 |
|
 |
|
On Mon, 25 May 2009 15:08:32 -0700 (PDT), Jose <...@yahoo.com
On May 25, 5:19 pm, siamoose <...@discussions.microsoft.comwrote:
If you can't get logged into a usable desktop using normal methods,
you need to try booting in Safe Mode. You can't troubleshoot if you
can't get logged in.
Try Safe Mode with networking first so you can access the Internet.
If that does not work, try with no networking.
Download, install, update and do a full scan with these three free
malware detection programs:
Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
AVG (AVG): http://free.avg.com/
McAffee never has found a darn thing on my system, Spybot just finds
non edible cookies, so they waste my time no more.
You really should try to get booted in safe mode with networking and
get the scans done first. If you can't get on the Internet or make it
to those WWW sites, there are some other options, but you still need
to try diligently to get booted in some kind of safe mode.
After scanning, if you boot normally and still can't login, that is a
common after effect of malware (even after removal) and can sometimes
be fixed without much sweat.
Jose
|
|
 |
|
 |
|
|
|
|
On Mon, 25 May 2009 22:48:49 +0100, "Tim Meddick" <...@gawab.com
May I ask you what you mean by "reformatting" as most of us would take it as
reformatting and re-installing Windows?
If you were indeed going to do that anyway, may I suggest now is the
time. When you re-install Windows the drive is reformatted before
installation.
You might try booting and pressing F8 as soon as the computer is
switched on to get to the boot menu. Then choose 'Safe mode with
networking. Download Malwarebytes either on your computer or on another and
copy it over on a pendrive. Run Malwarebytes (considered to be about the
best anti-virus software available free).
If you meant something else, and you do not have any Windows versions on
disk to install, and you cannot boot into 'Safe mode' then I don't see that
much can be done.
==
Cheers, Tim Meddick, Peckham, London. :-)
"siamoose" <...@microsoft.com...
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 15:25:01 -0700, siamoose <...@discussions.microsoft.com
Tim and anyone else who might see this :)
So far this is what I have done:
Safe Mode, Safe Mode with Networking, Last Known Good Configuration (your
most recent settings that worked)
None of these have helped. I get to the welcome screen where it says my
name, I click on my name, goes to my desktop, sits there for a few minutes,
goes right back to the welcome screen, if I click on my name again, it logs
me off.
Any suggestions guys? What does this mean, it shows up when the computer
starts up? <F10_System Recovery
Thank you!
>
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 23:39:47 +0100, "Tim Meddick" <...@gawab.com
It means you have a complete system backup on your PC. Your PC is probably
either an Acer, HP, or Dell - they have an extra 'recovery' partition on
them with an 'image' of the operating system as it was when it left the
factory.
If you use the F10 option - all your personal data (photos, music, videos,
email, etc) and any software you installed will disappear - However - after
the recovery operation has finished, you will be left with a working XP
installation ready for you to use again. It wont even have any passwords
set as it will be 'As New'.
Try looking up the make of your computer and searching for 'Recovery' on
their website, because this is what it is.
Hope this is of some help to you.
==
Cheers, Tim Meddick, Peckham, London. :-)
"siamoose" <...@microsoft.com...
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 23:50:38 +0100, "Tim Meddick" <...@gawab.com
P.S. If you want to save your files (photos, music, videos, etc.) either
take the PC to a local Computer repair shop and ask them to recover your
personal data.
OR,
...ask someone you know who is computer 'savvy' to take out the HD and
temporarily place it in their PC as a 'slave' drive. They can then retrieve
your data from your "%PROFILENAME%\My Documents" folder, and put it on a
pendrive for you.
It should not cost as much to you as loosing irreplaceable photos of loved
ones!
==
Cheers, Tim Meddick, Peckham, London. :-)
"Tim Meddick" <...@TK2MSFTNGP02.phx.gbl...
|
|
|
|
|
|
|
|
|
On Tue, 26 May 2009 00:01:44 +0100, "Tim Meddick" <...@gawab.com
P.P.S. Using the F10 recovery option *will* get rid of any virus infection
as it re-writes the entire system partition.
