Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 38

Thread: New Defs and Old version cases logon issue

  1. #11
    Junior Member
    Join Date
    Jul 2008
    Posts
    1

    Default

    Quote Originally Posted by icemannd View Post
    For those who are still fixing this problem I created a BartPE plugin to fix it.

    No additional files are needed everything is included already in the PE Build or is in the plugin.

    To launch select Programs -> Repair Userinit -> Repair User init

    for those who would like to do it on their own
    Code:
    @echo off
    if exist c:\windows\system32\config\software (
    	reg load HKLM\JUNK c:\windows\system32\config\software
    	set UserInitPath="C:\windows\system32\userinit.exe,"
    ) ELSE if exist c:\winnt\system32\config\software (
    	reg load HKLM\JUNK c:\winnt\system32\config\software
    	set UserInitPath="C:\winnt\system32\userinit.exe,"
    ) else goto END
    for /f "skip=4 delims=" %%i in ('reg query "HKLM\JUNK\Microsoft\Windows NT\currentversion\Winlogon" /v userinit') do (
    	for /f "usebackq tokens=1,2,3" %%j in ('%%i') do (
    		if "%%l"=="" (
    			reg add "HKLM\JUNK\Microsoft\Windows NT\currentversion\Winlogon" /v userinit /t REG_SZ /d %UserInitPath% /f
    		)
    	)
    )
    
    :END
    pause
    this doesn't work for me it saying the file is in use, i have also tried safe mode, same thing there aswell.

    this has been around for a little while now surely there is a way to remove it??

    when spybot v1.4 is installed it doesn't even show up...hmmm ? i thought it would have come up at least then allow you to remove it without causing the log off issue?

    can anyone offer some real answers here please :D

  2. #12
    Junior Member
    Join Date
    Jun 2008
    Posts
    3

    Default

    if you can boot into safe mode you don't have the problem described here. The problem described here will not let you remain logged on in safe mode or normal mode. And the plugin and script I posted are both for use from a PE environment.

  3. #13
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    due to requests for advice on this issue I entered descriptions for some methods to restore login. I hope this is of some help.
    Click me.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  4. #14
    Junior Member
    Join Date
    Jul 2008
    Posts
    17

    Default Another false positive…?

    Another false positive…?

    Recent posts have indicated that the 06/25/08 update with SpyBot V1.3 seems to indicate CoolWWWSearch.hjg and HellzLittleSpy as false positives.

    After going through the absolute “nightmare” of restoring my home network after letting SpyBot remove the “Userinit” value from the registry, I am wondering, with the new 07/01 and 07/02/08 updates is Win32.Agent.pz likewise a false positive? I am still using v 1.3

    No other Spyware/Antivirus program seems to pick it up. I am really not looking forward to doing further restores!


    By the way, if anyone is wondering how I managed to get my 3 home network PC set up back when the Userinit reg setting gets wiped out and you can’t even boot into SafeMode, can’t even run a DOS prompt to run any batch program to re-write the registry, etc., etc., well don’t run to reformat!

    Go to the big audio/video chain stores and get a product called “Fix It Utilities Professional version 8. It is made by Avanquest, it sells for about $40, and it’s a 3 user license. Pop the cd into your drive, change any bios/boot up settings to allow the pc to boot from the CD rather than the hard drive and let the CD boot. Once it boots, and the interface comes up, run the program called Recovery Commander. Choose the option to restore from a System Restore Checkpoint. Let it run and assuming you do have a series of system checkpoints to choose from, you should be OK, once you reboot. This is a lifesaver! By the way, I do not work for this company, I am not trying to submit an ad, I use this for other stuff, I repeat it is a Lifesaver!

    Anyway, back to the original point of the post, more false positives?

    Thanks in advance!

  5. #15
    Junior Member
    Join Date
    Jul 2008
    Posts
    17

    Default

    Quote Originally Posted by drragostea View Post
    Any reason why you have not upgraded to v.1.5.2.20 yet? This problem seems to be that there is an incompatibility issue with newer updates intended for 1.5.2 on Spybot-SD 1.3.
    --
    http://forums.spybot.info/showpost.p...40&postcount=2
    --
    Up till now, my feelings were .. if it ain't broke don't fix it!, as well as KISS, keep it Super Simple...

