Jump to content

Aspen

Members
  • Content Count

    2
  • Joined

  • Last visited

About Aspen

  • Rank
    Newbie
  1. invent101, I think the access denied is because it cannot replace the existing userinit.exe file that is already present. If from the recovery console you are able to... cd Windows\System32 ren userinit.exe userinit.old ...and then try the expand... d: cd I386 expand userinit.ex_ c:\windows\system32 I think you will be OK. Failing that, by whatever means possible you need to replace your existing userinit.exe with a nice clean one (maybe just expand userinit.ex_ to c: and then move it into place in Normal mode after killing the existing process). Good luck, Aspen
  2. I've had exactly the same problem with a machine today. MSAntispyware2009 and the continual prompts to go to anykuy.com. This was on a Windows XP Pro machine. What I've found is the following.. 1. McAfee resident shield was installed and running yet the virus still got on to the machine 2. MalwareBytes AntiMalware detects and removes MSAntispyware 2009 and others but does not resolve the problem with the system tray icon and the anykuy.com redirects 3. SuperAntiSpyware exactly the same...it does not detect/fix the anykuy.com redirects 4. SpybotSD exactly the same problem 5. McAfee anti-virus exactly same problem Eventually I discovered that the problem is that c:\Windows\System32\userinit.exe has been modified. It is this, I think, that is causing the problem. Of course, replacing it is a little tricky as it's running on the infected machine. To replace it I booted from the WinXP CD and entered the recovery console. From here you can replace userinit.exe with a clean version > d: > cd I386 > expand USERINIT.EX_ C:\WINDOWS\SYSTEM32 > exit after rebooting i note that the little tray icon is no longer present and for the last three hours I've not had any annoying attempts to take me to the anykuy.com web-page. I'm just rescanning with every tool I can find but, for me anyway, it appears that an infected (though not detected) userinit.exe was the problem. (note: infected userinit was 61K, 64K on disk...clean version is 25.5K, 28K on disk from SP3 XP pro) Hope this helps someone...it was bugging me why none of the anti-virus/anti-spyware tools were finding it but maybe it hides itself from detection.
×
×
  • Create New...