe some idiot proof instructions.


EDIT: Moved from HJT forum - No log included

Edited by garmanma, 31 January 2010 - 10:50 PM.


#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:21 AM

Posted 31 January 2010 - 10:52 PM

Hi.

If it's that rogue that caused this then it's probably related to a registry setting so try the following. You will need a spare CD and a Image file to CD Burner software.

Download OTLPE and Boot Off It
  • Download OTLPE.iso and burn to a CD using ISO Burner.
A free Image Burning CD download can be found over here if you do not have one.

Instructions or tutorial on Burning ISO files can be found over here.
  • Once you have burned the file to a CD take the CD out of your working computer's CD-Rom drive.
  • Reboot your infected system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop and OTLPE should be loaded successfully.
Once it's loaded press the "start" button (blue windows symbol) at the bottom left corner.
Then press All Programs > Regedit > Remote (RunScanner)
The RunScanner should run and the when asked: "Do you wish to load remote user profile(s) for scanning?" Select Yes
Then at the next prompt make sure: Automatically Load All Remaining Users? is checked and then press Ok
This should then open up the Registry Editor.

Navigate to the following key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon <- This key.


Click on the Winlogon key and then at the right pane, there should be a lot of values, scroll down until you see: userinit
Right-click on the userinit value and select Modify.
An "Edit String" box should appear. Under "Value data:" please input: C:\Windows\System32\userinit.exe, (refer to image below)
Then press Ok

Note: Make sure the spelling and the comma (,) are there. I have provided a picture of what it should look like below to help you.

Upon completion of that, exit the Registry Editor and reboot the computer and remove the OTLPE disk from the CD-ROM and see if it loads correctly now.

Posted Image

Thanks. Let me know how it goes and we can continue from there.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users