Jump to content

Personal Computer Solution

Members
  • Content Count

    5
  • Joined

  • Last visited

About Personal Computer Solution

  • Rank
    Newbie
  1. Glad to hear that this helped you! I've been working with computers and infections for a while now, and you'll see a lot of weird things. I will say that lately SAS has not been picking them up as well as other programs such as Malwarebytes, but that's just the way it goes. We still install SAS on every computer we sell, and the repair tools that come with the program are priceless! More power to everyone for the war against infection!
  2. Would you be able to use the PEBuilder to load the registry hive? That way you're not in Windows and you shouldn't be locked out of the file. The reason for editing the registry is that there may be more than one file loading via this key.
  3. Here's what you need to do. This is a little bit complicated, but I've ran into this problem before. What has happened is that your registry is not pointing to userinit.exe when you logon. To change this you can either slave the hard drive to another computer and load the hive, or download BartPE http://www.nu2.nu/pebuilder/ as this will be a much faster way in the future if it happens again. Either way, here's what you need to do. NOTE: IF YOU'VE NEVER MESSED WITH REGISTRY CHANGES, BE VERY CAREFUL, AS DELETING ANYTHING OTHER THEN TOLD WILL LEAD TO YOUR SYSTEM BEING IRRECOVERABLE. Open up the registry editor by clicking on START, RUN, then type in REGEDIT. Highlight HKEY_LOCAL_MACHINE. Click on FILE, then LOAD HIVE. Locate your hard drive, then go to the following folder. C:\windows\system32\config\ (Note: Sometimes the folder may be hidden. Just type the folder name in the file box and hit ENTER.) Select the file labeled SOFTWARE It will ask you for a name, for this let's name it SoftTest. Now, let's go to the following folder in the registry tree. HKEY_LOCAL_MACHINE\SoftTest\Microsoft\WindowsNT\CurrentVersion\Winlogon\ On your right side, you will see the following REG_SZ key: Userinit Double click on the name, and change the Value Data to "C:\Windows\system32\userinit.exe," (without the quotations, but make sure the comma is in there!) If this key was anything else besides the Value Data I provided, that would be your issue. Now, highlight our original folder of SoftTest, click on FILE, and this time click UNLOAD HIVE. Exit the registry editor and reboot, (or if you slaved the drive, shut down and hook the drive back up) I hope this has been helpful to you!
×
×
  • Create New...