Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Virus or Corruption: userinit.exe


  • Please log in to reply
23 replies to this topic

#1 tilt23

tilt23

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 05 February 2010 - 08:46 AM

I am running win xp. Problems started when installing programs…the last program I recall was “anti-porn”. After install didn’t appear to be correct, I attempted to open my program “your uninstaller” to delete it but was presented with pop-up and/or error message ‘userinit.exe-application error’ The application failed to initialize properly (0xc0000005). Click ok to terminate the application.

So, I restarted my system to get a blank screen (desktop picture only, no icons and the message…‘userinit.exe-application error’ The application failed to initialize properly (0xc0000005). Click ok to terminate the application.

I did some research and found a way to get my icons back…by doing an alt-ctrl-dlte then running a new task: c:\windows\explorer.exe – THEN all my icons come back but when I click on them, e.g. paint.exe, to include every cleaning utility application I am presented with pop-up box message (whatever the program name is) The application failed to initialize properly (0xc0000005). Click ok to terminate the application…it appears after pushing ok, another program tries to open but I get same error message and so on.

I downloaded software ‘super antispyware’ but when I try to execute the program I get same error message preventing the program from running.

NOTE: When I attempt to boot up in safe mode, all I get is a blank-black screen…nothing happens.

Please help!

P.S., ms word, pictures, etc. open fine.

Thank You,

Edited by Pandy, 06 February 2010 - 11:10 AM.
Moved from Windows XP Home and Pro


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,300 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:51 PM

Posted 05 February 2010 - 09:40 AM

Worth a look, http://www.updatexp.com/0xC0000005.html.

How to restore the userinit.exe file - http://www.bleepingcomputer.com/forums/t/229227/how-to-restore-the-userinitexe-file/

New Userinit File - http://www.bleepingcomputer.com/forums/t/240289/windows-keeps-restarting-by-itself/

Replace Userinit File In XP - http://www.bleepingcomputer.com/forums/t/277227/cant-stay-logged-in/

Disabled Userinit.exe File

Louis

#3 tilt23

tilt23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 05 February 2010 - 10:00 AM

Louis thanks for your reply, I will try it...IS THIS A VIRUS?

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,300 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:51 PM

Posted 05 February 2010 - 11:01 AM

I can't answer that...files become corrupted every day and it's not due to a virus.

A number of STOP errors can be caused by malware, but that doesn't mean that malware is the only cause of such.

I will say that the best approach (IMO) is to ensure that you have removed the likelihood of malware from the equation...by taking the steps necessary to minimize the frustration that malware causes daily. Those steps have been repeated so often that there is little point in listing them again...any user can go online, do a search for "how to protect my system from malware" and see them listed at least a thousand times by various persons/websites.

Louis

#5 tilt23

tilt23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 05 February 2010 - 11:35 AM

Louis,

yeah, I have all the programs/software to clean system but the problem is getting to them as previously mentioned whenever i click on a program such as malwarebytes, spyware doctor and the like I get that error message and program will not open...So, how do i get any of these programs to run for a possible scan/fix?

Edited by tilt23, 05 February 2010 - 12:18 PM.


#6 Dimpy

Dimpy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:india
  • Local time:02:21 AM

Posted 05 February 2010 - 11:42 AM

Please check this link may help:-

http://en.kioskea.net/forum/affich-9082-ex...%2004%3A13%3A21

#7 tilt23

tilt23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 05 February 2010 - 02:56 PM

Dimpy,

Solution doesn't apply to my situation: userinit.exe-application error The application failed to initialize properly (0xc0000005). Click ok to terminate the application.

#8 tilt23

tilt23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 06 February 2010 - 09:15 AM

Ok, I did everything listed below that a previous helper suggested but the disc only opened up to show me what files I burned to it...the disc did not act and/or open like a windows xp disc, e.g. welcome screen to click on "R" for repair console SEE BELOW, therefore I opened the i386 folder and copied the new userinit.exe to my infected computers i386 folder and the system booted to my normal desktop without the error message pop-up userinit.exe - application error BUT, now the the pop-up error message displayed is rundll.32.exe - application error, press ok then another appears, malwarebytes.exe, nod32kui.exe and so on for about 6-7 programs then the message disappears. However, STILL when I click on an application to run it - I get that applications error message.
Can anyone help me? Please...

Once the disk is burned, put it in the machine you want to fix and restart it.
Boot to the CD just as you would with a Windows XP disk.
At the Welcome to Setup screen, press R to enter the Recovery Console.


You will have to create a small 'fix CD' to solve this problem.
Please download RC.ISO and save it somewhere you can find it.
Also download MagicISO and install it.

Start MagicISO. You should see a window informing you about the full version of MagicISO.
In the bottom right select Try It! and the program will open.
Click on File and then on Open and navigate to the RC.ISO file you downloaded. Select it, and click Open.

