Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Immediately logs out after log in


  • Please log in to reply
5 replies to this topic

#1 Jmadden

Jmadden

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 26 January 2010 - 09:16 AM

I suppose the subject explains the issue rather well but I can elaborate slightly. I am using a compag nx 7400 laptop with windows xp professional installed. In either safe mode or regular boot when I get to the login then put in the password hit enter the desktop flashes momentarily and it logs me right out.

Now that is the issue I shall explain how I have gotten here. A friend brought me this laptop with a virus on it that looks like it was one of the numerous fake antivirus programs that have been all over the place lately. After attempts to do anything while the OS is running failed miserably I made some boot disks and have done the following; ran check disk and diagnostics (just to be sure nothing is wrong there save myself some time) everything is ok. kaspersky scan, panda maximum scan, mcafee scan, trend micro scan, webroot analyzer scan, spyware doctor, and finally A-squared. A number of malware's were discovered and removed, in an effort to be thorough as suggested I shall list them. RogueAntiSpyware.InternetSecurity2010, Adware.WeatherStudio, Generic FakeAlert!htm trojan, FakeAlert-KS!Ink trojan, trojan program Rootkit.win32.tdss.y. All were supposedly cleaned, as I can't boot xp i'm not really certain but it was all done prior to boot so there is hope. I should also point out that prior to this I was unable to boot into safe mode it would get down to mup.sys I believe then hang for a moment and restart, after the virus removals I can boot safe mode but the same log in log out frustration occurs.

I have read up on this somewhat and it seems the windows disc repair option has been suggested a number of times, sadly when I try to use the windows disc it tells me it finds no hard drives on the computer. I think I have read somewhere that this is a lack of proper drivers issue and I can make a new xp boot disc with the drivers slipstreamed so I guess I may try that while waiting for a response from anyone willing to help. It should also be noted that using a PE boot I have tried the suggestion of deleting system, SAV, security, default and ahh one other file I can't remember from c:\windows\system32\config and replacing them with the same files from c:\windows\repair I believe it was. Upon doing so the computer wouldn't boot do to some corrupt files so I put the old ones back in and that is all I have tried as of this moment. Hopefully this was thorough enough of an explanation that you guys can come up with some helpful ideas for me, much appreciated in advance.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,231 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:02 AM

Posted 26 January 2010 - 11:39 AM

I have no answers...but I find that users are overly optimistic when it comes to dealing with malware.

Removing known infected files...is not the same as healing uninfected but damaged files...nor is it the same as accounting for the possibiliity of unknown malicious/infected files.

You seem to have a Who's Who of malware items listed. If it had been me, I just would have wiped the system and started anew.

There is a line in one of the BC guides for dealing with one of your listed malware agents, http://www.bleepingcomputer.com/virus-remo...-security-2010:

"If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log
"

If, for whatever reason, I had that system and I didn't want to do a clean install...I'd follow that suggestion.

Just for the heck of it...I did a search of the site, using "tdss" as my search string, you may find it interesting: http://www.bleepingcomputer.com/forums/ind...dss&kw=tdss

Lastly, here is a link for known issues with logon/logoff: Logon, Logoff Loop - http://thinkinginpixels.com/quick-fixes/fi...onlog-off-loop/

Louis

Edited by hamluis, 26 January 2010 - 08:08 PM.


#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:02 PM

Posted 26 January 2010 - 03:47 PM

Log on as administrator in safe mode and verify that your log files are not full. If they are, then you will get this issue. I would delete or increase each logging file by right clicking on each in event viewer and increasing the size. If that fails then I would scan for viruses.

#4 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:02 AM

Posted 26 January 2010 - 05:34 PM

If I had Rootkit.win32.tdss.y on my system, I would reformat without hesitation as the system would be untrustworthy after having that on it, even if it were cleaned. Any rootkit makes the system unsafe for doing anything like online banking or making credit card purchases online and the only way to make it safe again is to reformat it. If you have done any online banking on that system, I hope you have changed all your passwords using a totally clean computer

#5 Jmadden

Jmadden
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 26 January 2010 - 08:03 PM

Using the last link hamluis provided I was finally able to get past the log on log off issue. I am now running in safe mode and using a few more anti virus anti malware programs, spybot, spyware blaster, superantispyware, malware bytes, bazooka, and installing avast on it. As this is a friends computer I will have to inform him of the rootkit issue you bring up stang and let him decide. I think I can at least get it up and running enough to let him get files off. After a few more scans I may try booting up normally, and possibly hit you guys up with a hijackthis log for any further advice.

#6 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:02:02 AM

Posted 27 January 2010 - 07:32 AM

and possibly hit you guys up with a hijackthis log for any further advice.

Pleased to see that the thinkinginpixels fix worked for you.

Let us know how you are going, but please do not post a HijackThis log in this thread.
(That is only allowed in the specialised HJT/Malware Removal forum.)

To receive expert assistance for the malware issues (which include tdss rootkit), you should post in the specialised HJT/Malware Removal forum after reading and following the instructions in the Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users