Well, of course some dick linked me to Encyclopedia Dramatica, and I clicked it, then almost immediately got a virus. It changed my background and said it was a "virus program". I ran Spybot S&D, got rid of stuff, and shredded the .exe, and restarted. Now, when I try to log back on, it immediately logs me off.
Please help, this is our family computer, and I'll be in deep shit if it doesn't get fixed.
Reformat :v:
Just kidding. Sounds like your virus changed the registry to point to its own exe instead of your userinit.exe, then when you deleted the virus exe the registry entry was left pointing to a nonexistent file.
Since you have access to another computer, can you put your hard drive into it as a slave? Then you can fix the registry from there. Here's how:
[highlight]IMPORTANT[/highlight]
Before you do anything, make a backup of the registry hive you are about to edit. Navigate to *infected drive*\Windows\System32\config\ and find the file called SOFTWARE. There will be two, you want the one that is not a text document. Right-click it and select "copy". Then rename the file to SOFTWARE.backup. Then right-click and select "paste". Now you have two of them. This step isn't really necessary unless you are afraid of fucking something up.
[list=1]
[*]First, check to make sure that the userinit.exe hasn't been deleted. Navigate to *infected drive*\Windows\System32. It should be there. If it's not, then you need to get another copy of it. Let me know and I will try to help.
[*]Run regedit (Windows Key + r, type regedit in the box).
[*]Load the registry hive into regedit from the infected computer. First click HKEY_LOCAL_MACHINE, then File > Load Hive. Navigate to *infected drive*\Windows\System32\config\. Find a file called SOFTWARE. There will probably be two, the hive and a text file. The hive will be like 20 or 30 megs. Open it.
[*]With the hive now open, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\. In the right panel, you should find the entry for Userinit.
[*]If the data in the Userinit entry says something other than "C:\Windows\system32\userinit.exe," without the quotes, then change it to that. Yes, that is a comma at the end, it belongs there.[highlight]†[/highlight]
[*]Now just shut down and put the hard drive back.
[/list]
[highlight]†[/highlight]: If the registry entry is actually correct to begin with, and your userinit.exe hasn't been deleted, then you have a different problem. Not the most likely situation, but possible.
There's another way to do this if you have your Windows disc [I][b]and[/b][/I] you remember the [I][b]exact[/b][/I] name of the virus exe that got deleted. Let me know if you want to do that and I will help you.
Encyclopedia Dramatica doesn't give virus's, you just download to much gayporn.
And do what discopony said.
[QUOTE=Wipmuck;19874848]Encyclopedia Dramatica doesn't give virus's, you just download to much gayporn.
And do what discopony said.[/QUOTE]
I clicked on an ED link to Avatar, and it started fucking my computer.
Delete system 32.
[QUOTE=DrumStick;19889437]Delete system 32.[/QUOTE]
My computer starts up faster now. Thanks!
Sorry, you need to Log In to post a reply to this thread.