

This will work for most of the computers. At this entry there is a key names userinit, double click on the key and set its value to "C:\WINDOWS\System32\userinit.exe,"Įxit the registry editor, restart the infected computer. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ĥ. It's set to run only when user is logged on and Run with highest privileges is checked. Go to File > Connect Network Registry, by using this infected computer's name or IP address. A scheduled task named 'Log Off Idle Session', set to run when the user logs on or when the system goes idle, and with Conditions set to run only if idle for 30 minutes. From the healthy computer, Go to Start > Run, type regedit.exe and press enter. Connect the infected computer to a network which has at least one healthy computer connected. Then we need to correct the registry key for userinit under winlogon.ġ. We need to remotely access the infected computer from another computer on same network. This registry key can get either replaced with some incorrect value or it might get corrupt due to some virus / trojan activity.

The main reasons behind this problem is a corruption in the registry key which holds the value of the files which are executed while login to windows.
