This is about a serious issue that disables users from logging on to their computers.
The cause for this issue may be one of the following:
Symptom:
Logoff will occur directly after login.
Now the important part: How to regain login to the computer without the need for a reinstall. Please note that there are more methods to do this, the following have been chosen by me because they do have some advantages over other approaches.
1.Method: Remote Registry
The fastest and easiest way is to remotely connect the Windows Registry and edit it.
Requirements:
First you will need to start regedit on the 2nd computer.
Then select "File" - "Connect Network Registry..."
You will see the next screen where you can enter the network name or the IP Adress of the computer affected by the userinit issue.
In this example the IP is 192.168.13.172, yours is usually a different one. You may be prompted for user name and password, enter a user with administrative rights.
The next step is to navigate to the required location within the registry.
The required default value and data:
Now edit the Value "Userinit"
As soon as the correct data has been entered the user can log on to the computer which had the userinit issue.
2. Method : Offline registry tools and password resetter
Requirements:
This tool requires a 2nd computer to download and create a bootcd, there are no further requirements.
The download can be found here
Download size is about 3 MB, which is quite small and makes this method recomendable
Once the CD is created the userinit affected computer needs to be started with this CD.
After the boot procedure has been completed, the system asks for the boot partition.
Usually the choice would be "1".
In my example it is "2".
Screenshot 1
After that the path to the registry is asked. By default the correct path is already given, so this can be accepted by pressing the enter key.
Screenshot 2
Next choose "2" : RecoveryConsole parameters [software]
Screenshot 3
On the next prompt choose "9" Registry editor
Screenshot 4
The system now enters a bash console like navigation for the Software key of the Registry.
Following commands may be helpful:
So entering:
Will lead you to the required location.
Screenshot 5
The command ls will list the contents.
Type
Screenshot 6
Now enter the required Data for the Userinit Value:
Screenshot 7
With the following command the Data of the Userinint Value can be confirmed:
Screenshot 8
If the data is correct you can now enter q to quit the registry editor mode.
Enter q again to exit the Software Hive.
You will now be prompted to save, enter y to save.
Screenshot 9
After that a prompt for a new run appears, enter n for no.
Screenshot 10
Reboot normally and log on to Windows.
Method 4:
This Method can be used in conjunction with Method 2 to restore login. The main issue with Method 2 is that it does not work if the NTFS file system is flagged as "dirty". Method 4 will remove this:
This option is valid for both Windows 2000 and Windows XP, only paths differ on both systems.
Requirements:
Overview of steps:
Detailed description:
1. Start NTFS4Dos
If you start NTFS4Dos from the Ultimate BootCD (~115 MB download will require CD) you will find it in Filesystem Tools - NTFS Tools
Once started you will be required to enter "yes" to confirm that you use it for personal use only.
NTFS4Dos is owned by Avira and can also be downloaded from Aviras (~1.2 MB download, will require floppy disk)website.
2. Copy and Backup of Software registry key
What you need to do here is to backup the current software registry key and copy the backup software registry key.
Enter the lines in code according to your OS.
Windows 2000:
Windows XP:
3. reboot and shut down properly
At this point it is possible to get a proper login for Windows again. But since the Software key has been replaced by an old version most software is not properly registered anymore. If the latter does not matter to you, you may stop here otherwise follow the next steps.
You will need to properly shut down Windows, to make sure that the dirty flag is not set again. A safe way to ensure this, is to boot into safe mode twice and shut down using Windows functions namely "restart".
4. restore latest Software registry key
Now boot with NTFS4Dos again.
This time we will restore the file we renamed to software.bak earlier:
Windows 2000:
Windows XP:
Remember that you now have a corrupted Registry again , so do not try to boot Windows now or the NTFS may get "dirty" again.
5. reboot directly to bootcd and apply method 2
Now follow the steps described in Method 2.
Changes should be writeable now.
edit3: corrected paths as reported by shame2
edit4: added Method 4 , removed Method 3 to save space
edit5: corrected wrong path for Windows XP
edit6: added further instructions for method 4
The cause for this issue may be one of the following:
- Spybot S&D 1.3 with current detection rules without HellzSpy infection.
- Spybot S&D 1.4 with current detection rules and HellzLittleSpy infection
Symptom:
Logoff will occur directly after login.
Now the important part: How to regain login to the computer without the need for a reinstall. Please note that there are more methods to do this, the following have been chosen by me because they do have some advantages over other approaches.
1.Method: Remote Registry
The fastest and easiest way is to remotely connect the Windows Registry and edit it.
Requirements:
- 2nd Computer in Network
- remote registry service must run (default)
First you will need to start regedit on the 2nd computer.
Then select "File" - "Connect Network Registry..."
You will see the next screen where you can enter the network name or the IP Adress of the computer affected by the userinit issue.
In this example the IP is 192.168.13.172, yours is usually a different one. You may be prompted for user name and password, enter a user with administrative rights.
The next step is to navigate to the required location within the registry.
Code:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinlogonThe required default value and data:
Code:
for Windows XP
Userinit=c:\windows\system32\userinit.exe,
for Windows 2000
Userinit=c:\winnt\system32\userinit.exe,
Now edit the Value "Userinit"
As soon as the correct data has been entered the user can log on to the computer which had the userinit issue.
