Posted 19 August 2010 - 08:10 AM
You can try this to see if you can gt it to boot up
Boot from a Windows XP CD
Select "R" for Repair
Select "1" for you Windows operating system
At the C:\WINDOWS prompt, type CD SYSTEM32 and press Enter
Then type COPY USERINIT.EXE WINLOGON32.EXE and press Enter
If you get the 1 FILE COPIED, then type EXIT and reboot your system.
You should now be able to log in.
If you got a message stating that the file is not recognised or missing, do the following:
Type D: and press Enter - assuming D: is the letter for your CDROM drive. If not, put in the drive letter for you CDROM.
Type CD I386 and press Enter (that is the letter I and 386)
Then type EXPAND USERINIT.EX_ C: and press Enter
Type C: and press enter
You should now be back at C:\WINDOWS\SYSTEM32
Type COPY USERINIT.EXE WINLOGON32.EXE and press Enter
You should get 1 FILE COPIED.
Type EXIT and reboot system.
Now you should be able to log back into Windows XP.
Boot using your winxp cd.
Enter recovery console.
at the command prompt go to
If you find, it, type
copy userinit.exe wsaupdater.exe
Exit and reboot normally. You should now be able to logon.
In the right pane, you should see
Change it so that it reads:
That should solve the problem, if the malware was the one that caused the issue.
either copy boot.ini from another computer copy over boot.ini on infected computer via copy command
or copy boot.ini from the recovery disc... copy d:boot.ini c:
After you log on to XP go to your registry ( regedit from run)
Look in the right pane for a value under name called Userinit. The value
Including the trailing comma. If it reads anything other then the above,
the Userinit value and change it to the value above.
Personally I have tried the Barts CD to repair the registry on a virus infected pc and often it will give you an error that the file is locked and will pervent you from making any changes. I will post this anyway for future references
Scenario - Incorrect registry value preventing you from logging on to your user account in Windows XP ?
In this example, a basic BartPE CD without any Plugins, has been used for illustration purposes. You may add as many Plugins as you want, depending upon your needs.
Verifying and fixing the Userinit value in the registry
If your PC is a victim of the Malware discussed in this article, and unable to login to your profile, then you'll need to fix the registry as discussed there. As you're unable to login, registry modification can only be done from a remote system, or via offline registry editing. This article discusses about offline registry editing.
1. Insert the BartPE CD into the drive, and boot the system from the CD. Once the file loading phase is over, the Bart PE desktop will be visible, as shown in Figure 1.
2. Type Regedit.exe in the prompt, and press Enter. Select the HKEY_USERS hive
3. From the File menu, choose the Load Hive option. Browse to your Windows installation drive, for example the following location:
4. Select the file named SOFTWARE (the file without any extensions), and click Open
5. Type a name for the hive that you've loaded now. (Example: MyXPHive)
6. Now the SOFTWARE hive is loaded, and present under the HKEY_USERS base hive.
7. In order to fix the Userinit value in the loaded hive, navigate to the following location:
HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
8. Double-click Userinit and set it's value correctly. Example: Set it's data as follows:
(Include the trailing comma also. The above assumes that Windows is installed in C:\Windows, and Userinit.exe file is actually present in the System32 folder. You may want to verify that as well.)
9. After entering the correct data, you MUST unload the Hive. To do so, select MyXPHive branch, and then in the File menu, choose Unload Hive. It's important to note that you'll need to select the MyXPHive branch first, before unloading it.
10. Quit BartPE and restart Windows. See if you're able to logon to your profile