Simply create a folder named the following.
MCP.{ED7BA470-8E54-465E-825C-99712043E01C}
Thursday, January 28, 2010
Wednesday, January 20, 2010
Auto log in and out Virus FIX!
1.Insert the BartPE or tools CD into the drive, and boot the system from the CD. Once the file loading phase is over, the Bart PE desktop will be visible, as shown in Figure 1.
2.Type Regedit.exe in the prompt, and press Enter. Select the HKEY_USERS hive
3.From the File menu, choose the Load Hive option. Browse to your Windows installation drive, for example the following location:
C:\Windows\System32\Config\
4.Select the file named SOFTWARE (the file without any extensions), and click Open
5.Type a name for the hive that you've loaded now. (Example: MyXPHive)
6.Now the SOFTWARE hive is loaded, and present under the HKEY_USERS base hive.
7.In order to fix the Userinit value in the loaded hive, navigate to the following location:
HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
8.Double-click Userinit and set it's value correctly. Example: Set it's data as follows:
C:\Windows\System32\Userinit.exe,
(Include the trailing comma also. The above assumes that Windows is installed in C:\Windows, and Userinit.exe file is actually present in the System32 folder. You may want to verify that as well.)
9.After entering the correct data, you MUST unload the Hive. To do so, select MyXPHive branch, and then in the File menu, choose Unload Hive. It's important to note that you'll need to select the MyXPHive branch first, before unloading it.
10.Quit BartPE and restart Windows. See if you're able to logon to your profile
2.Type Regedit.exe in the prompt, and press Enter. Select the HKEY_USERS hive
3.From the File menu, choose the Load Hive option. Browse to your Windows installation drive, for example the following location:
C:\Windows\System32\Config\
4.Select the file named SOFTWARE (the file without any extensions), and click Open
5.Type a name for the hive that you've loaded now. (Example: MyXPHive)
6.Now the SOFTWARE hive is loaded, and present under the HKEY_USERS base hive.
7.In order to fix the Userinit value in the loaded hive, navigate to the following location:
HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
8.Double-click Userinit and set it's value correctly. Example: Set it's data as follows:
C:\Windows\System32\Userinit.exe,
(Include the trailing comma also. The above assumes that Windows is installed in C:\Windows, and Userinit.exe file is actually present in the System32 folder. You may want to verify that as well.)
9.After entering the correct data, you MUST unload the Hive. To do so, select MyXPHive branch, and then in the File menu, choose Unload Hive. It's important to note that you'll need to select the MyXPHive branch first, before unloading it.
10.Quit BartPE and restart Windows. See if you're able to logon to your profile
Saturday, January 9, 2010
Powerful malware process stopper
Subscribe to:
Comments (Atom)
 
