Printable View
problem of disconnection of their immediate session after loading user settings. You can not even log into administrator mode and even in safe mode? what i install antivirus Kaspersky shows Win32.Restarter.F and keep coming again it not able to remove it what should i do ??
thank you .
just read this hope you will get some help http://forums.techarena.in/networkin...spyware+remove
The purpose is to access the registry the key to redefine Winlogon amended by the virus.
You can start your computer from the CD UBCD4Win ,connect your hard drive a slave on a computer healthy.
UBCD4Win method:
1. Once started click on the START button then select RUN ...
2. Type regedit and then validate
3. In the registry, make a left click on the branch HKEY_LOCAL_MACHINE (HKLM)
4. Click on File then Load Hive ...
5. In the drop-down list of the location at the top of the window select the local disk C
6. Then go to the directory c: \ windows \ system32 \ config \
7. Choose File software
8. Give an arbitrary name to the key ( "paper_ricebowl" or whatever you want!)
9. It appears in the registry under the HKLM branch
do not continue following the procedure to the WIN32.Restarter.F died , you must copy the file C: \ Windows \ System32 \ dllcache \ userinit.exe C: \ Windows \ system32 or copy the userinit.exe file from another Windows XP in C: \ Windows \ system32.
also try to restoration of files that can help in the case of userinit.exe: Restoring file systems
10. Go to HKLM \ "paper_ricebowl" \ Microsoft \ WindowsNT \ CurrentVersion \ Winlogon
11. Make a double-click on the Userinit key (the virus leaves this value blank) and enter the following value: c: \ windows \ system32 \ userinit.exe,
12. (note the comma after the userinit.exe file is very important)
13. OK, select by left clicking on the industry "paper_ricebowl" and go to the menu File -> Unload Hive ...
14. Choose Yes to save changes.
15. Close the registry
16. Click on START and then "Turn off Computer"
17. After reboot remove the CD because the PC will reboot it and enter your session.
18. Then you can follow the directions of the site to make all necessary virus scans and especially Clean Virus MSN with viruskeeper
Method by connecting the HDD to another PC:
1. Start your computer in safe mode
2. Check that the infected hard drive is recognized in My Computer
3. Click on Start then Run ...
4. Type REGEDIT and validate
5. Resume Point No. 3 of the method by UBCD4Win by changing the letter C by the new letter assigned to the PC in Sain paths.
i hope this will save a lot and sometimes unnecessary formatting .
try this Antivirus Version with Last Update Result
AhnLab-V3 2008.3.4.0 2008.03.04 -
AntiVir 7.6.0.73 2008.03.04 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.03.04 -
Avast 4.7.1098.0 2008.03.04 -
AVG 7.5.0.516 2008.03.04 -
BitDefender 7.2 2008.03.04 Win32.Worm.IRC.PIH
CAT-QuickHeal 9.50 2008.03.04 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.03.04 -
DrWeb 4.44.0.09170 2008.03.04 -
eSafe 7.0.15.0 2008.02.28 Suspicious File
eTrust-Vet 31.3.5585 2008.03.04 -
Ewido 4.0 2008.03.04 -
FileAdvisor 1 2008.03.04 -
Fortinet 3.14.0.0 2008.03.04 -
F-Prot 4.4.2.54 2008.03.03 -
F-Secure 6.70.13260.0 2008.03.04 Trojan-Dropper.Win32.Agent.fbh
Ikarus T3.1.1.20 2008.03.04 Trojan.Crypt.XPACK
Kaspersky 7.0.0.125 2008.03.04 Trojan-Dropper.Win32.Agent.fbh
McAfee 5243 2008.03.03 -
Microsoft 1.3301 2008.03.04 -
NOD32v2 2921 2008.03.04 Win32/TrojanDropper.Agent.NIN
Norman 5.80.02 2008.03.04 -
Panda 9.0.0.4 2008.03.03 Suspicious file
Prevx1 V2 2008.03.04 Heuristic: Suspicious File With Anti-Security Technology
Rising 20.34.12.00 2008.03.04 -
Sophos 4.27.0 2008.03.04 Sus/UnkPacker
Sunbelt 3.0.906.0 2008.02.28 VIPRE.Suspicious
Symantec 10 2008.03.04 -
TheHacker 6.2.92.232 2008.03.04 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.03.04 -
Webwasher-Gateway 6.6.2 2008.03.04 Trojan.Crypt.XPACK.Gen