Virus Problem

So, my daughter has not been following the safe computing practices I taught her and has managed to get her machine hacked up. (I word it this way because with the degree to which I harp on this, she said she felt like she was doing something like telling me she was pregnant. :-))

Anyway ... Other than reinstalling the OS, I am stumped and want to solicit advice before I go to that extreme.

The problem is this. Something hijacked her registry and changed the Winlogon key so that it accesses an infected program instead of userinit.exe when executing a logon sequence. The anti-virus software she has detected the virus, but not before it had done this level of damage. It then deleted the infected program. Result: When you logon to Windows, it immediately logs back off because it can't find the program the registry is telling it to find. You can't login to anything, not in safe mode, not as a different user, not as admin ... nothing. It simply reverts back to the logon screen a couple seconds after entering your password.

One suggestion I found on the web noted that Ad-Aware can cause this problem by removing a hijacker program. It changes the key to look for a file called wsaupdater.exe. The solution they offer is to enter the Windows Recovery Console (which I can do) and copy userinit.exe to wsaupdater.exe. This only works, however, if the problem was in fact caused by this piece of malware. Apparently her problem wasn't, so doing this doesn't help. I also used a Linux Live boot disc to browse the drive and see if I could find clues, but I got frustrated and ended up here.

What I need is to be able to find the value of this registry key and either change, which as far as I know cannot be done unless you can boot into Windows, or mimic it, which I could do if I knew the name.

Does anyone have any suggestions at all regarding editing/viewing the Windows registry on a machine that doesn't allow you to login to Windows.

forum out. http://castlecops.com/ Im sure they will be able to help you.
Good Luck

Some advice I found there almost worked. Unfortunately, I needed a system restore point to do it properly, and either she had not made any or the bug she got deleted them. The only one that existed had a time stamp of about 1 hour in the future.

Reading through some articles there did help me understand a bit better exactly what had happened. I've never understood the Windoze registry very well, mostly because I've never wanted to take the time to try to understand it. That helped some.

Anyway, I'm going another route. I'll be able to save all the data, so she'll just have to re-install all her software. I noticed Limewire had been installed. I think I may have to cobble together something to automatically delete that if she tries to do it again. From what I read, it is a major avenue for virus invasion.

On a positive note, I haven't found any porn. :-)

I seem to remember something like that.
Then you could load the current one into regedit.

You have to be able to login to Windows to tell it to do that, as far as I know, and I can't get past the login screen.

I really hate Windows. Really and truly.

>>flames, flames on my face<<<

I think she's getting a Linux installation and will just have to adapt.

Although I run Win98SE behind a DSL router (firewall) and have had no issues. My wife runs vanilla W98SE with the only concession to security being removal of Outlook, and has no trouble, although I did go around turning things off before giving it to her. I got tagged once with an open share while building a machine without the router, and my kid did once fooling with smut, but those were deserved. I expect when I can no longer keep Win98SE running, that will be if for me & Windoze, it's just too much work, and you're never quite done.

It's actually not quite as stable as XP, but it's a helluva lot easier to fix when things like this happen to it, at least in my experience. All this crap I've been wading through to try to fix it without a reinstall is basically a part of the copy protection. It's absurd.

Speaking of ... if you ever have to repair your registry in XP, you get to reactivate Windows. Made any changes to your system since the last time you did this? Get ready for a pile of hassle. This is actually what caused me to give up on my current track. I was going to do it, but about 15 minutes into the process realized I'd put a new CPU in the machine since the last install of Windoze and so abandoned it for the time being. I'm going to have to go through this anyway and didn't want to have to do it twice and answer *that* set of questions.

I forked out full price for a new PC version of Win98Se for just that reason. If it gets too annoying, I backup what I care about and start over. I have been known to hack the registry, but try to avoid it. The registry is a software atrocity anyway, another special non-human readable place to store secrets. What little I've seen of XP is even more annoying than NT was. Unix can be annoying, all those little files and strange unique configuration syntax, but at least it's not hidden or obfuscated, and it doesn't treat you like a moron who might not be worthy to know how to fix something.

Furthermore, with regard to *nix type system, the config files are both human readable, editable, and tend to have instructions in them. If not, there's always the man pages. Don't know how to edit the fstab file? No problem ... man fstab will tell you more than you ever wanted to know.

Okay, well, I'm off to do battle with MS Authentication. Wish me luck.