Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Your System is Infected virus and auto log off issue


  • Please log in to reply
7 replies to this topic

#1 Nebcron

Nebcron

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 21 December 2009 - 09:18 PM

Hello,

I've been having an issue with my PC, currently on a laptop, and need serious help. The PC recently got a virus where the background was overtaken by a new bg that stated my computer was infected. I couldn't change the background. I then ran McAfee to clean up the system and upon a reboot I now find that the system will boot, but upon clicking on a user name it logs in and immediately logs the user back off. I've tried booting into safe mode and get the 'blue screen' each time. I also tried logging in as Administrator and get logged off immediately as well.

Does anyone know of any solutions for this problem?

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 21 December 2009 - 11:12 PM

Hello.

Your problem appears to be a hijacked system file. Do you have your Windows XP Disk with you if this is an XP system?

Let me know what OS this is and what service pack it has installed.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 Nebcron

Nebcron
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 22 December 2009 - 10:31 AM

Hi Extreme, thanks for the response.

I am running Windows XP on the machine and do have the installation disk. I'm not sure what service pack is installed, but it should have been up to date on the updates.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 22 December 2009 - 11:34 AM

Hello again.

Okay, we will use your Windows XP disk to access the Recovery Console and replace that file if that is the issue. The log in loop is usually caused by the userinit.exe windows file due to malware..


Booting into the Recovery Console using Windows XP disk

Please insert your Windows XP Disk into the machine and reboot your computer. During the reboot and at boot up you should see Press Any key to Boot from CD/DVD.... If you see that please press any key to continue and continue to follow the next set of instructions on "Using the XP CD Disk to Access the Recovery Console". If not, please follow the next set of instructions on "How to Configure the System to Boot from CD/DVD" and then follow the steps to "Using the XP CD Disk to Access the Recovery Console".

How to Configure the system to boot from CD/DVD

Some machines will automatically attempt boot from the CD if a CD is inserted, if that is the case, please skip the instructions below...
  • Please reboot your machine or turn it on (Without the CD)
  • As soon as the BIOS is loaded begin tapping tapping the F2 or F12 or perhaps F9, F10 or F11 (try all of them if unsure, starting with F2)
  • Different Machines have different keys.
  • This will bring up the configuration options, please use your arrow keys to go to the Boot Tab.
  • In the Boot tab, there should be instructions on your right-hand side on how to move your CD/DVD as the top or First Priority
  • After you have moved CD/DVD at the top/first priority, please make sure you SAVE AND EXIT <- Important
  • It will now exit with Configuration settings saved.
Using the XP CD Disk to Access the Recovery Console

To start the Recovery Console directly from the Windows XP CD make sure your Windows XP Disk is in the CD-Rom drive and then reboot your machine.
  • Insert the Windows XP cd in your computer.
  • Restart your computer so you are booting off of the CD.
  • During the reboot and on bootup you will get a message saying: "Press any key to boot from CD", press Enter.
  • Windows Setup will begin to load. Please be patient this may take a while (~ 5-10 minutes)
  • When the Welcome to Setup screen appears, press the R button on your keyboard to start the Recovery Console.
  • At the prompt to select "Which Windows installation would you like to log onto", please press the number of the installation. This is usually 1 if you only have one windows installation on your computer. If you have more than one then type the one you use.
  • It will then prompt you for the Administrator's password, if you have one. If there is no password, simply press enter. Otherwise type in the password and then press enter to continue.
  • You will now be at the C:\Windows prompt.
  • Enter the following code line by line one at a time and pressing enter on your keyboard on each line.
  • Wait for each command to be completed before continuing with the next one.
D:
CD I386
EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32
Note: Your CD-ROM drive may have a different letter assigned to it, rather than the D: drive. Enter "X:" instead, where X is the appropriate drive letter.

After entering "EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32" you should see the text "1 file(s) copied", in which case all went well.

  • At the next prompt after it is complete, type the following without the quotes and press Enter: "exit"
Windows will reboot the machine and should now begin loading again.

Let me know how it goes.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Nebcron

Nebcron
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 22 December 2009 - 01:46 PM

Extreme,

I followed the instructions above and the steps all worked, however as I rebooted I was again logged out as I tried to sign into my user name.

Is there another solution I might be able to try? Or would I need to somehow save my old data off that drive and just reformat the computer?

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 22 December 2009 - 01:54 PM

Hello.

Did you get the message that the file was successfully copied over?

Is there another solution I might be able to try? Or would I need to somehow save my old data off that drive and just reformat the computer?

Yes, we can probably try some other ways to possibly resolve this issue while at the same time you can backup some of your data too. If you want to format the computer then you can do that as well which ever way you wish to proceed we will do. Let me know.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 cookmiester

cookmiester

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Stoke-on-Trent
  • Local time:09:10 AM

Posted 22 December 2009 - 02:07 PM

Boot from the Windows XP installation CD...after the first several screens load, you will be given a choice to choose R for Recovery Console. You will then be asked to log in. Choose the installation to be repaired by number (usually 1) and press "Enter". When you are asked for the Administrator password, leave it blank and press "Enter".

When you get to the recovery console prompt:

* Type cd \ and press "Enter".
* Type cd system~1\_resto~1 and press "Enter".
* Type dir and press "Enter".

After you press enter you will see a list of folders (like rp1, rp2) If the list of restore points has more than one page then press the "Enter" key until you reach the end of the list

* Type cd rp {number of the second to last folder in the list} and press "Enter". (Example: Type cd rp9 if rp10 is the last restore point.)
* Type cd snapshot and press "Enter".
* Type copy _registry_machine_system c:\windows\system32\config\system and press "Enter".
* Type copy _registry_machine_software c:\windows\system32\config\software and press "Enter".
* Type exit and press "Enter".

Your PC will reboot.

If you get an access denied error when doing the above, then do the following at the recovery console:

* Type cd \ and press "Enter".
* Type cd windows\system32\config and press "Enter".
* Type ren system system.bak and press "Enter".
* Type exit and press "Enter".

Your PC will reboot, go back into the Recovery Console and start from the beginning.
Go to the top of the page

#8 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:07:10 PM

Posted 22 December 2009 - 03:25 PM

upon clicking on a user name it logs in and immediately logs the user back off.

Please see this thread:
http://www.bleepingcomputer.com/forums/t/280556/unable-to-log-into-desktop-moved/

It is more than likely you will also find that the instructions provided will fix your logon/logoff loop.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users