If you choose to try the 'recovery cd' and it does not fix the problem,
using the F10 option definitely will bring your computer back to the 'As
New' state as I said before, but with all your data and programs gone.
So do try and follow up on trying to retrieve your data, if it is valuable
to you, on using F10.
==
Cheers, Tim Meddick, Peckham, London. :-)
"Tim Meddick" <...@TK2MSFTNGP06.phx.gbl...
|
|
|
|
|
|
|
|
|
On Tue, 26 May 2009 00:06:48 +0100, "Tim Meddick" <...@gawab.com
P.P.S. Using the F10 recovery option *will* get rid of any virus infection
as it re-writes the entire system partition.
If you choose to try the 'recovery cd' proposed by 'Elmo' and it does not
fix the problem, using the F10 option definitely will bring your computer
back to the 'As New' state as I said before, but with all your data and
programs gone.
So do try and follow up on trying to retrieve your data, if it is valuable
to you, on using F10
==
Cheers, Tim Meddick, Peckham, London. :-)
"Tim Meddick" <...@TK2MSFTNGP06.phx.gbl...
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 16:18:41 -0700 (PDT), Jose <...@yahoo.com
On May 25, 6:25 pm, siamoose <...@discussions.microsoft.comwrote:
Have you a bootable XP CD?
Boot on it, choose the Recovery Console, logon as Administrator with
empty password (that is all the CD knows about, right?)
I think you need to start with replacing the the c:\windows
\system32\userinit.exe file on your HDD.
There should be one in c:\windows\servicepackfiles\i386 (check first)
that you can copy into c:\windows\system32
From a DOS prompt, the command to enter would be something like:
copy c:\windows\servicepackfiles\i386\userinit.exe c:\windows
\system32
It should report: one file(s) copied.
If that fails to copy (tell us what is said if it failed), you may
need to expand the userinit.exe from your CD, but try the easy stuff
first.
Remove your bootable CD, and try the HDD again and report any changes.
Jose
|
|
|
|
|
|
|
|
|
On Tue, 26 May 2009 00:33:17 +0100, "Tim Meddick" <...@gawab.com
If you copy it from that folder you will be copying a file that is out of
date - a previous version number from the previous service pack.
It may well not be compatible with the current SP any more.
==
Cheers, Tim Meddick, Peckham, London. :-)
"Jose" <...@k38g2000yqh.googlegroups.com...
On May 25, 6:25 pm, siamoose <...@discussions.microsoft.comwrote:
Have you a bootable XP CD?
Boot on it, choose the Recovery Console, logon as Administrator with
empty password (that is all the CD knows about, right?)
I think you need to start with replacing the the c:\windows
\system32\userinit.exe file on your HDD.
There should be one in c:\windows\servicepackfiles\i386 (check first)
that you can copy into c:\windows\system32
From a DOS prompt, the command to enter would be something like:
copy c:\windows\servicepackfiles\i386\userinit.exe c:\windows
\system32
It should report: one file(s) copied.
If that fails to copy (tell us what is said if it failed), you may
need to expand the userinit.exe from your CD, but try the easy stuff
first.
Remove your bootable CD, and try the HDD again and report any changes.
Jose
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 16:51:10 -0700 (PDT), Jose <...@yahoo.com
On May 25, 7:33 pm, "Tim Meddick" <...@gawab.com
Mine are identical (SP3).
I would like to see how this goes since it is easy.
I still have a few cards to play here that do not involve
screwdrivers, leaving the house or any loss of data...
Jose
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 16:46:35 -0700, "Tim Meddick" <...@void.com
Download my userinit fix from here http://www.ms-mvp.org/ this file works
for SP2 and SP3 only. READ the enclosed instructions. If you have SP1 do not
use this file. If you need any other version then email me using the link at
the bottom of my webpage. Your issue is caused by a malware infestation.
Once fixed you will need to use my Remove-it software, it will remove that
malware from your system. Choose yes for all options when prompted. Download
it here http://www.ms-mvp.org/
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"siamoose" <...@microsoft.com...
|
|
|
|
|
|
|
|
|
On Tue, 26 May 2009 03:09:30 -0400, "Peter Foldes" <...@hotmail.com
Friggin fraud and an impersonator you are Patrick Christopher Butts. Anybody
touching your links via opening them gets their system infected with your stolen
programs that can have p0rn in it.
