Previous Thread:   Password Protect Desktop, Want Disabled...

10/22/2005 7:21:27 PM    Environmental variable in Registry key
In the following key...  
  
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]  
  
"Userinit"="C:\WINNT\system32\userinit.exe,"  
  
Can the following be used instead...  
  
"Userinit"="%windir%\system32\userinit.exe,"  
  
or  
  
"Userinit"="%SYSTEMROOT%\system32\userinit.exe,"  
  
--  
  
Dave  
  
http://www.claymania.com/removal-trojan-adware.html  
  
http://www.ik-cs.com/got-a-virus.htm



10/22/2005 7:37:39 PM    Re: Environmental variable in Registry key
In microsoft.public.win2000.registry David H. Lipman wrote:  
  
No.  The value Type does not support that.  I doubt you can change  
  
the type and make it work but have never tried. (warning:  OS might  
  
not boot)   It might be that this key is read too early anyway for  
  
those variables to be available yet.  Sorry not to have a definitive  
  
answer.

10/22/2005 7:47:29 PM    Re: Environmental variable in Registry key
David H. Lipman <DLipman~nospam~@verizon.net> wrote:  
  
The type would have to be REG_EXPAND_SZ in order to have the expansion  
  
occur.  Whether the variable would be available at the right time is an  
  
interesting question.  
  
--  
  
Gary L. Smith  
  
Columbus, Ohio

10/22/2005 7:53:29 PM    Re: Environmental variable in Registry key
From: "Mark V" <notvalid@nul.invalid>  
  
That's what I wanted to know.  I write anti malware scripts and this key is associated with  
  
a few Trojans and I have been investigating scripting a fix using this key.  Since the Root  
  
OS folder can be C:\windows, c:\winnt or other, I was curious about.  
  
So you are saying the REG_SZ can't be used with Environmental variables or it just won't be  
  
interpreted correctly ?  
  
--  
  
Dave  
  
http://www.claymania.com/removal-trojan-adware.html  
  
http://www.ik-cs.com/got-a-virus.htm

10/23/2005 1:17:38 PM    Re: Environmental variable in Registry key
On Sat, 22 Oct 2005 19:21:27 -0400, "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote:  
  
I tried it and it doesn't work.  
  
First I ran:  
  
REG ADD "HKLM\Microsoft\Windows NT\CurrentVersion\Winlogon" /V Userinit /T REG_EXPAND_SZ /F /D ^%SYSTEMROOT^%\system32\userinit.exe  
  
Then I verified with  
  
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V Userinit  
  
I shut down and restarted.  
  
It would not get to the logon, but was apparently close enough for  
  
REG ADD "\\JSI003\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V Userinit /T REG_SZ /F /D C:\Windows\system32\userinit.exe  
  
to fix it.  
  
Jerold Schulman  
  
Windows Server MVP  
  
JSI, Inc.  
  
http://www.jsiinc.com  
  
http://www.jsifaq.com

10/23/2005 1:32:00 PM    Re: Environmental variable in Registry key
In microsoft.public.win2000.registry Jerold Schulman wrote:  
  
Interesting and thanks for the acid test confirmation Jerold!  
  
Frankly, I am a bit surprised the remote access even worked.  :)

10/23/2005 1:51:17 PM    Re: Environmental variable in Registry key
From: "Jerold Schulman" <Jerry@jsiinc.com>  
  
Jerold:  
  
Thank you for taking the time to test this for me.  It was *greatly* appreciated !!  
  
--  
  
Dave  
  
http://www.claymania.com/removal-trojan-adware.html  
  
http://www.ik-cs.com/got-a-virus.htm