A few days ago, found a virus, the root directory of each partition has a autorun.inf, it seems is a virus spread through U disk. Virus is very simple, did not do too bad, just look at the spread in batch, change to change the registry, canceled at the system administrator password, so that anti-virus software do not regard it as a virus. Antivirus software can not kill, to delete it manually. Require the Windows system directory and delete the virus file in the root directory of each partition deletion, modify the registry in accordance with the position where the batch, put the number of places to change it back.
There is a place in the registry
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"Userinit" = "C: \\ WINDOWS \\ system32 \\ userinit.exe, *** exe."
Here just need to ***. Exe can be deleted, but I accidentally deleted the entire key, resulting in a system starts, log off, can not enter the system in safe mode, too.
Internet with another computer checked, userinit.exe Windows operating system is a key process for managing different promoter sequence, for example in the establishment of a network link and Windows shell starts. The registry location is also like to use the virus where the virus can be used to achieve the boot from the start. Cases like this are generally the same as in the back userinit.exe add something, or simply their own posing userinit.exe, userinit.exe replace the real.
You know the reason you need to restore the registry by this one. But the system does not start up, how to restore? Think of it saw an article about how to recover lost XP password, and it can use scripts to run specified Windows logon screen appears before the batch. Enter "Winxp password recovery script" google it and found reprint this article is all over the place. However, according to the statement in the article I tried it and found not useful.
The article said that a batch script and you want to save: under "C \ windows \ system32 \ GroupPolicy \ Machine \ Scripts \ Startup", but I found my system only "C: \ windows \ system32 \ GroupPolicy \ Machine \", then further under no directory of. Manually created directories and batch article requested, restart the batch does not run.
Then I remembered the mountains leaves a lot of the tool palette contents inside. After downloading engraved disc, was found inside the boot after a man named "ERD Commander" tool can change the content on the hard part of the registry. Although not all can change, but for me it is enough. System quickly returned to normal.
For "ERD Commander" very interested in this tool, Google a bit, and to its official website looked, from the product introduction watching this software on a Windows system disaster recovery or do a lot of things. The official website also informed that "ERD Commander" has been integrated into the "Administrator's Pak" inside, and now "Administrator's Pak" has been used as Microsoft "Windows Vista Enterprise" in the "Microsoft Desktop Optimization Pack for Software Assurance" part, that , "ERD Commander" of the Windows operating afford Microsoft's official.