Win XP - logon and auto logoff after MF quarantined Trojan(s)

[tonkatoy]

CoreII processor with 2Gb RAM

250Gb SATA hard disk partitioned for dual boot

Win XP Media Center with SP3 and auto updating

(note 2nd partition is only at SP2)

Malware Fighter - up to date at time of scan

 

I ran a full scan yesterday (14th Sept) from a fully up to date Malware Fighter which quarantined one or more trojans.

On reboot my PC will load to logon screen but whichever user I select the logon gets logged off again almost straight away.

Have tried last good boot and safe boot in all 3 modes but nothing is successful

Help please

[Cicely]

Hi tonkatoy,

 

We are very sorry for the trouble caused by this false positive. Please accept our sincerest apologies. The quarantined files is userinit.exe.

 

This is how to fix this issue:

 

1) Insert the original Windows XP CD and reboot the computer (you may need to configure your computer to boot from the CD-ROM drive).

2) When the Windows XP Setup has started, press “Start from CD”

3) Then press "R" to repair the Windows XP installation using the “Recovery Console".

3) Select the Windows installation to repair (generally this is c:\windows) by typing its number (usually number 1) and then pressing ENTER.

4) Type the Administrator password (usually leave blank) and press ENTER.

5) Then type the following commands:

 

D: [press ENTER]

CD I386 [press ENTER]

EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32 [press ENTER]

 

 

NOTE: If your CD-ROM drive has a different from the letter “ d “, please assign the correct letter to it. Eg: enter "x:" instead (where X is the appropriate drive letter). If you don't know the name of the drive, type " map " and it will show you your drive number.

 

After entering "EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32" you should see the text "1 file(s) copied", in which case all went well.

 

Remove the Windows XP CD, type "EXIT" and press ENTER to restart your computer. You should then be able to log on to Windows as normally.

[tonkatoy]

Hi Cicely,

 

Thanks very much for the prompt response. I have a slight snag but one which I may be able to get around I hope. The PC came with XP OEM'd and they didn't supply a disk (it is a genuine copy I checked) although I think there is a recovery partition (need to check). However as I have dual boot with a second copy of XP (albeit at SP2 not SP3) can I copy the userinit.exe to the harddrive for the failing partition. I read your guidance as meaning that it needs to go in \WINDOWS\SYSTEM32\

 

Am I correct ?

 

Appreciate it may have been patched since then but once I can get the partition booted perhaps I can recover the quarantined version ?

 

Thanks

 

Dave

[tonkatoy]

Hi,

 

I did as I suggested and the PC rebooted successfully.

 

Thanks for your assistance.

 

Dave

[PRYML]

Another false "positive"?

 

The same thing happened to me :evil: but my ASUS eeepc netbook (as I assume all eeepc netbook owners know) never came with an original Windows XP CD, hence I'm unable to follow through with the "solution". However, I was able to retrieve my data by running an UBUNTU (Natty Narwhal) Live CD :smile: I'm now happily running UBUNTU on that ASUS eeepc without the need for Iobit Malware Fighter :lol:

 

Having said that, I recently bought a new SONY VAIO notebook running Windows 7 (64bit) which comes pre-loaded with SONY VAIO software. On a recent Full Scan, Malware Fighter flagged

 

C:\Program Files\Sony\VAIO Personalization Manager\VEClient64.dll

 

as "Trojan.Agent"

 

Due to past experience, I'm now very cautious of proceeding with "Repair" as I fear it might corrupt the integrated VAIO software package as a whole.

 

Please advise on whether or not I should "Repair" or otherwise...

 

 

 

 

EDIT: Your post is copied as VEClient64.dll - Another false "positive"? thread. Please follow from there.

[cinarte]

cant get past windows blue welcome screen after running malwarebytes

 

I tried this and when I type in cdi386 I get the system cannont find the file or directory specified. I ran malwarebytes 2 nights ago and had trojans etc. I did the repair and now I cant get into windows. When I click on my name at the welcome part it says its loading settings but nothing happens. if I click it again it says I am logging off. So when I ran a search and found this information I thought easy peasy to fix..but its not accepting the information. Whats weird is that I run Norton daily and it never found these issues but my laptop has been running wonky which is why I ran Malwarebytes. Any information would be helpful..I need the laptop for my business. I am using my old Dell latitude which doesnt have my work stuff on it and it runs fine but there are dead people who move faster!

 

ok here is an update.. I finally got to i386 but not by typing CD in front of it..it was just not working. So just using the I386 and then hitting enter worked and I finally got the next step. But what came up didnt say 1 file copied it came up as 1 file expanded. So I prayed that was pretty much what I needed. I took out the cd,typed exit and rebooted. I now back in business it appears!! What scares me is whether or not I should use Malwarebytes again? and why did this happen?

 

Hi tonkatoy,

 

We are very sorry for the trouble caused by this false positive. Please accept our sincerest apologies. The quarantined files is userinit.exe.

 

This is how to fix this issue:

 

1) Insert the original Windows XP CD and reboot the computer (you may need to configure your computer to boot from the CD-ROM drive).

2) When the Windows XP Setup has started, press “Start from CD”

3) Then press "R" to repair the Windows XP installation using the “Recovery Console".

3) Select the Windows installation to repair (generally this is c:\windows) by typing its number (usually number 1) and then pressing ENTER.

4) Type the Administrator password (usually leave blank) and press ENTER.

5) Then type the following commands:

 

D: [press ENTER]

CD I386 [press ENTER]

EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32 [press ENTER]

 

 

NOTE: If your CD-ROM drive has a different from the letter “ d “, please assign the correct letter to it. Eg: enter "x:" instead (where X is the appropriate drive letter). If you don't know the name of the drive, type " map " and it will show you your drive number.

 

After entering "EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32" you should see the text "1 file(s) copied", in which case all went well.

 

Remove the Windows XP CD, type "EXIT" and press ENTER to restart your computer. You should then be able to log on to Windows as normally.