New Windows XP / Server 2003 tool found.

Post #311,753 by Andrew Grygus 7/26/09 9:41:08 PM Reply	New Windows XP / Server 2003 tool found. A guy brought me an old HP Vectra VL420MT. McAfee antivirus had told him it needed to change a registry value (Yes\|No) and he hit No. From that point on, every time he logged on it said Loading your Settings, then immediately logged him off. He'd bought the machine from some guy who didn't give him the Windows or Office CDs. There was no recovery partition so a CD was needed. With an HP you have to use the CD that came with it or one for a very similar system or Microsoft won't Activate Windows (and it doesn't give you 30 days either - it wants it NOW). Research indicated it was probably the registry failing to ask for or get Windows/system32/userinit.exe. The usual post virus clean-up fix (copy userinit.exe wsaupdate.exe) didn't work. So how do you edit the registry of a machine you can't log into? Well I found Bart's Preinstalled Environment (BertPE). I installed it on my Windows 2000 machine and had it build a boot disk image from a Windows XP Pro distribution disk and burned a CD. It booted right up and I ran regedit. Mounted the hard disk's HKEY_USERS under the CDs HKEY_USERS and went to the Winlogin key. Found Userinit wasn't there at all so I created the key, unmounted the hard disk's registry and rebooted. Voila! login.
Post #311,798 by Andrew Grygus 7/27/09 11:00:45 PM Reply	Now here's a fun one - on the same machine. I wanted to temporarily install AVG Antivirus to run a root kit scan. Turned off his McAfee and shut down SpySweeper. AVG would not install. Complained it could not update the registry key .../Windows NT/Windows. Checked it with Regedit and sure enough - "You don't have pemission". Well, I could get in and with a couple tries at adding "Administrators" to the blank permissions box it'd free up and show all the normal permissions and let me in. If I exited regedit and tried to install AVG it would be locked again. Found that if I stayed in regedit and held the Windows key open with it, AVG would install just fine. Same thing on uninstall.
Post #311,811 by static 7/28/09 9:06:23 AM Reply	Funky. The the AVG rootkit scan find anything? It sure sounds like that PC needs a re-install from clean... Wade. Q:Is it proper to eat cheeseburgers with your fingers? A:No, the fingers should be eaten separately.
Post #311,836 by Andrew Grygus 7/28/09 10:57:20 AM Reply	Yup - and I sure would have liked to . . . . . do a clean install. But it's an HP. It has a Windows license number on the sticker, and another I recovered from Windows itself. No, they don't match, and I know from experience that neither one will activate with Microsoft. They don't give you the 30 days either - they want it NOW! I don't have an HP Windows CD for the Vectra series and the client didn't get one when he bought the PC (used). No, the root kit scan found nothing. There were some minor infections which had been removed by previous scans with other products.

Welcome to IWETHEY!