Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Login/logout With Windows Xp Home


  • Please log in to reply
7 replies to this topic

#1 JohnBell

JohnBell

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 06 February 2008 - 10:18 PM

I found this forum through an internet search of the problem I am having. It seems that my problem is similar to this posters

http://www.bleepingcomputer.com/forums/t/127428/loginlogoff-loop-userinit-related-caused-by-malware/

I probably can't be as detailed as this guy however. Here is as much background as I can provide.

I pretty much use my home computer (Dell Inspiron 2350, Windows XP Home SP2) occasionally, maybe a couple of times a week...downloading concerts, loading family photos, iTunes, occasional internet surfing. Dont really need it since I have nice work laptop. When I made the transition to my work laptop, I stopped staying on top of running virus scans as often as I used to (every couple of month now a days). 2 weeks ago, I ran an updated Ad Aware scan and removed a few infections (can't recall what they were) as well as running AVG's Free Virus Scan software. The AVG came up with a plethora of Virut infections...thousands. I clicked the Heal button and it did what it does...no major issues. However, now when I reboot the computer, the usual User Login screen does not appear. It doesn't give the option of multiple users, nor does it have the pictures that are typically associated with them. Instead it has an older looking login type screen with just my user name. I type in my password and it starts to log in, but logs out immediately out without loading windows.

Through various searches, I've tried to resolve the problem without luck. I tried booting from an old XP disc (borrowed from father in law) to get into the recovery console. Upon doing so, it asks me for Administrator password. I only use 3 different passwords in all, tried them all as well as no password, but it wont let me login (google search tells me this is common when XP was pre loaded on desktop at purchase). I spoke with some IT people at work, and they loaned me Winternals ERD Commander 2003. I can boot up with that, however am really unsure how to use it. My initial goal was to take a look fix the userinit string, however it appears to be fine (C:\WINDOWS\system32|userinit.exe,). Now I'm stuck about what to do. I can't use any of the F8 log in options, they just give me the same fits as a normal boot. I'd really like to avoid

Any help on using ERD to help resolve this problem is greatly appreciated.

Relevant Information
Windows XP, Service Pack 2
2 hard drives (C: and F:...this one is a separate internal drive I put in to store .flac and .shn files)
I have an XP disc ....the inserts in the disc holder say Version 2002, so I assume thats SP1
I have an ERD Commander 2003 disc
I have an IBM T43 Laptop...although priviledges are quite limited since its my work machine (using this one right now).
I have a USB flash drive
I am not extremely computer savy, however with help I think I am better than an average joe

thanks in advance for the help you provide.

Edited by JohnBell, 06 February 2008 - 10:40 PM.


BC AdBot (Login to Remove)

 


m

#2 syunichi

syunichi

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miri
  • Local time:07:53 PM

Posted 07 February 2008 - 04:38 AM

As a last resort, you might wanna try a system restore during safe mode operation. That might be good enough. :thumbsup: Good luck.
Posted Image

Tech Support: "Do you have any windows open right now?"
Customer: "Are you crazy woman, it's twenty below outside..."

#3 JohnBell

JohnBell
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 07 February 2008 - 09:26 AM

Safe Mode doesn't work, nor do any of the other options offered after hitting F8 during normal boot. System Restore was my original idea.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 54,863 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:53 PM

Posted 07 February 2008 - 10:49 AM

Well...it would appear to me that the first step would be insuring...not guessing...that the system is now clean.

Have you run a reliable AV check and other malware checks today?

FWIW: New forms of malware come out continuously, much more frequently than twice a week, twice a month, etc. Updates for most reliable AV programs also come out continuously, some daily, some more frequently. To ignore the fact that these things occur...will always potentially place a system at risk of infection or unwanted malware.

Louis

#5 syunichi

syunichi

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miri
  • Local time:07:53 PM

Posted 07 February 2008 - 11:27 AM

Agreed to what Louis had mentioned about reliable AV check. I don't know about others but AVG Free is not as good as AVG Pro in sense of protection. For instance a vbs script can be bypassing the system anytime without the AVG Control Centre noticing. So you might as well want to reconsider a second method of AV scanning, online scanner.

Anyways, back to the topic, you might want to read this just in case it might help. Good luck.
Posted Image

Tech Support: "Do you have any windows open right now?"
Customer: "Are you crazy woman, it's twenty below outside..."

#6 JohnBell

JohnBell
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 07 February 2008 - 09:07 PM

Well...it would appear to me that the first step would be insuring...not guessing...that the system is now clean.

Have you run a reliable AV check and other malware checks today?

FWIW: New forms of malware come out continuously, much more frequently than twice a week, twice a month, etc. Updates for most reliable AV programs also come out continuously, some daily, some more frequently. To ignore the fact that these things occur...will always potentially place a system at risk of infection or unwanted malware.

Louis



I'm aware of this, and am paying the price for neglect. I have no idea if the computer is clean at present time, I can't get into it. As I alluded to in my first post, I ran the updated AVG scan as well as the updated Ad Aware scan and let them do their thing. As I also alluded to, the computer had just a few found in Ad Aware and literally thousands in the AVG scan (all Virut variants). It asked me if I wanted to heal the infections, and I said OK. Logged out the computer only to find that I can no longer boot into windows, safe mode or otherwise. Without getting to windows, I'm not sure how to proceed, hence why I'm here. Countless hours of internet searching show that similar problems have been a result of viruses changing the path to a certain file (userinit) or virus programs removing one altogether (have seen both problems listed for AVG and Ad Aware). I just dont know how to proceed. The only thing I really care about on the computer are personal files.

#7 JohnBell

JohnBell
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 07 February 2008 - 09:16 PM

Agreed to what Louis had mentioned about reliable AV check. I don't know about others but AVG Free is not as good as AVG Pro in sense of protection. For instance a vbs script can be bypassing the system anytime without the AVG Control Centre noticing. So you might as well want to reconsider a second method of AV scanning, online scanner.

Anyways, back to the topic, you might want to read this just in case it might help. Good luck.



I can access the registry via ERD Commander. The userinit is there. I used the rename function and changed it like that said. I logged off and tried to log in through a normal boot. Interestingly, the login was slightly different. Well, the interface wasn't changed from my previous post, however a box blipped on the screen before loggin me out like previously.

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 54,863 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:53 PM

Posted 07 February 2008 - 09:21 PM

My amateurish opinion is that a clean stall is probably the surest, shortest solution...that's what I would do, if I ever came up with an infected system.

As for personal or other files, backup options have been there since XP was installed.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users