ATTN Yodama
as you seem to be reading the forum now
Please correct the mistakes in your blog.
http://forums.spybot.info/blog.php?b=14
All your paths for Windows2000 are incorrect and will not work for those users.
eg
"for Windows 2000
c:\windowsnt\......."
Should be
"for Windows 2000
c:\winnt\......."
Terminator,
I didn't intend to 'slander' anyone.
'Team Members' posting 'ideas' without having first replicated the problem and then fixed it, are wasting people's time.
The blog has errors that I pointed out yesterday and that remain uncorrected today and which if followed will just waste more people's time.
Also some posters are promoting commercial $oftware here as a fix. Circling sharks? No slander. There's blood in the water.
Editing the registry from another NT(w2k,xp - vista(?)OS installation would be the quickest way for people who have a network setup or who are prepared to physically remove the affected drive and slave it to a working box.
I tried the latter after reading this page:
http://smallvoid.com/article/winnt-offline-registry-edit.html
(Note: the paths to the files/registry-hives in step 4 in the above page relate to Windows2000 eg:
winnt/system32/config/software
For XP just substitute windows for winnt).
However, I didn't read step 4 properly on that page and loaded the wrong hive. Being smart I assumed (wrongly) that I should load the file/hive 'ntuser.dat' from my admin profile which I did and the key was there but the entry wasn't so I added it, put the drive back in it's own box and of course still had the logon loop so I just used my backup disk image I'd made a few hours before and moved on - problem fixed, time wasted and work lost.
In hindsight I should have loaded the hive: \system32\config\SOFTWARE (I think) and fixed the registry entry in there.
That's the extensionless file C:\Windows\system32\config\SOFTWARE <-XP
and C:\WINNT\system32\config\SOFTWARE <-Windows2000
Read the above page link and the following extra notes might help.
Start>Run and type regedt32
(Regedt32.exe is here: C:\WINDOWS\system32\regedt32.exe <-XP
and here: C:\WINNT\system32\regedt32.exe <-Windows 2000)
In Regedt32 make sure 'View' is set to 'Tree and Data' and 'Security>Permissions' has 'Read' & 'Full Control' checked.
When you have the hive loaded and named it something obvious (like STUFFUP) navigate to & highlight the key:
Software\Microsoft\Windows NT\CurrentVersion\Winlogon in the left pane
(If there's another key named WINDOWSNT, it's NOT that one, it's as above: Windows NT).
Then go to 'Edit>create new value'.
Type Userinit in the 'Name' field and make sure REG_SZ is in the 'Type' field.
Click OK and the String Editor box will open. Type or paste the path to userinit.exe in the field:
C:\Windows\system32\userinit.exe, <-XP AND don't forget the comma at the end!
C:\WINNT\system32\userinit.exe, <-Win2000 AND don't forget the comma at the end!
Unload the hive and close regedt32.
If you've jumper slaved the drive don't forget to move the drive jumper back to master before you put it back in its box.
Now, I did this in the wrong hive as I said so I haven't verified that it works. But if the value gets written then it should be good to go.
Maybe someone from Safer Networking can check these steps, make sure it works and post it as a sticky (and somehow GET it to ALL your users along with other working methods).
Those who are capable can do it themselves and those who are not could print it out and take it to their local computer mr.fixit or competent friend. Shouldn't take a few minutes to fix with the RIGHT instructions.
