Can't Logon
in [Windows XP]
|
Prev: kernrate and cpu
Next: Serscan.sys
From: Jose on 25 Nov 2009 15:58 On Nov 25, 2:25 pm, "Pegasus [MVP]" <n...(a)microsoft.com> wrote: > "Skye" <S...(a)discussions.microsoft.com> wrote in message > > news:F08BFA54-147D-4A08-9AE9-A309EFD48AE4(a)microsoft.com... > > > After a trojan was cleaned on my PC running XP Home I can no longer get > > back > > into the operating system. I can't get past the logon screen using either > > Administrator or User, nothing happens it just says logging on then > > immediately logs off and I can't get into safe mode either. I remember > > seeing > > that the trojan was in Windows User Logon Hotkey Registry, not necessarily > > in > > that order though. Any advice guys? > > Thanks, Skye. > > -- > > There appear to be two issues here: > a) The virus infection. > b) The logon/logoff loop. > > About a): In my opinion, machines that are infected are compromised and > should be reloaded. You will need to decide if it worth the trouble spending > a lot of time in an attempt at cleaning the machine and perhaps ending up > with an unstable machine. A re-installation would give you a result of > guaranteed quality within a few hours. > > About b): This looping behaviour is usually caused by an inability of > Windows to locate the file userinit.exe. The cure depends on your setup: > - It is easy if the machine is networked with an other machine and if you > know the Administrator's password. > - It is less easy if you can connect its hard disk as a slave disk (or as a > USB disk) to some other machine. > - It is quite hard if none of the above apply. > "Hard" means that the process is quite complex, possibly difficult to > understand if you're a novice and very time consuming. I would not entertain reinstalling anything until the system is determined to be unfixable using other methods. That has yet to be determined. The userinit.exe may indeed be the problem (I would start there too given the information so far) and that can be determined and perhaps fixed in just a few minutes using a bootable XP installation CD or a bootable Recovery Console CD. The yet to be determined software used to remove the trojan could also be the culprit. Some, in their zeal, can render a system inoperative, but usually easy to fix - once the system boots on something. Please add ~5-10 minutes to create a bootable XP Recovery Console CD. Do you need those instructions? After the system boots properly, more comprehensive scans for malicious software can be run.
From: Skye on 25 Nov 2009 16:26 The programme that cleaned the trojan was Mischel Internet Security's Trojan Hunter. No-one we know has a bootable XP installation CD unfortunately but I do have a Factory Recovery DVD bootable CD but I'm not sure if, and how, I can use it to repair the problem, it's a Norton Ghost CD of the O/S after it was installed. Does this help? -- "Jose" wrote: > On Nov 25, 12:12 pm, Skye <S...(a)discussions.microsoft.com> wrote: > > Thanks for info. Last known good config doesn't work either and I don't know > > how to check the infected PC if I can't get into the o/s. PC's here don't > > come with an installation CD so I can't do a repair. Hmmmmm!!! > > Skye > > What program(s) did you use to remove the trojan? > > Unless you want to try a lot of things, the most efficient way to > troubleshoot and resolve your issue is to come up with (beg, borrow, > copy) a genuine bootable XP installation CD. > > Failing that, create a bootable XP Recovery Console CD - which you can > do with no XP media. > > Then troubleshoot and resolve the issue. > > . >
From: Skye on 25 Nov 2009 16:34 I am a novice as far as your resolutions are concerned and it may be that I will need to do a re-installation. The machine isn't networked either, see my reply above to Jose re the CD I do have. Many thanks for your help. -- "Pegasus [MVP]" wrote: > > "Skye" <Skye(a)discussions.microsoft.com> wrote in message > news:F08BFA54-147D-4A08-9AE9-A309EFD48AE4(a)microsoft.com... > > After a trojan was cleaned on my PC running XP Home I can no longer get > > back > > into the operating system. I can't get past the logon screen using either > > Administrator or User, nothing happens it just says logging on then > > immediately logs off and I can't get into safe mode either. I remember > > seeing > > that the trojan was in Windows User Logon Hotkey Registry, not necessarily > > in > > that order though. Any advice guys? > > Thanks, Skye. > > -- > > There appear to be two issues here: > a) The virus infection. > b) The logon/logoff loop. > > About a): In my opinion, machines that are infected are compromised and > should be reloaded. You will need to decide if it worth the trouble spending > a lot of time in an attempt at cleaning the machine and perhaps ending up > with an unstable machine. A re-installation would give you a result of > guaranteed quality within a few hours. > > About b): This looping behaviour is usually caused by an inability of > Windows to locate the file userinit.exe. The cure depends on your setup: > - It is easy if the machine is networked with an other machine and if you > know the Administrator's password. > - It is less easy if you can connect its hard disk as a slave disk (or as a > USB disk) to some other machine. > - It is quite hard if none of the above apply. > "Hard" means that the process is quite complex, possibly difficult to > understand if you're a novice and very time consuming. > > > . >