    Additionally, as Yodama has requested in the post regarding "How to report a false positive", here goes...

    Operating System - Windows XP Home Edition ,SP2
    HP pavililion a767c
    Pentium 4 (540 processor) – 3.2 GHz 1mb L2 cache, 800mhz Front Side Bus
    3.0 GB DDR SDRam
    Browser and Version - Internet Explorer 6
    Version of Spybot S&D and Date of the latest update – 1.3 Updates 7/1/08 & 7/2/08

    Where did the false positive occur
    Scan result


    Log Follows

    CooIWWWSearch.hjg: User settings (Registry change, nothing done)
    HKEY _ USERS\S-1-5-21-3572884163-1 035437201-1615707650-1 006\Software\Microsoft\Windows\CurrentVersion\lntemet Settings\PrivDiscUiShownl=W=O

    CooIWWWSearch.hjg: Settings (Registry change, nothing done)
    HKEY _ USERS\S-1-5-21-3572884163-1 035437201-1615707650-
    1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExtI=W=1

    HelIzLittleSpy: Settings (Registry change, nothing done)
    HKEY _LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NTICurrentVersion\Winlogon\Userinitl=<$SYSDIR>\userinit.exe,

    Win32.Agent.pz: Settings (Registry change, nothing done)
    HKEY _LOCAL_MACHINE\SYSTEM\ControISet002\Services\SharedAccess\Parameters\FirewaIIPolicy\StandardProfile\EnableFirewalll=W=1
    Win32.Agent.pz: Settings (Registry change, nothing done)
    HKEY _LOCAL_MACHINE\SYSTEM\ControISetOO1 \Services\SharedAccess\Parameters\FirewaIiPolicy\StandardProfile\EnableFirewalll=W=1

    Win32.Agent.pz: Settings (Registry change, nothing done)
    HKEY _CURRENT _ CONFIG\Software\Microsoft\windows\CurrentVersion\lnternet Settings\ProxyEnablel=W=1

    - Spybot - Search && Destroy version: 1.3
    - 2008-06-17 Includes\Adware.sbi
    - 2008-06-18 Includes\AdwareC.sbi
    - 2008-06-03 Includes\Cookies.sbi
    - 2008-06-03 Includes\Dialer.sbi
    - 2008-06-24 Includes\DialerC.sbi
    - 2008-06-03 Includes\HeavyDuty.sbi
    - 2008-06-16 Includes\Hijackers.sbi
    - 2008-06-17 Includes\HijackersC.sbi
    - 2008-06-25 Includes\Keyloggers.sbi
    - 2008-07-02 Includes\KeyloggersC.sbi
    - 2004-11-29 Includes\LSP.sbi
    - 2008-07-02 Includes\Malware.sbi
    - 2008-07-01 Includes\MalwareC.sbi
    - 2008-06-17 Includes\PUPS.sbi
    - 2008-07-01 Inc1udes\PUPSC.sbi
    - 2007-11-07 Includes\Revision.sbi
    - 2008-06-10 Includes\Security.sbi
    - 2008-07-01 Includes\SecurityC.sbi
    - 2008-06-03 Includes\Spybots.sbi
    - 2008-06-03 Includes\SpybotsC.sbi
    - 2008-06-17Includes\Spyware.sbi
    - 2008-06-17 Includes\SpywareC.sbi
    - 2008-06-03 lnc1udes\Tracks.uti
    - 2008-06-24 Includes\Trojans.sbi
    - 2008-07-01 Includes\TrojansC.sbi
    - 2007-06-06 Plugins\TCPIPAddress.dll


    Once again, hope this helps, thanks in advance

  6. #16
    Member walker's Avatar
    Join Date
    Jul 2008
    Location
    Toasted from Brasil living in Florida
    Posts
    65

    Default

    Quote Originally Posted by Yodama View Post
    hello,

    due to requests for advice on this issue I entered descriptions for some methods to restore login. I hope this is of some help.
    Click me.
    You are either very evil or very stupid, or possibly both.

