[Highlygifted]

I've been tasked with fixing a sibling's computer which contracted Rootkit, and so far it has been an annoying ordeal. When it logs on, it flashes the desktop, then logs off automatically, and leads me to the user selection screen. I was able to determine the problem was Rootkit before, but during my absence a past weekend, my father tried to fix it and did something which he can't remember and I've been left unable to access safe mode. Thanks in advance for the help.

Running Windows XP on her computer, btw.

This post has been edited by Highlygifted: 29 March 2009 - 09:48 AM

[cluberti]

Moving.

[DigeratiPrime]

What version of Windows are you running?
What options do you have on the Advanced Boot Options menu (F8)?
Do you have a Windows Vista setup disc? That includes WinRE which could be used to modify the registry "offline".

[Tarun]

Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log.

[Highlygifted]

First of all, I have to find a way to replace userinit.exe, the missing part which is causing this problem apparently. Can I get some help replacing this file with instructions? Thanks.

[IcemanND]

is the file actually missing from c:\windows\system32?

Ir is it the registry value that loads it that is missing?

[Highlygifted]

That I don't know.

[IcemanND]

do you have a way to make a bartpe cd (preferred) or connect the infected drive to another machine?

[tguy]

I ran across a rootkit infected computer today as well. I downloaded unhackme.zip, installed and cleaned it up. May want to try that too.

[IcemanND]

if it's missing userint.exe or the associated registry key he can't log into the machine, even in safe mode. He'll need to boot from other media or in another machine to fix that issue before you can do anything else, or perform a repair, may work but is a little extreme.