Thief,Liar and an all around sicko
--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
"Tim Meddick" <...@flpi143.ffdc.sbc.com...
|
|
|
|
|
|
|
|
|
On Sat, 30 May 2009 15:54:12 -0700, Barry Schwarz <...@dqel.com
On Mon, 25 May 2009 16:46:35 -0700, "Tim Meddick" <...@void.comwrote:
This post was forged.
This not the MVP site despite its fake logos.
The correct MVP site is http://www.mvps.org/
--
Remove del for email
|
|
|
|
|
|
|
|
|
On Sat, 30 May 2009 20:10:18 -0700, "Leythos" <...@rrohio.com
No it was real and you are an idiot.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam...@rohio.com (remove 999 for proper email address)
"Barry Schwarz" <...@4ax.com...
|
|
|
|
|
|
|
|
|
On Sun, 31 May 2009 10:27:31 -0400, Leythos <...@rrohio.com
In article <...@rrohio.com says...
Abuse complaint filed with abus...@teranews.com, headers included.
--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam...@rrohio.com (remove 999 for proper email address)
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 17:33:09 -0700, siamoose <...@discussions.microsoft.com
Ok guys, I'm willing to try anything!
Question: When it says
<<Boot the computer using the new bootdiskAnother instruction says
<<boot up the computer by loading DVD / CD Rom media first.lost also!
Thank you guys for helping me, I appreciate it a lot!
>
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 18:28:25 -0700 (PDT), Jose <...@yahoo.com
On May 25, 8:33 pm, siamoose <...@discussions.microsoft.comwrote:
On my system when I boot from the CD, it says press any key to boot
from CD, but I must press F10
Choose R for the Recovery Console. If given a choice of Windows
folder to boot, choose WINDOWS.
The Windows setup will start and last several minutes (it is a little
scary).
You should then be able to get to the console which is a really dumb
DOS window, but you are now looking at your C drive. You have to type
the commands very carefully and I could have mistyped something so be
careful.
The problem is your userinit.exe files is either missing from \windows
\system32 or XP is being told to use a file called wsaupdater.exe to
start XP, which is wrong and why you got the tempting message to
download so software (did you fall for that?)
CD to the windows\system32 folder.
If the userinit.exe file is missing, copy the file from your \windows
\servicepackfiles\i36 folder with copy command:
copy c:\windows\servicepackfiles\i386\userinit.exe c:\windows
\system32 <enter
If there is a file in \windows\system32 called: wsaupdater.exe this
is part of your problem. Do not just delete it just yet.
In the \windows\system32 folder, copy the userinit.exe file over the
top of wsaupdater.exe:
copy userinit.exe wsaupdater.exe <enter
Now you should type exit <enterfrom your HDD.
Should this work, stop for now and report back - there is a little
more to do.
Jose
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 18:55:10 -0700, siamoose <...@discussions.microsoft.com
Jose,
I can't understand how to boot up with the CD, sorry. I put it into the CD
drive, turned the machine on and pressed F10, it took me to the program to
reformat.
Ugh, I am at the point of doing just that!
Debbie
>
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 22:40:46 -0400, Elmo <...@xxx.invalid
On some machines you can press F12 to get a menu that will ask which
device to boot from. If you can get into your BIOS, set the boot order
to CD-ROM, then hard drive. That way, if there's a CD in the drive,
it'll be checked for an OS before the hard drive.
--
Joe =o)
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 19:02:12 -0700 (PDT), Jose <...@yahoo.com
On May 25, 8:33 pm, siamoose <...@discussions.microsoft.comwrote:
Wait a minute... I want siamoose to boot on a bootable XP CD, if
siamoose has one. Not something downloaded, burned, etc.
If userinit.exe is missing, i don't think just putting it back will
not fix this problem, but it's up to siamoose.
Siamoose - do you have a bootable XP CD for you afflicted machine that
you can boot to?
If yes, we can be done with this chop-chop.