    Firstly, this early version of the software is constantly given the opportunity to download the latest from your server....therefore, who would think that it was necessary to remove the early version and download the latest....for something this horrible not to happen?

    Next, you have singlehandedly created the worst "virus" situation I have ever encountered.....that being not able to access the desktop at all. No virus in a 34 year history of using computers has ever caused this much trouble. I guess if you are a 16 year old retard, you are to be commended. No Trojan has ever been able to accomplish what you have.

    As to your Norwegian fix number 2.....the link to download that particular boot cd doesn't work. Excellent.

    You have created a nightmare for people who who used your quirky software. Unfortunately, I trusted that hellzlittlespy was malware and removed it. You should not be in this business if you don't know what you are doing. Maybe selling ice cream would be a better profession for you, as this cannot be your real day job....!!
    Last edited by tashi; 2008-07-03 at 07:43. Reason: Mod: removed foul remark

  7. #17
    Member walker's Avatar
    Join Date
    Jul 2008
    Location
    Toasted from Brasil living in Florida
    Posts
    65

    Default

    Mod, thanks for removing my "foul language" from the post below. Now why not figure out how to download the file necessary to complete option #2 of the brilliant fix? It seems that your server is not working (or maybe something else?). Is it still cold in Norway?....maybe an electrical connection is frozen......well you just froze my computer...so why not!!




    Quote Originally Posted by walker View Post
    You are either very evil or very stupid, or possibly both.

    Firstly, this early version of the software is constantly given the opportunity to download the latest from your server....therefore, who would think that it was necessary to remove the early version and download the latest....for something this horrible not to happen?

    Next, you have singlehandedly created the worst "virus" situation I have ever encountered.....that being not able to access the desktop at all. No virus in a 34 year history of using computers has ever caused this much trouble. I guess if you are a 16 year old retard, you are to be commended. No Trojan has ever been able to accomplish what you have.

    As to your Norwegian fix number 2.....the link to download that particular boot cd doesn't work. Excellent.

    You have created a nightmare for people who who used your quirky software. Unfortunately, I trusted that hellzlittlespy was malware and removed it. You should not be in this business if you don't know what you are doing. Maybe selling ice cream would be a better profession for you, as this cannot be your real day job....!!

  8. #18
    Member walker's Avatar
    Join Date
    Jul 2008
    Location
    Toasted from Brasil living in Florida
    Posts
    65

    Default

    This answer is a classic. Why would I upgrade to the current version when no mention of it occurs??...and the software continually accesses the current available downloads.



    Quote Originally Posted by tashi View Post
    Hello,


    Spybot-S&D v1.3 is very old, any reason you have not upgraded to v1.5?

    Version 1.6 is due shortly.

    Regards.

  9. #19
    Member walker's Avatar
    Join Date
    Jul 2008
    Location
    Toasted from Brasil living in Florida
    Posts
    65

    Default

    Reference AIK...it's supposed to be for the below....but option #3 in your fix doesn't say this. Is AIK plus your other 2 downloads good for Win. 2000 Pro?






    System Requirements
    Supported Operating Systems: Windows Server 2008; Windows Vista


    Windows Vista

    Windows Vista Service Pack 1

    Windows Server 2008

    Windows Server 2003 Service Pack 1 with KB926044

    Windows Server 2003 Service Pack 2

    Windows XP Service Pack 2 with KB926044

  10. #20
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    What do you mean no mention of the new version?
    What do you think main update means?
    It gets shown in every update.

    It seems to have been an error to not force new versions like other software do.

    If you want help, we are willing to help but if you just want to let off steam you are at the wrong place.

    As to your Norwegian fix number 2.....the link to download that particular boot cd doesn't work. Excellent.
    I do not see the link not working, it worked yesterday and it works now, approx 50 min. after your post. Of course there can never be a guarantee that links always work. As of now netcraft does not show any downtime on that server.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •