In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)05/31 Report--
Today, I will talk to you about what to do when Event ID 26 Source Application Popup appears on the server. Many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.
The server reports Application Popup: Information: 26:Application popup: userinit.exe-DLL Initialization Failed: The application failed to initialize because the window station is shutting down. Information, a description of the event indicates that the application mentioned in the event failed to initialize or start when the operating system was shut down (or restarted or logged out). This message will be reported if, for some reason, Windows is restarting immediately after shutting down, or if several applications do not exit normally during this event. In most cases, this message can be ignored.
So what is the program of userinit.exe and what is its use?
Userinit.exe is a key process of Windows operating system. Used to manage different startup sequences, such as the establishment of network links and the startup of Windows. When the system is just started, if you call up the task manager, you will see userinit.exe, but after a period of time, after the system is loaded, userinit.exe will disappear automatically.
Previous Robot Dog viruses and their variants can cause userinit.exe anomalies. For solutions to userinit virus, please refer to the following methods:
Manual solution to userinit.exe virus
It is recommended to disinfect the virus in the following order to prevent the virus from coming back.
1. Replace the userinit.exe file modified by the virus with the system file userinit.exe, and the path c:windowssystem32userinit.exe (take the system disk as disk C as an example) forbids the operation of IGM.exe and IGW.exe before the virus is killed. In the dos window, enter:
Reg add "HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File/Execution Options/IGM.EXE" / v debugger / t reg_sz / d debugfile.exe / f
Reg add "HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File/Execution Options/IGW.EXE" / v debugger / t reg_sz / d debugfile.exe / f
Description: the use of image hijacking (this topic knowledge points, abbreviated as IFEO) technology, prohibited the operation of IGW.exe and IGM.exe.
two。 Enter safe mode and delete the registry key value
Delete the "WinSysM" and "WinSys" keys under [HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run].
Under [HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/Run]
"MSDEG32", "MSDWG32", "MSDCG32", "MSDOG32", "MSDSG32", "MSDMG32", "MSDHG32", "MSDQG32" key values.
Empty the contents of "AppInit_DLLs" under [HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Windows].
Delete the file under [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Shell/ExecuteHooks]
Smydpm.dll
M32 sztcpm.dll
M32 C:/windows/system32kawdbzy.dll
Arjbpi.dll
M32 C:/windows/system32avzxdmn.dll
Aqjbpi.dll
M32 C:/windows/system32/avwgcmn.dll
C:/windows/system32/sidjazy.dll
C:/windows/system32/kapjbzy.dll
C:/windows/system32/kaqhezy.dll
C:/windows/system32/avwlbmn.dll
Atbfpi.dll
M32 C:/windows/system32/kvdxcma.dll
Sjzbpm.dll
M32 C/:windows/system32/kafyezy.dll
3. Enter safe mode and force the following files to be deleted. You can use the tool XDelBox
C:/Windows/system32/kvdxsbma.dll
C:/Windows/system32/rsjzbpm.dll
C:/Windows/system32/kvdxcma.dll
C:/Windows/system32/ratbfpi.dll
C:/Windows/system32/avwlbmn.dll
C:/Windows/system32/kaqhezy.dll
C:/Windows/system32/kapjbzy.dll
C:/Windows/system32/sidjazy.dll
C:/Windows/system32/avwgcmn.dll
C:/Windows/system32/raqjbpi.dll
C:/Windows/system32/avzxdmn.dll
C:/Windows/system32/rarjbpi.dll
C:/Windows/system32/kawdbzy.dll
C:/Windows/system32/rsztcpm.dll
C:/Windows/system32/rsmydpm.dll
C:/Windows/system32/sidjazy.dll
C:/Windows/igw.exe
C:/Windows/igm.exe
C:/Windows/system32/sedrsvedt.exe
C:/Windows/igm.exe
C:/Windows/system32/sjzbpm.dll
C:/Windows/system32/acvsvc.exe
C:/Windows/system32/driverssvchost.exe
C:/Windows/cmdbcs.exe
C:/Windows/dbghlp32.exe
C:/Windows/vdispdrv.exe
C:/Windows/upxdnd.exe
C:/Windows/system32/cmdbcs.dll
C:/Windows/dbghlp32.exe
C:/Windows/vdispdrv.exe
C:/Windows/upxdnd.exe
C:/Windows/system32/cmdbcs.dll
C:/Windows/system32/dbghlp32.dll
C:/Windows/system32/upxdnd.dll
C:/Windows/system32/yfmtdiouaf.dll
4. Search all disk root directories and delete hidden files auto.exe and autorun.inf
5. Run services.msc to disable the service "4f506c9e"
6. Also check the hosts file to see if the viral website IP is forcibly associated.
You can also download its kill tools and repair tools.
After reading the above, do you have any further understanding of what to do when the server appears Event ID 26 Source Application Popup? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.