Jose
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 19:11:16 -0700, "Tim Meddick" <...@void.com
Siamoose does not have a an XP cd. Yes putting the correct file back will
fix the issue that is why I created that fix with simple instructions that
will automatically replace that file.
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"Jose" <...@r3g2000vbp.googlegroups.com...
On May 25, 8:33 pm, siamoose <...@discussions.microsoft.comwrote:
Wait a minute... I want siamoose to boot on a bootable XP CD, if
siamoose has one. Not something downloaded, burned, etc.
If userinit.exe is missing, i don't think just putting it back will
not fix this problem, but it's up to siamoose.
Siamoose - do you have a bootable XP CD for you afflicted machine that
you can boot to?
If yes, we can be done with this chop-chop.
Jose
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 19:27:39 -0700 (PDT), Jose <...@yahoo.com
On May 25, 10:11 pm, "Tim Meddick" <...@void.com
Oh, I did know about the missing XP CD in the first post, but there
are other methods.
Okay - I will follow along...
Jose
|
|
|
|
|
|
|
|
|
On Sat, 30 May 2009 15:54:12 -0700, Barry Schwarz <...@dqel.com
On Mon, 25 May 2009 19:11:16 -0700, "Tim Meddick" <...@void.comwrote:
This post was forged.
--
Remove del for email
|
|
|
|
|
|
|
|
|
On Sat, 30 May 2009 20:09:11 -0700, "Leythos" <...@rrohio.com
No it was real and you are an idiot.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam...@rohio.com (remove 999 for proper email address)
"Barry Schwarz" <...@4ax.com...
|
|
|
|
|
|
|
|
|
On Sun, 31 May 2009 10:27:00 -0400, Leythos <...@rrohio.com
In article <...@rrohio.com says...
Abuse complaint filed with abus...@teranews.com, headers included.
--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam...@rrohio.com (remove 999 for proper email address)
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 18:52:50 -0700, "Tim Meddick" <...@void.com
In the file that you downloaded is an .iso file, that file needs to be
"Burned" to cd. Once that is done you put that cd in the broken computer and
restart it. If that computer is set to boot from the cd then all you have to
do is follow the rest of the directions to replace that file. If your system
is not set to boot from the cd then change that setting. Jose gave you some
options or you can look here
http://www.computerhope.com/issues/ch000217.htm
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"siamoose" <...@microsoft.com...
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 19:41:01 -0700, siamoose <...@discussions.microsoft.com
Tim,
My computer is not setup it looks like to boot from the CD. You suggest
changing it so it can. How in the heck can I do that if I can't even get
pass the Welcome screen, and if I could I wouldn't know how to do that. You
guys are much more savie than I am at this.
When I turn the computer on, first come the HP Screen which has 3 options
for me:
<EscapeWhich am I to use? I have used 2 of them with no luck. (I just did an
<Ecape
Looks like that F10 key is looking better and better :)
Debbie
|
|
|
|
|
|
|
|
|
On Sat, 30 May 2009 15:54:12 -0700, Barry Schwarz <...@dqel.com
On Mon, 25 May 2009 18:52:50 -0700, "Tim Meddick" <...@void.comwrote:
This post was forged.
--
Remove del for email
|
|
|
|
|
|
|
|
|
On Sat, 30 May 2009 20:10:11 -0700, "Leythos" <...@rrohio.com
No it was real and you are an idiot.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam...@rohio.com (remove 999 for proper email address)
"Barry Schwarz" <...@4ax.com...
|
|
|
|
|
|
|
|
|
On Sun, 31 May 2009 10:27:21 -0400, Leythos <...@rrohio.com
In article <...@rrohio.com says...
Abuse complaint filed with abus...@teranews.com, headers included.
--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam...@rrohio.com (remove 999 for proper email address)
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 19:15:29 -0700, "Tim Meddick" <...@void.com
Siamoose I have updated that file to include a utility to burn that iso
file. It will make it easier if you do not know how to burn iso's.
Re-download it again http://www.ms-mvp.org/
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"siamoose" <...@microsoft.com...
|
|
|
|
|
|
|
|
|
On Sat, 30 May 2009 15:54:12 -0700, Barry Schwarz <...@dqel.com
On Mon, 25 May 2009 19:15:29 -0700, "Tim Meddick" <...@void.comwrote:
This post was forged.
