Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


XP Home Windows Logon Closes Before Showing Desktop or Icons

  • Please log in to reply
2 replies to this topic

#1 kenshireen


  • Members
  • 49 posts
  • Local time:08:19 AM

Posted 21 April 2009 - 03:01 PM

I have XP Home on my laptop.. I ran AVG and had many Virut viruses.. AVG cleaned/removed... When I went back to logon on I received the windows logon window. I entered name and PW and then it quickly flashed "loading personal settings" but then it said logging off and went back to the logon screen... This happened over and over.. It does the same in safe mode. I am unable to get into the program....

I then installed XP PRO in the same drive...did not partition. So now when I log on I have a choice between either home or pro but I cannot get into home and that is where most of my files are...

Can anybody help. I do have another PC

BC AdBot (Login to Remove)


#2 Sneakycyber


    Network Engineer

  • BC Advisor
  • 6,135 posts
  • Gender:Male
  • Location:Ohio
  • Local time:07:19 AM

Posted 21 April 2009 - 03:39 PM

If you are sure you are infected with the Virut virus I have some bad news. This taken from another post but you may want to go to the Am I infected forum and have someone read your scan just to be sure. It appears the only way to truly get rid of Virunt is to format and re-install.

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)

Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#3 dave322


  • Members
  • 1 posts
  • Local time:06:19 AM

Posted 30 June 2009 - 06:52 PM

about reader_s and my removal of this virus

This is a very well written virus and is impossible to destroy or remove from a machine. None of the virus scanners I tried removed the virus and left system in working order.

Virus is spread via executing a executable on network drive or pluging in a thumb drive into an infected machine and then pluging same thumb drive into non-infected machine. It even runs in safe mode without networking. It looks like if you run in safe mode and remove virus and reboot that virus is gone, but it comes back as soon as you enable networking.

If you try to delete virus the virus montors this and moves location of executable to another directory. Virus has at least 2 parts. One that runs as part of svchost, and reader_s.exe. It seems there is another part that somehow runs when you plug in network cable even though your hard drive appears clean to virus scanners.

It appears as if microsoft has fixed the second infection route in latest updates for windows xp

vista and windows 7 do not seem to get virus because virus writes to protected area which is not allowed in vista and windows7

Only solution is to backup system, format hard drive and reinstall operating system. Do not execute any restored executables until you run a virus scan like (malwarebytes) on all files restored.

Virus creates an autorun.ini which executes an executable. These are hidden, protected os files so they do not show up normally. Plug thumb drive into mac to see if thumb drive, camera, ipod, etc are infected.

This virus downloads other viruses from internet and causes computer to send spam shutting down your outbound mail server.

some of the virus scanners crashed os so os would not boot.

I hope someone comes up with a solution that does not require reformating hard drive. I had to scan 25 computer and restore os to 4 machines. Total man hours (48)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users