As soon as they login, the windows show applying your settings, saving your settings and logs off automatically without logging in. - Resolve
Resolution:
We need to remotely access the infected computer from another computer on same network. Then we need to correct the registry key for userinit under winlogon.
Lets see the steps one by one:
1. Connect the infected computer to a network which has at least one healthy computer connected. Power on both of the computers.
2. From the healthy computer, Go to Start > Run, type regedit.exe and press enter. This will launch the registry editor.
3. Go to File > Connect Network Registry, by using this infected computer’s name or IP address. For more details on this, see this link.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
5. At this entry there is a key names userinit, double click on the key and set its value to “C:\WINDOWS\System32\userinit.exe,“
No comments:
Post a Comment