This not the MVP site despite its fake logos.
The correct MVP site is http://www.mvps.org/
--
Remove del for email
|
|
|
|
|
|
|
|
|
On Sat, 30 May 2009 20:08:59 -0700, "Leythos" <...@rrohio.com
No it was real and you are an idiot.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam...@rohio.com (remove 999 for proper email address)
"Barry Schwarz" <...@4ax.com...
|
|
|
|
|
|
|
|
|
On Sun, 31 May 2009 10:26:40 -0400, Leythos <...@rrohio.com
In article <...@rrohio.com says...
Abuse complaint filed with abus...@teranews.com, headers included.
--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam...@rrohio.com (remove 999 for proper email address)
|
|
|
|
|
|
|
|
|
On Mon, 25 May 2009 20:34:01 -0700, siamoose <...@discussions.microsoft.com
Tim,
I already have put both yours and what Jose suggested on 2 seperate CD's, I
can not get my computer to bootup with them. I have tried every option, F8,
F10 and Boot Menu. I really do appreciate what you and all have done to help
me, but I am just not that savi to do what you are telling me to do.
I can't even figure out how to execute/run the new file you just told me to
download. I am totally bummed out and tired :)
Tell me, is there a difference between "drag and drop onto a CD" then
"burn". I did the drag and drop to my CD. Don't know if that really matters
or not.
Off to eat, thanks for everything guys, I really do appreciate all you have
done.
Debbie
>
|
|
|
|
|
|
|
|
|
On Tue, 26 May 2009 17:43:09 -0700, "Tim Meddick" <...@void.com
Drag and dropping and burning are NOT the same thing when it comes to iso
files. The files you downloaded from my site are in a zip format, they must
be unzipped first. To unzip them first you need to save it in a location
that is easy to find. When you click on the download link choose save, that
will bring up a window, in that window on the left side you should see
"Desktop" select desktop then click save. That will save the file to your
desktop. Once the file is saved right click on it and choose extract all,
that will unzip the files to a folder. Inside that folder you will see a
file called burncdcc, double click on that file and it will open the iso
burning utility. Click browse on that window and navigate to that same
folder and select the iso file. Click start and it will burn that file to a
blank cd. Once that is done put that cd in the broken computer and reboot
it. If it boots from the cd you will know it because the screen will be
different. Follow the instructions to replace that file.
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"siamoose" <...@microsoft.com...
|
|
|
|
|
|
|
|
|
On Sat, 30 May 2009 15:55:14 -0700, Barry Schwarz <...@dqel.com
On Tue, 26 May 2009 17:43:09 -0700, "Tim Meddick" <...@void.comwrote:
This post was forged.
--
Remove del for email
|
|
|
|
|
|
|
|
|
On Sat, 30 May 2009 20:10:26 -0700, "Leythos" <...@rrohio.com
No it was real and you are an idiot.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam...@rohio.com (remove 999 for proper email address)
"Barry Schwarz" <...@4ax.com...
|
|
|
|
|
|
|
|
|
On Sun, 31 May 2009 10:27:51 -0400, Leythos <...@rrohio.com
In article <...@newsfe17.iadsays...
Abuse complaint filed with abus...@teranews.com, headers included.
--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam...@rrohio.com (remove 999 for proper email address)
|
|
|
|
|
|
|
|
|
On Tue, 26 May 2009 03:25:02 -0700 (PDT), Jose <...@yahoo.com
On May 25, 11:34 pm, siamoose <...@discussions.microsoft.comwrote:
I do not know how what you downloaded is supposed to work, so I will
keep quiet about that.
How did you plan on "just reformatting in a few weeks" without a
bootable Windows XP CD? If you had one, we would be done
yesterday.
Do you have ANY bootable XP CD anywhere (like for the PC you are using
now) - it does not have to be one that came with this piece of
hardware. I have used a 5 year old XP Pro CD on a store bought laptop
just months old (not to reinstall, just to get it running). They
didn't get one with their purchase either.
Any XP CD that matches your OS will do, then it is easy to fix.
