Highlygifted Posted March 28, 2009 Share Posted March 28, 2009 (edited) I've been tasked with fixing a sibling's computer which contracted Rootkit, and so far it has been an annoying ordeal. When it logs on, it flashes the desktop, then logs off automatically, and leads me to the user selection screen. I was able to determine the problem was Rootkit before, but during my absence a past weekend, my father tried to fix it and did something which he can't remember and I've been left unable to access safe mode. Thanks in advance for the help. Running Windows XP on her computer, btw. Edited March 29, 2009 by Highlygifted Link to comment Share on other sites More sharing options...
cluberti Posted March 28, 2009 Share Posted March 28, 2009 Moving. Link to comment Share on other sites More sharing options...
DigeratiPrime Posted March 28, 2009 Share Posted March 28, 2009 What version of Windows are you running? What options do you have on the Advanced Boot Options menu (F8)?Do you have a Windows Vista setup disc? That includes WinRE which could be used to modify the registry "offline". Link to comment Share on other sites More sharing options...
Tarun Posted March 31, 2009 Share Posted March 31, 2009 Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log. Link to comment Share on other sites More sharing options...
Highlygifted Posted April 1, 2009 Author Share Posted April 1, 2009 First of all, I have to find a way to replace userinit.exe, the missing part which is causing this problem apparently. Can I get some help replacing this file with instructions? Thanks. Link to comment Share on other sites More sharing options...
IcemanND Posted April 1, 2009 Share Posted April 1, 2009 is the file actually missing from c:\windows\system32?Ir is it the registry value that loads it that is missing? Link to comment Share on other sites More sharing options...
Highlygifted Posted April 1, 2009 Author Share Posted April 1, 2009 That I don't know. Link to comment Share on other sites More sharing options...
IcemanND Posted April 1, 2009 Share Posted April 1, 2009 do you have a way to make a bartpe cd (preferred) or connect the infected drive to another machine? Link to comment Share on other sites More sharing options...
tguy Posted April 1, 2009 Share Posted April 1, 2009 I ran across a rootkit infected computer today as well. I downloaded unhackme.zip, installed and cleaned it up. May want to try that too. Link to comment Share on other sites More sharing options...
IcemanND Posted April 1, 2009 Share Posted April 1, 2009 if it's missing userint.exe or the associated registry key he can't log into the machine, even in safe mode. He'll need to boot from other media or in another machine to fix that issue before you can do anything else, or perform a repair, may work but is a little extreme. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now