After CIS removed viruses, cannot log in to laptop

Hi Everyone,

Can someone please help! A friends laptop was completely virus ridden, so I installed CIS (which i’ve used for a year or so without problem) to remove them.

In the process, the antivirus said some important files such as explorer.exe as were infected. I said not to delete them.

The computer needed to reboot after the antivirus scan had finished as it said it needed to, and now I cannot even use the laptop. The log on window is there, but as soon as I log on, it logs off immediately. I cannot even boot in safe mode!

I suspect that CIS has deleted explorer.exe at least and that is the problem. The laptop in question is running XP sp3

Not sure why this was locked. Unlocked it.

Download Dr Web’s Cure it live CD and boot the laptop from it. Let it scan and repair. It does a real good job with patch viruses.

I think you read my personal message.

Two possible cases are there for you.

1. c:\windows\system32\userinit.exe got corrupt/infected and was therefore removed by CAV.

If this is what happened, you need to replace it with a normal userinit.exe from an un-infected PC.

You can do so by copying the file from any friends computer and booting from a linux boot cd or winpe or ubcd4win.

  1. The registry entry

HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\userinit

is either missing or replaced by something else. The corrent value for it should be

c:\windows\system32\userinit.exe .

You can resolve this using EZPCFix, either use UBCD4Win and use this tool to correct this or attach your hard disk as a slave disk to another non infected system and use EZPCFix to correct this.

Hope it helps.