Jose
|
|
|
|
|
|
|
|
|
On Tue, 26 May 2009 11:00:01 -0700, siamoose <...@discussions.microsoft.com
Hello Jose,
I am writing from work now. What I meant by reformatting is taking my
machine down to like the first day I had it. I've been wanting to do this
for quite awhile as I've had this machine for about 5+ years. If I can't get
to my machine to download my files and such, it will be a great loss. BUT I
have been reading about a "non ivasive" (I think it is called, I've been
reading about it on the net) reformatting that sounds like it does save your
files for you.
I don't know of a person that has a bootable CD, they kind of looked at me
today like "UH"? :)
I will keep asking and I am going to check to see how much it would cost to
take the HD in and see if they can pull the files out for me, then I can do a
format without losing my stuff.
Jose and all,
Thank you guys for trying to help a very leary, not savie computer person :)
Debbie
>
|
|
|
|
|
|
|
|
|
On Tue, 26 May 2009 13:57:06 -0700 (PDT), Jose <...@yahoo.com
On May 26, 2:00 pm, siamoose <...@discussions.microsoft.comwrote:
Here is what I think.
The malware has done 2 things.
First, it put the wsupdater.exe in your \windows\systeem32 folder. It
may have deleted userinit.exe, corrupted it, but that is only part of
the problem.
The next thing it dis was modify your registry so that what gets run
with XP starts is not userinit, but wsupdater instead.
Just replacing userinit will not fix it, because the registry is still
pointing to wsupdater. So, if you make a copy of userinint and copy
it over the top of wsupdater, the FILE called wsupdater will get
executed but it is really the copy of userinit (are you with me?). XP
logs in fine now.
That may be fine for some people - it works, whew! But the registry
still has a reference to wsupdater.exe and shouldn't so you should
really fix that also, then delete the wsupdater.exe file leaving the
good userint and registry setting pointing to the proper file. If you
copy the userinint, XP will login, then fix the registry then delete
the unused On May 26, 2:00 pm, siamoose
<...@discussions.microsoft.com
Here is what I think.
The malware is know by two distinct things and your machine has all
the symptoms.
First, it put the wsupdater.exe in your \windows\systeem32 folder. It
may have deleted userinit.exe, corrupted it, but that is only part of
the problem. Userinit is what the registry says to run when XP starts
so you can login.
Remember the last time you logged in and that message? Where did that
message come from? That was wsupdater NOT userinit. Maybe you didn't
answer the questions properly (buy my stuff), so it fixed you!
The next thing it did was modify your registry so that what gets run
with XP starts is not userinit, but wsupdater instead.
Just replacing userinit will not fix it, because the registry is still
pointing to wsupdater. So, if you make a copy of the known good
userinint over the top of wsupdater, the FILE called wsupdater will
get executed (from the registry) but it is really userinit and the
registry is still wrong (but it "works). Are you with me?
That may be fine for some people - it works, whew! But the registry
is has a reference to wsupdater.exe and shouldn't, so you should
really fix that also, then delete the wsupdater.exe file leaving the
good userint and registry setting pointing to the proper file. The
registry fix takes minutes (or less).
This explains why you cant' even boot in safe mode. The userinit
still gets executed at boot time in safe mode, but with this
infection, wsupdater gets run instead no matter how you let XP boot.
To fix it with no screwdrivers, without leaving the house and no data
loss, you must boot some kind of XP that is able to
at least access the hard disk to replace, copy or whatever a userinit
that works. THEN, fix the registry (or you could do it at the same
time). System Restore, Repair, Last known Good.. my butt. You can't
even get that far and it is NOT your problem.
The XP bootable CD Recovery Console will let you start "XP" enough to
allow you access to the disk (that is why it is there). That is the
cleanest way. You need to somehow get to the file system on the HDD.
There are ways to make some bootable XP like CD (like was referenced
before), but that reads like it just puts s new userinit file out
there which is not going to fix anything. I guess it would work if
userinit was just missing, but that is not how this malware works. I
have not had a need to try those methods, but might look into it.