2. Method : Offline registry tools and password resetter
Requirements:
This tool requires a 2nd computer to download and create a bootcd, there are no further requirements.
The download can be found here
Download size is about 3 MB, which is quite small and makes this method recomendable
Once the CD is created the userinit affected computer needs to be started with this CD.
After the boot procedure has been completed, the system asks for the boot partition.
Usually the choice would be "1".
In my example it is "2".
Screenshot 1
After that the path to the registry is asked. By default the correct path is already given, so this can be accepted by pressing the enter key.
Screenshot 2
Next choose "2" : RecoveryConsole parameters [software]
Screenshot 3
On the next prompt choose "9" Registry editor
Screenshot 4
The system now enters a bash console like navigation for the Software key of the Registry.
Following commands may be helpful:
Code:
note that Names are case sensitive
ls - will list the current key contents
cd <$keyname> - will open the key given in <$keyname>
cd .. - will go up one layer of the key structure
ed <$valuename> - will open prompt to edit the value specified in <$valuename>So entering:
Code:
cd Microsoft\Windows NT\CurrentVersion\WinlogonScreenshot 5
The command ls will list the contents.
Type
Code:
ed UserinitNow enter the required Data for the Userinit Value:
Code:
for Windows XP
c:\windows\system32\userinit.exe,
for Windows 2000
c:\winnt\system32\userinit.exe,Screenshot 7
With the following command the Data of the Userinint Value can be confirmed:
Code:
cat UserinitScreenshot 8
If the data is correct you can now enter q to quit the registry editor mode.
Enter q again to exit the Software Hive.
You will now be prompted to save, enter y to save.
Screenshot 9
After that a prompt for a new run appears, enter n for no.
Screenshot 10
Reboot normally and log on to Windows.
Method 4:
This Method can be used in conjunction with Method 2 to restore login. The main issue with Method 2 is that it does not work if the NTFS file system is flagged as "dirty". Method 4 will remove this:
This option is valid for both Windows 2000 and Windows XP, only paths differ on both systems.
Requirements:
- NTFS capable boot disk like NTFS4Dos
- Offline Rcovery tool from Method 2
- both tools can be found on the Ultimate Boot CD: Filesystem tools - NTFS Tools
Overview of steps:
- Start NTFS4Dos
- Copy and Backup of Software registry key (note: it is possible to end here)
- reboot and shut down properly
- restore latest Software registry key
- reboot directly to bootcd and apply method 2
Detailed description:
1. Start NTFS4Dos
If you start NTFS4Dos from the Ultimate BootCD (~115 MB download will require CD) you will find it in Filesystem Tools - NTFS Tools
Once started you will be required to enter "yes" to confirm that you use it for personal use only.
NTFS4Dos is owned by Avira and can also be downloaded from Aviras (~1.2 MB download, will require floppy disk)website.
2. Copy and Backup of Software registry key
What you need to do here is to backup the current software registry key and copy the backup software registry key.
Enter the lines in code according to your OS.
Windows 2000:
Code:
cd c:
or
c:
cd c:\Winnt\system32\config
rename software software.bak
copy c:\Winnt\repair\software softwareWindows XP:
Code:
cd c:
or
c:
cd c:\Windows\system32\config
rename software software.bak
copy c:\Windows\repair\software software3. reboot and shut down properly
At this point it is possible to get a proper login for Windows again. But since the Software key has been replaced by an old version most software is not properly registered anymore. If the latter does not matter to you, you may stop here otherwise follow the next steps.
You will need to properly shut down Windows, to make sure that the dirty flag is not set again. A safe way to ensure this, is to boot into safe mode twice and shut down using Windows functions namely "restart".
4. restore latest Software registry key
Now boot with NTFS4Dos again.
This time we will restore the file we renamed to software.bak earlier:
Windows 2000:
Code:
cd c:
or
c:
cd c:\Winnt\system32\config
rename software software.oldbackup
rename software.bak softwareWindows XP:
Code:
cd c:
or
c:
cd c:\Windows\system32\config
rename software software.oldbackup
rename software.bak softwareRemember that you now have a corrupted Registry again , so do not try to boot Windows now or the NTFS may get "dirty" again.
5. reboot directly to bootcd and apply method 2
Now follow the steps described in Method 2.
Changes should be writeable now.
edit3: corrected paths as reported by shame2
edit4: added Method 4 , removed Method 3 to save space
edit5: corrected wrong path for Windows XP
edit6: added further instructions for method 4
I took a look in the c:windows\system32\config directory where I located a file named sofftwar. :scratch: I renamed that file file using the NTFS4Dos. I assume this file was created by spybot. Once I renamed the file software, and followed the rest of the directions in method 4, my system came back fully functional. Once the system was restored, the spybot execution I was running that caused the crash executed. This method, however, is quite complicated if you have no knowledge of Dos commands. All said, i was able to get my system up and running again.:angel: However, I do agree there should be some kind of warning when there dangers associated with not updating the software. :nono:
. When I did quit from the "Simple registry editor" and then chose to save the change it gave me message like "umount: cannot umount /disk: Divice or resources busy", but also showed ****EDIT COMPLETE *******.