Windows Problem
Started by
jrad2105
, Jan 04 2006 09:59 PM
#1
Posted 04 January 2006 - 09:59 PM
#2
Posted 04 January 2006 - 10:20 PM
Can you boot the PC to safe mode and select the administrator account
Has it been doing this long?
Has it been doing this long?
#3
Posted 04 January 2006 - 11:08 PM
no i cannot i think that i am missing the userinit.exe file??
#4
Posted 04 January 2006 - 11:15 PM
Wsaupdater.exe is spyware that changes Userinit.exe, to Wsaupdater.exe in the registry.
Ad-Aware by Lavasoft removes the Wsaupdater.exe file from the computer, but it cannot change the registry subkey back to Userinit.exe,.
The registry subkey that is changed is
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: Userinit
Data: %Windir%\System32\Wsaupdater.exe
Note %windir% represents the location of the System32 folder.
For example, if the location is C:\Windows\System32, the data would be C:\Windows\System32\Wsaupdater.exe.
The data should contain Userinit.exe, instead of Wsaupdater.exe. In the previous example, the data would be C:\Windows\System32\Userinit.exe,.
Note The comma following the file path information is required.
RESOLUTION
Use the Recovery Console to copy Userinit.exe to Wsaupdater.exe to allow logon capability to be restored and to let you manually correct the registry data.
To do this, follow these steps:
Use Recovery Console to copy Userinit.exe to Wsaupdater.exe
1. At the Recovery Console command prompt, type cd system32, and then press ENTER.
2. Type copy userinit.exe wsaupdater.exe, and then press ENTER.
3. Type exit, and then press ENTER.
Modify the registry
1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, expand
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
.
3. In the right pane, right-click userinit, and then click Modify.
4. Replace wsaupdater.exe with userinit.exe, (make sure to include the comma, as shown), and then click OK.
5. Restart your computer.
Delete the Wsaupdater.exe file
1. Log on to the computer by using an account that has administrator-level permissions.
2. Click Start, click Run, type%Windir%\system32, and then click OK.
3. Right-click wsaupdater.exe, click Delete, and then click OK.
Ad-Aware by Lavasoft removes the Wsaupdater.exe file from the computer, but it cannot change the registry subkey back to Userinit.exe,.
The registry subkey that is changed is
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: Userinit
Data: %Windir%\System32\Wsaupdater.exe
Note %windir% represents the location of the System32 folder.
For example, if the location is C:\Windows\System32, the data would be C:\Windows\System32\Wsaupdater.exe.
The data should contain Userinit.exe, instead of Wsaupdater.exe. In the previous example, the data would be C:\Windows\System32\Userinit.exe,.
Note The comma following the file path information is required.
RESOLUTION
Use the Recovery Console to copy Userinit.exe to Wsaupdater.exe to allow logon capability to be restored and to let you manually correct the registry data.
To do this, follow these steps:
Use Recovery Console to copy Userinit.exe to Wsaupdater.exe
1. At the Recovery Console command prompt, type cd system32, and then press ENTER.
2. Type copy userinit.exe wsaupdater.exe, and then press ENTER.
3. Type exit, and then press ENTER.
Modify the registry
1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, expand
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
.
3. In the right pane, right-click userinit, and then click Modify.
4. Replace wsaupdater.exe with userinit.exe, (make sure to include the comma, as shown), and then click OK.
5. Restart your computer.
Delete the Wsaupdater.exe file
1. Log on to the computer by using an account that has administrator-level permissions.
2. Click Start, click Run, type%Windir%\system32, and then click OK.
3. Right-click wsaupdater.exe, click Delete, and then click OK.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users