Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Logon. Immediately Logs Off.


  • Please log in to reply
11 replies to this topic

#1 henri999

henri999

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 17 September 2008 - 05:15 AM

This laptop recently ran Spybot and a change has apparently been made to a registry item which causes all logon attempts to briefly flash the desktop and immediately revert to the logon screen. I have looked extensively for the solution which for a time I was hopeful I had found but the cure has achieved nothing. I have renewed the userinit.exe file and copied it to wsaupdater.exe which would have resolved the problem but it didn't. Evidently the registry key at Winlogon no longer reads Userinit but of course I cannot find out what it does read without getting into Windows and running regedit. Does anybody know of a way to get this key corrected from the DOS prompt? This is accessible via Setup from the HP system disk. Without this fix I do not believe even a system repair would solve the problem and we are looking at a format and full restore. Advice would be appreciated.

BC AdBot (Login to Remove)

 


m

#2 hamluis

hamluis

    Moderator


  • Moderator
  • 54,830 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:21 AM

Posted 17 September 2008 - 08:17 AM

I just wonder...why do you say a repair would not correct what you believe...is a problem with system files and/or registry keys?

And why do you think Spybot would have changed your system?

Louis

#3 henri999

henri999
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 17 September 2008 - 09:17 AM

The Owner told me he had run Spybot, removed (fixed) some problems and immediately after this he started experiencing the problems. Extensive browsing for previous occurrences pointed the finger at a defective lavasoft process (I think going back to 2004) when a certain trojan removal routine tended not to complete and left the logon key looking for a file called wsaupdate.exe which did not exist. It seemed possible that whatever he had done might also have caused a similar problem. But then again I really have no hard evidence of the cause.

I am not sure if a repair would solve the problem but if I was going to run a repair I would need to try and copy off the data in advance and this whole process could take hours and it would be really useful if this time could be avoided. Time being money, as it were.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 54,830 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:21 AM

Posted 17 September 2008 - 10:43 AM

Well...I think I would consider infection first as a possibility. If I could eliminate that, I'd look for something more definitive than what it appears the owner has provided...as a clue to what is wrong.

Good luck :thumbsup:.

Louis

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:21 AM

Posted 17 September 2008 - 10:51 AM

So the administrator account is fully locked out as well?

#6 FrankOtheMountaiN

FrankOtheMountaiN

  • Members
  • 514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:05:21 AM

Posted 17 September 2008 - 10:52 AM

You can try a repair installation of XP? (not hp repair) I would try that. If that doesn't work, slave the drive on another PC and grab your data (may have to re-take ownership of files), and start over again.

It takes me about 10-12 hours from scratch to do all updates, tweak, and install all progams.

Frank O' The Mountain
Doing more stupid before 5AM than most people do all day.


#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 17 September 2008 - 04:36 PM

You can edit the registry from a boot CD.

How to edit the registry offline using BartPE boot CD
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 henri999

henri999
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 17 September 2008 - 04:59 PM

Thanks Budapest - your solution is correct. The link you provided has good instructions for registry editing and I say this as I have just completed the necessary fix. I used UBCD4W which is a slightly more user friendly version because they have just added a desktop utility that allows registry edit without having to use the load hive and unload hive procedures. For information the problem was that the userinit.exe file had been renamed userints.exe causing the login loop. And I also suspect a bug in SpyBot recently may have caused the problem as I found this thread showing one other unfortunate has encountered the identical problem:

http://forums.techguy.org/windows-nt-2000-...i-log-into.html

Thanks everyone

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 17 September 2008 - 05:10 PM

I'm glad to hear you sorted it out and thanks for the feedback. :thumbsup:
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 hamluis

hamluis

    Moderator


  • Moderator
  • 54,830 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:21 AM

Posted 17 September 2008 - 05:49 PM

I'm just kind of curious as to why that link wasn't posted initially, since it clearly indicates that the file was changed by malware and not Spybot.

Oh, well...a working computer is a good computer :thumbsup:.

Louis

#11 henri999

henri999
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 18 September 2008 - 02:10 AM

Hamluis
1. The link was not posted earlier because when I started the thread I did not know of the other problem. The link simply confirmed that it had happened before and WAS related to running SpyBot (actually in Safe Mode not normal mode as I have just NOW discovered on re-reading the thread with care)
2. From curiosity and in the interest of knowledge I also went a further thread back and found out that this thread clearly indicates that the file was changed by SpyBot and NOT by Malware. The poster, Nebulosity, was using SpyBot to hopefully cure a problem with his icons and ran SpyBot in safe mode. SpyBot found something it called W32/GGDoor and "fixed" it. Then the logon problem began. Later it became clear that the icon problem had not been solved by this. I leave it to interpretation as to whether the problem was caused by W32/GGDoor or by trying to fix it. But as you so rightly say, a working computer is a good computer and in two documented cases now a working computer was converted into a non-working computer by running SpyBot. QED.
3. I don't want to get any further involved in this discussion but perhaps one of the BC experts would like to send a message to SpyBot just in case this small but in their otherwise excellent program has not yet been found and corrected. We are all trying to help each other.

#12 henri999

henri999
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 18 September 2008 - 02:12 AM

Sorry - in the above post penultimate sentence for but read BUG!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users