Shell = explorer.exe
NOTE: These files may also be deleted by spywares. You may need to extract them using Windows CD.
Steps for rectifying this problem:
- Log on to a networked computer.
- Run Regedit.exe
- Point your cursor to HKEY_LOCAL_MACHINE
- Select File > Connect Remote Registry
- Type computer name (infected computer)
- Navigate to the following location in registry of destination or infected computer
- Edit these two values in right pane:
- Change these two values to
Userinit = x:\windows\system32\userinit.exe
- Exit from Registry
- Restart Infected computer.
- You should be able to log on to computer.
Article ID: 555648 - Last Review: Feb 14, 2017 - Revision: 1