Sunday, January 18, 2009

How to remove C:\WINDOWS\System32\oobe\lsass.exe from userinit registry

I got 2 pc in my network with "c:\windows\system32\oobe\lsass.exe" sitting in registry userinit. This prevent windows explorer from starting. So, those pc will only have the default wallpaper and nothing else upon boot up.

To run Windows Explorer, I have to press Ctrl+Alt+Delete to start Windows task Manager. From Windows Task Manager, I choose File -> New Task (Run), type explorer and press enter.


That is really annoying since everyday I have to attend these 2 PC and do same process.

I've read on other blog, this is caused by "me cute.exe" virus and he also provide a solution to this. Unfortunately the solution didn't work for me.

Here's what he suggest.

1. Start Windows Task Manager.
2. Choose Process tab.
3. File lsass.exe with user name other than SYSTEM.
4. Terminate those process


In windows registry.
5. Start windows registry
6. Goto HKLM\Software\ Microsoft\Windows NT\CurrentVersion\Winlogon
7. Locate Userinit and doubleclick on it.
8. Remove C:\WINDOWS\System32\oobe\lsass.exe and click Ok.

In command prompt
9. Type "md %windir%\system32\oobe\lsass.exe" and press enter(just ignore if its already exist)
10. Type "attrib +h +r +s %windir%\system32\oobe\lsass.exe" and press enter.

I have tried the step above both in normal and safe mood but no success.

1 comment:

Anonymous said...

Good web site you've got here.. It's hard to find
high quality writing like yours nowadays. I truly appreciate individuals like
you! Take care!!

Here is my web-site :: internet Marketing Company

Post a Comment