Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus logs me off as soon as I log in to windows xp


  • Please log in to reply
8 replies to this topic

#1 chayden

chayden

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 30 January 2010 - 01:16 PM

I have a virus problem that I am unable to fix because I don't have the tools I need -- can someone help?

On my windows xp home sp3 comptuer, have a virus that logs me off as soon as I log on. Research on the net indicates that I can fix this by accessing the recovery console with my windows XP start up CD (I then replace a registry file). But I do not have a windows xp start up CD -- my computer didn't come with one and I never made one (my bad!!!)

I tried to access the c: prompt by using the UBCD, but I can't find any programs that allow me to do this on the CD - perhaps I don't know how to work the file programs on the CD correctly. My UBCD starts up and functions fine.

Is there a way to do this with the UBCD, or is there another boot disk I could make (downloading from the internet) that will allow me to access the c: prompt? I have winxp home sp3.

Oh yes, the logging off problem persists with safe mode and last know good configuration.

Help!!!

Thank you.

Edited by chayden, 30 January 2010 - 01:29 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 AM

Posted 30 January 2010 - 02:10 PM

If you don't have your XP CD you will need to download an ISO of the Windows Recovery Console and burn it as an image to a disk to get a bootable CD in order to resolve the Logon - Logoff loop issue. This is especially useful for those with OEM systems with factory restore partitions or disks but no original installation CD.

Please download the following files and save both to your Desktop or somewhere you can find them:Double click on Setup_MagicISO.exe to install and launch the program.
  • You should see a notice informing you about the full version of MagicISO.
  • In the bottom right select Try It! and the program will open.
  • Click on File, then Open and navigate to the location of the RC.ISO file you downloaded.
  • Select it, and click Open.
First, add a clean version of userinit.exe to the current RC.ISO.
  • In the upper right pane, double click on the i386 folder.
  • Right click in the upper right pane and select Add Files...
  • Navigate to C:\Windows\System32 and select userinit.exe.
  • Then click Open to add userinit.exe to the CD image.
  • Click File and select Save As...
  • Name the file RCplus.iso and save it somewhere you can find it.
Next, burn the newly created image to a disk that we can use to fix the problem.
  • Put a blank CD-R disk in your CD burner and close the tray. If an AutoPlay window opens, close it.
  • Click on Tools and select Burn CD/DVD with ISO.... A window will appear.
  • Click on the little folder to the right of CD/DVD Image File.
  • Navigate to the newly created RCplus.iso image file and click Open.
  • In the CD/DVD Writing Speed drop-down menu, choose the 8X setting.
  • Under Format, make sure that Mode 1 is selected.
  • Finally, click on the Burn it! button to burn RCplus.iso to disk.
Once the disk is burned, insert it into the CD-ROM drive and restart the computer.
  • Boot to the CD just as you would do with a Windows XP disk.
  • At the Welcome to Setup screen, press R to enter the Recovery Console.
  • The Recovery Console will load and ask which Windows installation would you like to log onto.
  • In most cases, you will enter 1 (which will be the only choice).
  • If prompted, type in your Administrator password and press Enter. If there is no password, leave it blank (default) and press Enter.
At the C:\Windows> prompt, type the following commands and press Enter after each one - (be careful of the spaces in the commands).

D:
cd i386
copy userinit.exe c:\windows\system32
exit

  • After putting in the third command, you should receive the message 1 file copied which will indicate that the operation succeeded.
  • Now remove the CD and reboot your computer in normal mode.
  • You should be able to log in normally.
If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO and How can I burn ISO files to CD or DVD?.

Note: In order to use the disk, the boot order must be set to start from the CD-ROM drive. If the CD is not first in the boot order, the computer will attempt to start normally by booting from the hard drive. The boot order is a setting found in the computerís BIOS which runs when it is first powered on. This setting controls the order that the BIOS uses to look for a boot device from which to load the operating system. The default will normally be A:, C:, CD-ROM. Different computers have different ways to enter the BIOS. If you're not sure how to do this, refer to:Also see these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 chayden

chayden
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 31 January 2010 - 12:05 PM

Thanks for the help -- the procedure you outlined worked for getting into the recovery console and changing the file.

However, the problem persists -- I still cannot log onto the system without it logging me off again. Copying the userinit.exe file did not do the trick!!

Any ideas on how else to approach this problem now that I can get into the recovery console?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 AM

Posted 31 January 2010 - 02:09 PM

Did you check the registry for Userinit and set it's value correctly? See the other two links I provided for correcting that?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 chayden

chayden
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 31 January 2010 - 02:56 PM

I followed the procedure to replace unserinit with the new userinit. However, it didn't fix the problem.
Is this any different than checking the registry for userinit and setting its value? I don't know how to do that unless I was actually logged on to windows.
Also, I read another strategy was to replace the wsaupdater.exe with the new userinit.exe file, which I tried after the first replacement failed.
Neither of these strategies have worked; the computer still logs off as soon as I log on.

Oh -- one more thing. The link related to an alternative method of fixing corrupt registry (the windows link that copies all the registry hives) ..
I cannot use that because I can't get into Safe Mode -- when I try to enter it gives me a blue screen.
Oddly, I can enter in normal mode after making the changes to the userinit files -- I think as soon as I log on, the virus kicks in again.
If I"m no booting from the cd, I can get into windows through last known good configuration -- but then once I get in it logs me off.

This is quite a condundrum! Double help! Please (and btw I truly appreciate your quick and thoughtful responses.)

Edited by chayden, 31 January 2010 - 03:57 PM.


#6 chayden

chayden
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 31 January 2010 - 03:55 PM

can't delete this -- have nothing to add to above. Sorry.

Edited by chayden, 31 January 2010 - 03:59 PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 AM

Posted 31 January 2010 - 04:57 PM

Is this any different than checking the registry for userinit and setting its value? I don't know how to do that unless I was actually logged on to windows.

I thought you also tried using BartPE boot CD to edit the registry so that's why I asked about checking. Though the Recovery Console looks similar to a standard command prompt it is not the same. Certain commands work, while others do not.

Bart's PE is a bootable Windows CD that can be used for offline registry editing and correct modifications made by malware.

The other alternative is to use the Recovery Console steps by Microsoft in How to recover from a corrupted registry that prevents Windows XP from starting.

This article assumes that typical recovery methods have failed and access to the system is not available except by using Recovery Console.


Edit: I was responding to the replies in your email notifications and didn't see that you made some edits.

Edited by quietman7, 31 January 2010 - 05:04 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 chayden

chayden
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 03 February 2010 - 12:35 PM

I gave up and did a full reinstall. Yuck....

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 AM

Posted 03 February 2010 - 12:40 PM

Sorry to hear about having to reformat/reinstall but sometimes that is the best solution. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned, repaired or trusted. The malware may leave so many remnants behind that security tools cannot find them. Starting over by wiping your drive, reformatting, and performing a clean install of the OS removes everything and is the safest action.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users