Page 1 of 1

Trouble navigating through registry editor.

Posted: Mon Feb 16, 2009 6:41 am
by Tofu777
Hey guys, I am having the problem explained here

http://www.hmtech.ca/xp-logs-login/

How exactly do I "navigate to the Userinit key"?

Thanks in advance :D

Posted: Mon Feb 16, 2009 8:08 am
by Icecube
Use Offline password and registry editor on UBCD to edit or view the registry.

Posted: Mon Feb 16, 2009 8:31 am
by Tofu777
Yeah I will get that far but then locating that file is where I get lost

Posted: Mon Feb 16, 2009 8:56 am
by Icecube
Run the registry editor of Offline password and registry editor.
Look at: http://www.governmentsecurity.org/artic ... torial.php to see which hive file you need to load.

I your case you need to view HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit, which is located in the %systemroot%\SYSTEM32\CONFIG\SOFTWARE hive file.

I just searched a little bit on the internet to find it :wink: .

Posted: Wed Feb 18, 2009 7:22 am
by Tofu777
Thank you for your time and patience, this is really confusing for me :) but I'm not exactly sure how to even navigate that far, I pressed enter a few times to get past the first few questions then I press 9 to get to the registry editor, at least I'm guessing that's where I need to be to do all this. Sorry that It's taking me so long to understand all this!

Posted: Wed Feb 18, 2009 9:20 am
by Icecube
Select the right hard drive.
Select which part of the registry to load, ...:
[1]: software

9 Registry editor, now with full write support.
What to do? [1] -> 9
> cd Microsoft
\Microsoft> cd Windows NT
\Microsoft\Windows NT> cd CurrentVersion
\Microsoft\Windows NT\CurrentVersion> cd Winlogon
(..)\Windows NT\CurrentVersion\Winlogon> cat Userinit
Value <Userinit> of type REG_SZ, data length 68 [0x44]
C:\WINDOWS\system32\userinit.exe,
If the value of Userinit didn't change, you just have to replace the file 'C:\WINDOWS\system32\userinit.exe' with a virus free copy (recovery console).
If it did change from name
You can type

Code: Select all

ed Userinit
to set the value to:

Code: Select all

C:\WINDOWS\system32\userinit.exe,
Press ? if you need any help for the commands.
ls will display subkeys & values
cat will show the value of a key
ed allows you to edit a value of a key
cd will change the current key (cd .. will bring you back a level higher)

Posted: Wed Feb 18, 2009 6:33 pm
by Tofu777
Thanks a TON! :D