You need a bootable XP CD of some kind - you need a bootable XP Pro
(if that is what you have) even to format your disk to reinstall - you
gotta have/borrow one. If you can borrow one even if it is years old,
it should work fine. It is not tied to a machine until you install
and license it, but you won't get anywhere near that. You just need
the recovery console. The rest is easy (maybe just one helpful
email).
If you can burn CDs, maybe you cam make one of those bootable things,
but you need more than a userinit.exe file. Making a bootable CD
sounds like a lot of trouble that "might" work, maybe, but... I
prefer the sure thing.
Jose jumps off soapbox.
Jose
|
|
|
|
|
|
|
|
|
On Tue, 26 May 2009 14:57:45 -0700 (PDT), Jose <...@yahoo.com
On May 26, 2:00 pm, siamoose <...@discussions.microsoft.comwrote:
Here's a thought - instead of asking for a bootable XD CD, ask for an
XP Installation, or just an XP CD (XP Pro, right)? Maybe it is the
terminology. I need to reinstall XP - let me borrow your CD. Of
course you probably don't need to reinstall, but that may help the
understanding.
You would not be able to install XP on your system if you reformatted
it, so you need one, or find the right person in your IT group and
maybe you can borrow one.
Jose
|
|
|
|
|
|
|
|
|
On Tue, 26 May 2009 18:34:07 -0700 (PDT), Jose <...@yahoo.com
On May 26, 2:00 pm, siamoose <...@discussions.microsoft.comwrote:
If you can come up with an XP installation CD, you can
probably fix this in less time that it takes the XP CD to boot.
Savvy not required.
|
|
|
|
|
|
|
|
|
On Tue, 26 May 2009 15:41:01 -0700, Mark Adams <...@discussions.microsoft.com
Debbie, "Boot Menu" is the choice that you want. Start the computer and
place a bootable CD in the drive. Restart the computer with the CD in the
drive and press whatever keys it takes to get to the "Boot Menu", select the
CD drive and press "Enter" The computer should now boot off of the disk. If
it goes back to Windows trying to load, it means the disk wasn't bootable
after all. Probably constructed wrong. To create the bootable disk, you must
first download a bootable image file of the program. These are the .iso files
that Elmo suggested. Use the "Burn Image to Disk" feature of Nero or similar
burning software. I like ISO Recorder for this. It's very easy to use; it
adds "Burn ISO Image" to the right-click menu. Simply place a blank disk in
the drive, right click on the downloaded .iso image, and select "Burn ISO
Image". A wizard then opens and follow the prompts. When the burn is done,
the drawer opens and you now have a bootable disk. I may also suggest
downloading the .iso for making a Knoppix (Google for it) boot disk. The
Knoppix disk will allow you to boot the computer and run off the disk. You
should be able to see all your data on the hard drive and to copy it off onto
an external USB hard drive, or even flash drives. Once your data is safe,
then you can use the restore partition to return your computer to "as
shipped" condition. Then you can copy your data back. Remember, this is like
starting from scratch. Make sure your data is safe before doing anything else.
> >
|
|
|
|
|
|
|
|
|
On Tue, 26 May 2009 22:28:01 -0700, siamoose <...@discussions.microsoft.com
Jose, Tim and Mark,
It finally sunk in on what you guys were saying about how to reboot...took
me awhile uh?:)
I followed all instructions from all, of course not all at the same time,
and nada, I still can not get past the welcome screen. It would take me to my
desktop just for less than a minute then would kick me out to the welcome
screen.
Mark and Jose, BitDefender would just stop working after about 40 minutes. I
tride twice with that. Though after 40 minutes it did not show one malware or
suspicious file.
Mark, I could click on the icon for my HD, could see all my program files
but didn't know how to transfer them over to my external drive.
Well at least I learned from you guys how to reboot the right way!
Debbie
|
|
|
|
|
|
|
|
|
On Wed, 27 May 2009 06:54:32 -0700 (PDT), Jose <...@yahoo.com
On May 27, 1:28 am, siamoose <...@discussions.microsoft.comwrote:
I'll just wait.
