About | Buy Stuff | News | Products | Rants | Search | Security
Home » Resources » Rants

You cannot log on to Windows XP after you remove Wsaupdater.exe

Week of March 8, 2005

Article ID: 892893 (<-- click to see original)
Last Review: March 8, 2005
Revision: 1.1

Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

After you remove Wsaupdater.exe from BlazeFind by using Ad-Aware 6 Build 181 and reference file 01R314 02.06.2004 or 01R320 19.06.2004, you cannot log on to Microsoft Windows XP.

Note BlazeFind is a helper object for your Internet Explorer browser that redirects and changes your Internet Explorer settings.

CAUSE

Wsaupdater.exe is spyware that changes Userinit.exe, to Wsaupdater.exe in the registry. Ad-Aware by Lavasoft removes the Wsaupdater.exe file from the computer, but it cannot change the registry subkey back to Userinit.exe,. The registry subkey that is changed is

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: Userinit
Data: %Windir%\System32\Wsaupdater.exe

Note %windir% represents the location of the System32 folder. For example, if the location is C:\Windows\System32, the data would be C:\Windows\System32\Wsaupdater.exe. The data should contain Userinit.exe, instead of Wsaupdater.exe. In the previous example, the data would be C:\Windows\System32\Userinit.exe,.

Note The comma following the file path information is required.

RESOLUTION

Use the Recovery Console to copy Userinit.exe to Wsaupdater.exe to allow logon capability to be restored and to let you manually correct the registry data. To do this, follow these steps:

Use Recovery Console to copy Userinit.exe to Wsaupdater.exe

  1. At the Recovery Console command prompt, type cd system32, and then press ENTER.
  2. Type copy userinit.exe wsaupdater.exe, and then press ENTER.
  3. Type exit, and then press ENTER.

Modify the registry

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, expand

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
     
  3. In the right pane, right-click userinit, and then click Modify.
  4. Replace wsaupdater.exe with userinit.exe, (make sure to include the comma, as shown), and then click OK.
  5. Restart your computer.

Delete the Wsaupdater.exe file

  1. Log on to the computer by using an account that has administrator-level permissions.
  2. Click Start, click Run, type %Windir%\system32, and then click OK.
  3. Right-click wsaupdater.exe, click Delete, and then click OK.

For additional information about the Windows Recovery Console, click the following article number to view the article in the Microsoft Knowledge Base:

314058 Description of the Windows XP Recovery Console

MORE INFORMATION

For additional information, visit the following Lavasoft Web site:

    http://www.lavasofthelp.com/articles/v6/04/06/0901.html

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

APPLIES TO

  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Media Center Edition 2002
  • Microsoft Windows XP Tablet PC Edition
  • Microsoft Windows XP Service Pack 1
  • Microsoft Windows XP Service Pack 2 [<--sic]
About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.