Ms. Ducktoes did it! I beat the dreaded Virut without reformatting. This is how I did it.
- The Dr. Web Cureit Live CD I spoke of in the last post didn’t work. At the beginning of the scan, it stopped everytime. So instead:
- I created an Ultimate Boot CD for Windows. I downloaded the image from the UBCD website and burned it to cd. There are detailed instructions on the site on how to do this.
- I booted off the cd and went on the Internet through the UBCD interface. I downloaded Dr. Web Cureit to the Ram drive.
- Then from the “Run” option off the start menu I browsed to the B: Ram drive and opened cureit.exe.
- Dr. Web Cureit started. I had to stop the Express scan and run the Custom scan and select the C drive or the C and D drives since I had more than one hard drive. Otherwise Dr. Web Cureit just scanned the CD.
- I cured the files instead of deleting them. The Virut virus changes the system files and your computer system needs them.
- I scanned a three times this way.
- I rebooted but the computer wouldn’t start. So I did a “repair install” with my Windows Xp cd.
- After the Repair Install, it booted, but after the logon, the logon kept returning. I couldn’t get past it.
- So I booted off the UBCD and replaced the Userinit.exe file in the System32/dllcache folder. I found another copy of it in the 1386 folder and copied and pasted. You can search using the Windows Explorer on the UBCD disk.
- Then I ran regedit (still off UBCD) and searched for userinit. I found the registry keys related to userinit. One of them was set for the logon to repeat over and over, so I changed it from “1″ to “0″.
- Then I rebooted and the computer started and the logon didn’t repeat!!
- Immediately I went into Safe Mode and started running virus scans like crazy. I ran Malwarebytes, AVG, SuperAntiSpyware and Dr. Web Cureit again. And found more trojans and viruses.
- After all the scans ran clean. I rebooted.
- The Virut was removed!!! And I didn’t reformat.