Jose
|
|
|
|
|
|
|
|
|
On Wed, 27 May 2009 07:01:01 -0700, Mark Adams <...@discussions.microsoft.com
I take it from this that you did construct a Knoppix disk and are viewing
your files on the hard drive while running Knoppix, correct? You must connect
and turn on your external USB hard drive before booting to the Knoppix disk,
or it may not recognize the external drive. It's been awhile since I've used
one for copying data. Check the various menus available, right click also.
There is a copy or move file feature somewhere in the menus (sorry, I don't
have a disk with me, or I'd find it and post here). Maneuver by clicking on
icons, move data with the copy feature. I believe it can drag and drop as
well. Open a source window and a destination window, drag and drop. Some of
the other posters have suggested to repair your install with a Windows XP CD,
if you can borrow one. This is good advice, but copy your data first to be
safe. Since you have an external drive, you should be making backup images of
your install with products like Acronis True Image or Norton Ghost. They can
really save your bacon!
>
|
|
|
|
|
|
|
|
|
On Wed, 27 May 2009 08:48:47 -0700 (PDT), Jose <...@yahoo.com
On May 27, 10:01 am, Mark Adams <...@discussions.microsoft.comwrote:
I am not recommending a repair.
If an XP CD is located, I am opting for the Recover Console.
Jose
|
|
|
|
|
|
|
|
|
On Wed, 27 May 2009 10:39:02 -0700, Mark Adams <...@discussions.microsoft.com
Well, using the Recovery Console to make a repair to an install of XP does
constitute a repair. It's just not a Repair Install. ;-) Not to confuse
things!
|
|
|
|
|
|
|
|
|
On Wed, 27 May 2009 11:21:21 -0700 (PDT), Jose <...@yahoo.com
On May 27, 1:39 pm, Mark Adams <...@discussions.microsoft.comwrote:
Symantics (sort of).
I am choosing the simplest and most efficient method based on the
facts provided and familiarity with the problem. The end result will
be zero data loss, no form of reinstallation, no downloads, no CD
burning, no backups, no just in case, no try this, etc., etc.
There are indeed several more unpleasant alternatives. Given a choice
I always try to choose the method that is the simplest and increases
the chances of a satisfactory outcome in as few steps as possible.
However, Recovery Console does require an XP CD, which so far has
eluded Siamoose.
Jose
|
|
|
|
|
|
|
|
|
On Sat, 30 May 2009 15:54:12 -0700, Barry Schwarz <...@dqel.com
On Tue, 26 May 2009 03:25:02 -0700 (PDT), Jose <...@yahoo.comwrote:
The posts you are seeing from Tim Meddick have been forged. beware.
--
Remove del for email
|
|
|
|
|
|
|
|
|
On Sat, 30 May 2009 20:08:51 -0700, "Leythos" <...@rrohio.com
No it was real and you are an idiot.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam...@rohio.com (remove 999 for proper email address)
"Barry Schwarz" <...@4ax.com...
|
|
|
|
|
|
|
|
|
On Sun, 31 May 2009 10:26:30 -0400, Leythos <...@rrohio.com
In article <...@rrohio.com says...
Abuse complaint filed with abus...@teranews.com, headers included.
--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam...@rrohio.com (remove 999 for proper email address)
|
|
|
|
|
|
|
|
|
On Sun, 31 May 2009 18:08:10 +0100, "Tim Meddick" <...@gawab.com
What are these 'forged' posts exactly Barry?
I know that someone was using my name for a short time (apparently I said
something to incur the 'wrath' of Mr Butts)
...but not in this thread, I hasten to add...
==
Cheers, Tim Meddick, Peckham, London. :-)
"Barry Schwarz" <...@4ax.com...
|
|
|
|
|
|
|
|
|
On Sun, 31 May 2009 18:14:37 +0100, "Tim Meddick" <...@gawab.com
I have to ad to my last post that I see that 'forged' posts have been
written to this thread pertaining to be from me ("Tim Meddick"
<...@void.com
However, they seem to have been deleted from the server because, although
people have quoted them in replies, I cannot download the originals (thank
God).
I do apologise, and thank you for your diligence.
==
Cheers, Tim Meddick, Peckham, London. :-)
"Barry Schwarz" <...@4ax.com...
|
|
|
|
|
|
|