First, You'll need to add a clean version of userinit.exe to the current RC.ISOIn the upper right pane, double click on the i386 folder.
Right click in the upper right pane and select Add Files...Navigate to C:\Windows\System32 and select userinit.exeThen click Open to add userinit.exe to the CD image.
Click File and select Save As...Name the file RCplus and save it somewhere you can find it.
Next, we'll need to burn the newly created image to a disk that we can use to fix the problem.
Put a blank CD-R disk in your CD burner and close the tray. If an AutoPlay window opens, close it.
Click on Tools and select Burn CD/DVD with ISO.... A window will appear.
Click on the little folder to the right of CD/DVD Image File then navigate to the newly created RCplus.iso Image file and click Open.
In the CD/DVD Writing Speed drop-down menu choose the 8X setting.
Under Format make sure that Mode 1 is selected.
And finally, click on the Burn it! button to burn RCplus.iso to disk.
Once the disk is burned, put it in the machine you want to fix and restart it.
Boot to the CD just as you would with a Windows XP disk.
At the Welcome to Setup screen, press R to enter the Recovery Console.
Choose the installation to be repaired by number (usually 1) and press Enter.
When you are asked for the Administrator password, enter the password or leave it blank (default) and press Enter.

At the C:\Windows> prompt, type the following commands pressing Enter after each one. Note: Watch the spaces.

D:
cd i386
copy userinit.exe c:\windows\system32
exit

After putting in the third command, you should receive the message 1 file copied which will indicate that the operation succeeded.
Now take out the CD and reboot your computer to normal mode. Try to log in and it should let you back in.


#9 hamluis

hamluis

    Moderator


  • Moderator
  • 56,300 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:51 PM

Posted 06 February 2010 - 09:51 AM

As I indicated before...typical user fixes for XP problems...may not apply or work properly when a system is infected.

If you don't want to post to the Am I Infected forum, that's your option. But no one in the XP forum has the green light to try to apply knowledge which we don't possess...to infected systems. We treat healthy systems with either O/S/software/hardware problems of some type...the malware forums at BC deal with known or suspected malware cases.

If you want this post moved to one of our malware forums, please state such and it shall be done. If not, good luck.

No one here can tell you...based on your inputs...that you have a specific form of malware. But the folks at AII can either confirm/refute the idea of such.

Louis

#10 tilt23

tilt23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 06 February 2010 - 10:05 AM

by all means, please move it...thanks, I didn't know.

#11 tilt23

tilt23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 06 February 2010 - 11:22 AM

garmanma,

can you expand a little more on my issue and offer up some advice to get rid of this nasty thing?

Edited by tilt23, 06 February 2010 - 11:24 AM.


#12 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:51 PM

Posted 06 February 2010 - 11:24 AM

BUT, now the the pop-up error message displayed is rundll.32.exe - application error, press ok then another appears, malwarebytes.exe, nod32kui.exe and so on


If I understand you correctly, you can now boot your computer? You are just getting the rundll pop-up?

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
After running the tool, try to run mbam
It may take several times running rkill to get it to work
Do not reboot the computer or you will have to run it again
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#13 tilt23

tilt23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 06 February 2010 - 11:29 AM

Neither of them would run, and after att'g. to run all four prgms - they disappeared from my desktop (vanished).

I can boot my computer? But, when everything has loaded and i am at my desktop...the popup window runddll.exe, mbam.exe, nod.exe, and so on pops up until i click ok. I go to my taskbar to run utility promgs amd get same error message...mbam.exe - application error. program failed to initialize properly (oxc.0000005). click ok to terminate the application.

P.S., the firts application error was userinit.exe but not since I manua;;y copied that file to i386...granted that userinit.exe came from a clean computer running service pack 2 and infected system has service pack 3 - does that matter re: "R" console not popping up via made iso?

Edited by tilt23, 06 February 2010 - 11:37 AM.


#14 tilt23

tilt23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 06 February 2010 - 12:00 PM

Rkill appears to start up in safemode...states 'terminating known malware processes. Please be patient...
then an error window pops up: nircmdc.rkexe - application error. The applic. failed to initialize
properly (oxc0000005) click ok to terminate the application.

Then Rkill gives me this report:Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Dad on 02/06/2010 at 11:50:26.

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Dad\Desktop\rkill.pif

Rkill completed on 02/06/2010 at 11:53:02.

Edited by tilt23, 06 February 2010 - 12:01 PM.


#15 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:51 PM

Posted 06 February 2010 - 07:50 PM

the firts application error was userinit.exe but not since I manually copied that file to i386.

So apparently that is fixed and you do not need the Recovery console. Remove the CD from the computer and let it boot normally

Do what you need to do to get back to the Desktop and the follow these instructions found here



Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.


When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

The HJT team is very busy and it will take awhile to get to your post
Please be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users