Page 1 of 1
Trouble navigating through registry editor.
Posted: Mon Feb 16, 2009 6:41 am
by Tofu777
Hey guys, I am having the problem explained here
http://www.hmtech.ca/xp-logs-login/
How exactly do I "navigate to the Userinit key"?
Thanks in advance
Posted: Mon Feb 16, 2009 8:08 am
by Icecube
Use Offline password and registry editor on UBCD to edit or view the registry.
Posted: Mon Feb 16, 2009 8:31 am
by Tofu777
Yeah I will get that far but then locating that file is where I get lost
Posted: Mon Feb 16, 2009 8:56 am
by Icecube
Run the registry editor of Offline password and registry editor.
Look at:
http://www.governmentsecurity.org/artic ... torial.php to see which hive file you need to load.
I your case you need to view
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit, which is located in the
%systemroot%\SYSTEM32\CONFIG\SOFTWARE hive file.
I just searched a little bit on the internet to find it
.
Posted: Wed Feb 18, 2009 7:22 am
by Tofu777
Thank you for your time and patience, this is really confusing for me
but I'm not exactly sure how to even navigate that far, I pressed enter a few times to get past the first few questions then I press 9 to get to the registry editor, at least I'm guessing that's where I need to be to do all this. Sorry that It's taking me so long to understand all this!
Posted: Wed Feb 18, 2009 9:20 am
by Icecube
Select the right hard drive.
Select which part of the registry to load, ...:
[1]:
software
9 Registry editor, now with full write support.
What to do? [1] ->
9
> cd Microsoft
\Microsoft> cd Windows NT
\Microsoft\Windows NT> cd CurrentVersion
\Microsoft\Windows NT\CurrentVersion> cd Winlogon
(..)\Windows NT\CurrentVersion\Winlogon> cat Userinit
Value <Userinit> of type REG_SZ, data length 68 [0x44]
C:\WINDOWS\system32\userinit.exe,
If the value of Userinit didn't change, you just have to replace the file 'C:\WINDOWS\system32\userinit.exe' with a virus free copy (recovery console).
If it did change from name
You can type
to set the value to:
Press ? if you need any help for the commands.
ls will display subkeys & values
cat will show the value of a key
ed allows you to edit a value of a key
cd will change the current key (cd .. will bring you back a level higher)
Posted: Wed Feb 18, 2009 6:33 pm
by Tofu777
Thanks a TON!