TroyO
2008-07-29, 04:58
I have one that's been a bit of a pickle, any help would be greatly appreciated. It seems similar to the wsaupdater.exe problems, but a little different.
In this case, it's changing the registry entry for HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit to (UsualPath)\Userinits.exe,
So... I boot with UBCD4Win, run... well, just about every spyware app I can find. They pull a couple of things and after a few rounds I get clean reports all around.
I fix the appropriate registry key, and boot back in to windows. It then will log on, but after a few minutes Spybot comes up and tells me something is trying to change userinit.exe to userinits.exe and I DENY the change. Then I reboot and I'm back at the windows log in/immediate logoff problem and I go through it all again. The Reg Key does get changed, even though I said no.
Any help tracking it down is appreciated! I find info about wsaupdater.exe and such everywhere, but userinits.exe comes up blank, and SpyBots not blocking the reg change for some reason.
In this case, it's changing the registry entry for HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit to (UsualPath)\Userinits.exe,
So... I boot with UBCD4Win, run... well, just about every spyware app I can find. They pull a couple of things and after a few rounds I get clean reports all around.
I fix the appropriate registry key, and boot back in to windows. It then will log on, but after a few minutes Spybot comes up and tells me something is trying to change userinit.exe to userinits.exe and I DENY the change. Then I reboot and I'm back at the windows log in/immediate logoff problem and I go through it all again. The Reg Key does get changed, even though I said no.
Any help tracking it down is appreciated! I find info about wsaupdater.exe and such everywhere, but userinits.exe comes up blank, and SpyBots not blocking the reg change for some reason.