27 December 2009

where I have been

Posted by admin @ 13:20 pm    categories: tech/web

(The real answer to the question “Where have you been?” is “I’m in Miami, and I was briefly in Sanibel, on the beach; the weather is wonderful and I’m relaxing here when I’m not worrying about graduate school.” But I’m thinking about “Why have you been away from the internet?” really.)

So at some point when I got home, Google Chrome (my web browser) stopped working. I could not figure it out. I ran an anti-virus scan — nothing. I uninstalled and reinstalled — nothing. I restarted a few times. Nothing.

Now, in and of itself this wouldn’t be that big of a problem. I use Firefox most of the time; I just use Chrome for email and browsing when I don’t want to deal with Firefox. But I figured it had to be a sign of something being wrong. I scoured some forums, and ended up figuring out that, yes, my computer did in fact have a virus. I’m still unclear about how I got it — I don’t think it was from an email, but beyond that I’m unclear. A number of people talked about finding a virus called SDRA64 that was causing Google Chrome to not work. It would open, but no webpages would load. Disabling certain parts of the browser made it work, but that was more like proof of problem than solution.

I also noticed that my windows firewall was being disabled — a sure sign that there’s something wrong going on. When I re-enabled it, it thought it was working, but either way it was obvious that something was wrong. So I followed instructions I found online, going to my registry and finding HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit, a registry value. Now I don’t entirely understand the Windows registry, but suffice to say that it contains configuration settings for Windows and for all windows programs. When you edit your registry, you can really fuck things up. Many viruses install themselves in the registry, because users don’t usually understand it, and it means they’re working in the background.

Anyway, as the online instructions suggested, there was something there: the string value of userinit (as in, user-initiated processes, I think) was “C:\Windows\system32\userinit.exe, C:\Windows\system32\mskdud32.exe” — a different virus than the SDRA64, but hiding in the same place. Unfortunately, you can’t just remove the second value — it reinstates itself. Suffice to say that I ended up in command-line Safe Mode (press F8 as loading the computer), and from there was able to use the REG command to remove the mskdud32.exe line. I also deleted the file it points to. Now, what no one bothered to say was this: If you delete the userinit registry value — as in, if you don’t just delete the part that says C:\Windows\system32\mskdud32.exe — your computer won’t load. And, errr, I did that. So if for some reason someone ends up here at this site trying to figure things out: solution is to boot into command line Safe Mode, edit the registry so that the value of userinit is “C:\Windows\system32\userinit.exe” and nothing else, and then delete (rm) C:\Windows\system32\mskdud32.exe. Of course, I entirely deleted userinit.

So when I rebooted, I entered my password on the login screen, and found myself logged out immediately. And so forth. I actually realized immediately what the problem is, but it’s actually not an easy fix. I ended up finding a number of fixes that didn’t work (one that would’ve worked perfectly, except I realized it only worked for Windows 2000), and finally downloading a program (the Offline NT Password & Registry Editor) to edit the registry from CD, which I burned to a disc on my father’s computer, and then booted to. (You can boot to CD by pressing F12 as setup.) Eventually, I figured out this program, which is mostly intended for changing your password if you’ve forgotten it, but also works for editing the registry. What I needed to do was this:

Hit enter twice, loading to the list of registry options under HKLM. Type: SOFTWARE and hit enter. Enter 9 for registry editor. Enter: cd Microsoft\Windows NT\CurrentVersion\Winlogon and hit enter. (Capitalization matters. CD = change directory.) Type: nv 1 userinit and hit enter. (This tells the program: I want a new registry value, which will be a string, and is called userinit.) Edit the userinit value, and enter the value as C:\Windows\system32\userinit.exe. Then press q and enter, q and enter, y and enter, and then quit. (Quit, quit, yes I want to save, quit.) And restart with ctrl-alt-del.

Anyway, wonder of wonders, it worked. I appear to no longer have a virus. I’m not entirely trusting of that — and I think my computer is going to die sometime soon, especially considering that it overheated the other day and ruined the battery — but I’m pleased that I seem safe for the moment. Backup time!

Besides: it’s nice being home. The psychology graduate process may be touched on in an entry someday soon.

« « Older post | More recent post » »

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

This is the online journal of Justin Dainer-Best, detailing my adventures. To the right are links to other parts of the site.

I'll sometimes cross-post things from other online manifestations of me, perhaps.

If you're primarily interested in reading about children's or YA lit, there's a section for you that's just starting up.

View posts about psychology, art, food and cooking, the Spanish language, or teaching. You can also read my writing I've posted here. Or read old posts about Argentina.

To syndicate, use RSS