From: Skye on 25 Nov 2009 16:38 I have no idea how to create a bootable XP CD -- "Jose" wrote: > On Nov 25, 2:25 pm, "Pegasus [MVP]" <n...(a)microsoft.com> wrote: > > "Skye" <S...(a)discussions.microsoft.com> wrote in message > > > > news:F08BFA54-147D-4A08-9AE9-A309EFD48AE4(a)microsoft.com... > > > > > After a trojan was cleaned on my PC running XP Home I can no longer get > > > back > > > into the operating system. I can't get past the logon screen using either > > > Administrator or User, nothing happens it just says logging on then > > > immediately logs off and I can't get into safe mode either. I remember > > > seeing > > > that the trojan was in Windows User Logon Hotkey Registry, not necessarily > > > in > > > that order though. Any advice guys? > > > Thanks, Skye. > > > -- > > > > There appear to be two issues here: > > a) The virus infection. > > b) The logon/logoff loop. > > > > About a): In my opinion, machines that are infected are compromised and > > should be reloaded. You will need to decide if it worth the trouble spending > > a lot of time in an attempt at cleaning the machine and perhaps ending up > > with an unstable machine. A re-installation would give you a result of > > guaranteed quality within a few hours. > > > > About b): This looping behaviour is usually caused by an inability of > > Windows to locate the file userinit.exe. The cure depends on your setup: > > - It is easy if the machine is networked with an other machine and if you > > know the Administrator's password. > > - It is less easy if you can connect its hard disk as a slave disk (or as a > > USB disk) to some other machine. > > - It is quite hard if none of the above apply. > > "Hard" means that the process is quite complex, possibly difficult to > > understand if you're a novice and very time consuming. > > I would not entertain reinstalling anything until the system is > determined to be unfixable using other methods. That has yet to be > determined. > > The userinit.exe may indeed be the problem (I would start there too > given the information so far) and that can be determined and perhaps > fixed in just a few minutes using a bootable XP installation CD or a > bootable Recovery Console CD. > > The yet to be determined software used to remove the trojan could also > be the culprit. Some, in their zeal, can render a system inoperative, > but usually easy to fix - once the system boots on something. > > Please add ~5-10 minutes to create a bootable XP Recovery Console CD. > Do you need those instructions? > > After the system boots properly, more comprehensive scans for > malicious software can be run. > . >
From: Pegasus [MVP] on 25 Nov 2009 16:43
"Jose" <jose_ease(a)yahoo.com> wrote in message news:1835d0ca-a3a3-461c-b701-8fa37deb74cb(a)c3g2000yqd.googlegroups.com... On Nov 25, 2:25 pm, "Pegasus [MVP]" <n...(a)microsoft.com> wrote: > "Skye" <S...(a)discussions.microsoft.com> wrote in message > > news:F08BFA54-147D-4A08-9AE9-A309EFD48AE4(a)microsoft.com... > > > After a trojan was cleaned on my PC running XP Home I can no longer get > > back > > into the operating system. I can't get past the logon screen using > > either > > Administrator or User, nothing happens it just says logging on then > > immediately logs off and I can't get into safe mode either. I remember > > seeing > > that the trojan was in Windows User Logon Hotkey Registry, not > > necessarily > > in > > that order though. Any advice guys? > > Thanks, Skye. > > -- > > There appear to be two issues here: > a) The virus infection. > b) The logon/logoff loop. > > About a): In my opinion, machines that are infected are compromised and > should be reloaded. You will need to decide if it worth the trouble > spending > a lot of time in an attempt at cleaning the machine and perhaps ending up > with an unstable machine. A re-installation would give you a result of > guaranteed quality within a few hours. > > About b): This looping behaviour is usually caused by an inability of > Windows to locate the file userinit.exe. The cure depends on your setup: > - It is easy if the machine is networked with an other machine and if you > know the Administrator's password. > - It is less easy if you can connect its hard disk as a slave disk (or as > a > USB disk) to some other machine. > - It is quite hard if none of the above apply. > "Hard" means that the process is quite complex, possibly difficult to > understand if you're a novice and very time consuming. I would not entertain reinstalling anything until the system is determined to be unfixable using other methods. That has yet to be determined. Please add ~5-10 minutes to create a bootable XP Recovery Console CD. Do you need those instructions? After the system boots properly, more comprehensive scans for malicious software can be run. =========== Please reply to the OP, not to me when your response is meant for him/her. |