REGEDIT Disappears

  • Thread starter Alan Kauf-Stern
  • Start date
A

Alan Kauf-Stern

I had an earlier posting (9/28) concerning immediate
logoff when logging onto to a user account on my Sony
Windows XP Home Edition desktop. I was finally able to
get to the Recovery Console as per suggestions and was
able to copy the System32\userinit.exe to wsaupdater.exe,
again per suggested instructions. Logons to the accounts
is now possible - Great, but, there is always a but. In
order to complete the instructions, I need to use REGEDIT
to update the HKEY_LOCAL_MACHINE. Ok, there is the
background. Now my problem is that when I invoke REGEDIT,
the REGEDIT window appears, but it immediately disappears
before I can do anything!!!!!! What's wrong? How can I
stop this so that I can utilize REGEDIT? Thanks in
advance. Alan
 
B

Bruce Chambers

Alan said:
I had an earlier posting (9/28) concerning immediate
logoff when logging onto to a user account on my Sony
Windows XP Home Edition desktop. I was finally able to
get to the Recovery Console as per suggestions and was
able to copy the System32\userinit.exe to wsaupdater.exe,
again per suggested instructions. Logons to the accounts
is now possible - Great, but, there is always a but. In
order to complete the instructions, I need to use REGEDIT
to update the HKEY_LOCAL_MACHINE. Ok, there is the
background. Now my problem is that when I invoke REGEDIT,
the REGEDIT window appears, but it immediately disappears
before I can do anything!!!!!! What's wrong? How can I
stop this so that I can utilize REGEDIT? Thanks in
advance. Alan
Click to expand...


The type of behavior you describe is typical behavior of more than
one virus/worm, the three below being the most common:

W32.Klez
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Yaha
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Spybot.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html

Because many of the newer viruses and worms, such as the
Spybot mentioned above, can disable antivirus applications whose
definitions aren't kept up-to-date, try using one or more of the free
on-line scanners to double-check your system.

Trend Micro - Free online virus Scan
http://housecall.trendmicro.com/

McAfee Security - FreeScan
http://www.mcafee.com/myapps/mfs/default.asp

Symantec Security Check
http://security.symantec.com/ssc/home.asp

Panda ActiveScan - Free online scanner
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having
both at once. - RAH
 
S

Sharon F

I had an earlier posting (9/28) concerning immediate
logoff when logging onto to a user account on my Sony
Windows XP Home Edition desktop. I was finally able to
get to the Recovery Console as per suggestions and was
able to copy the System32\userinit.exe to wsaupdater.exe,
again per suggested instructions. Logons to the accounts
is now possible - Great, but, there is always a but. In
order to complete the instructions, I need to use REGEDIT
to update the HKEY_LOCAL_MACHINE. Ok, there is the
background. Now my problem is that when I invoke REGEDIT,
the REGEDIT window appears, but it immediately disappears
before I can do anything!!!!!! What's wrong? How can I
stop this so that I can utilize REGEDIT? Thanks in
advance. Alan
Click to expand...

It's not uncommon for malware to block the running of MSCONFIG, Task
Manager and the Registry Editor -thus making the removal of the intrusion
more difficult. If the system tools are blocked by name, renaming their
executables is a workaround. Example: Rename regedit.exe to regedit.com

Or you can run the tool created by MVP Doug Knox that creates a "backup
set" of those three programs for you:
http://www.dougknox.com/xp/utils/xp_emerutils.htm
 
G

Guest

Hi Sharon,

Thanks for your suggestion of renaming regedit. I did
that and it did the trick. It's my understanding from
other responses that I've received concerning the
disappearing regedit screen that worms and viruses most
likely caused this problem in the 1st place. But I am
confused because I have Norton live updates running and I
scan 3 times a week and Norton rarely says its caught a
virus. So I am not sure where to go and how to follow up.
But at least for now, my original problem has been
resolved. Thanks.
 
X

XPUSER

Hi Sharon,

Thanks for your suggestion of renaming regedit. I did
that and it did the trick. It's my understanding from
other responses that I've received concerning the
disappearing regedit screen that worms and viruses most
likely caused this problem in the 1st place. But I am
confused because I have Norton live updates running and I
scan 3 times a week and Norton rarely says its caught a
virus. So I am not sure where to go and how to follow up.
But at least for now, my original problem has been
resolved. Thanks.
Click to expand...
================================================
You should definitely try running one of the On-line Virus scanners
noted in Bruce Chambers posting. Your Norton AV may have been
compromised by a virus / worm.
================================================
 
S

Sharon F

Hi Sharon,

Thanks for your suggestion of renaming regedit. I did
that and it did the trick. It's my understanding from
other responses that I've received concerning the
disappearing regedit screen that worms and viruses most
likely caused this problem in the 1st place. But I am
confused because I have Norton live updates running and I
scan 3 times a week and Norton rarely says its caught a
virus. So I am not sure where to go and how to follow up.
But at least for now, my original problem has been
resolved. Thanks.
Click to expand...

You're welcome! I agree with Bruce and XPUSER that you should check out one
of the online scanners. In the last year there have been quite a few
variants that knock out installed antivirus programs.
 
R

Rick \Nutcase\ Rogers

The virus is masking itself from Norton's, this is not uncommon. I would
recommend at this point that you download stinger from
http://vil.nai.com/vil/stinger/ and then reboot into safe mode to run it
(running it in normal mode will not be effective, you need to have the
system bypass the startup group that is loading the virus). Also disable
System Restore to purge the restore points that will have a copy of the
virus before restarting normally.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Regedit Disappears / Taskmgr Disappears 1
Command prompt 4
autologoff after logging into a 2000 server 1
regedit 2
Regedit Window Disappears 2
Regedit command unresponsive in Run 10
edit regedit 1
regedit does not stay and disappears within seconds 5

Top