Last weekend I was planning on upgrading my Dell XPS 720 Vista desktop to Windows 7, but a friend of mine ran into a nasty piece of malware called "Internet Security 2010" which removed a registry key that allows you to logon to the system and corrupted the system to the point where you could not successfully install any malware or virus protection. If you are to logon the Internet Security 2010 malware essentially holds you hostage for a fee to supposedly clean up the system but do not purchase the service it is a scam.
The first problem I had to deal with is the logon logoff loop. When attempting to logon you automatically get logged off. There are two potential problems to resolving the issue: You either have a missing or corrupt userinit.exe or the registry key pointing to userinit.exe is missing or corrupt. To identify either problem you need to be able to logon. Here are the steps to try:
- Boot up in safe mode (F8 at initial PC power on) and select option 1 (you do not need the network). Try to log in (This did not work for me), if you can log on follow the Phase II and III instructions (Phase I is for another virus) in this article http://www.winxptutor.com/wsaremove.htm .
- Some folks have used the recovery console which requires your XP CD to boot up with, but the only function you can really perform is to check if userinit.exe exists under your Windows/system32 directory. I used the Phase III instruction found here http://www.winxptutor.com/wsaremove.htme. The file userinit existed but copying it to wsaupdate.exe per the phase III instructions did not solve my problem.
- It seemed my only hope was to try to access the registry and since the recovery console does not provide that functionality I had to find another way. The solution I used to accomplish this was to boot the system from a Bart PE CD which I had to create. The instructions to do so and how to edit the registry can be found here http://windowsxp.mvps.org/peboot.htm.
With the system booted with BART PE, I was able to edit the registry and found that the winlogon registry key was missing. I created it per the instructions above, rebooted and was able to logon. Once I logged on, I got the Internet Security 2010 malware message telling me I had a virus with a purchase scam. In order to remove the virus/malware I followed the instructions in this article http://www.softsailor.com/how-to/13827-how-to-uninstall-remove-internet-security-2010-virus-removal-guide.html.
The system is now functioning normally.