Can't Logon
in [Windows XP]
|
Prev: kernrate and cpu
Next: Serscan.sys
From: Jose on 25 Nov 2009 19:07 On Nov 25, 4:43 pm, "Pegasus [MVP]" <n...(a)microsoft.com> wrote: > "Jose" <jose_e...(a)yahoo.com> wrote in message > > news:1835d0ca-a3a3-461c-b701-8fa37deb74cb(a)c3g2000yqd.googlegroups.com... > On Nov 25, 2:25 pm, "Pegasus [MVP]" <n...(a)microsoft.com> wrote: > > > > > > > "Skye" <S...(a)discussions.microsoft.com> wrote in message > > >news:F08BFA54-147D-4A08-9AE9-A309EFD48AE4(a)microsoft.com... > > > > After a trojan was cleaned on my PC running XP Home I can no longer get > > > back > > > into the operating system. I can't get past the logon screen using > > > either > > > Administrator or User, nothing happens it just says logging on then > > > immediately logs off and I can't get into safe mode either. I remember > > > seeing > > > that the trojan was in Windows User Logon Hotkey Registry, not > > > necessarily > > > in > > > that order though. Any advice guys? > > > Thanks, Skye. > > > -- > > > There appear to be two issues here: > > a) The virus infection. > > b) The logon/logoff loop. > > > About a): In my opinion, machines that are infected are compromised and > > should be reloaded. You will need to decide if it worth the trouble > > spending > > a lot of time in an attempt at cleaning the machine and perhaps ending up > > with an unstable machine. A re-installation would give you a result of > > guaranteed quality within a few hours. > > > About b): This looping behaviour is usually caused by an inability of > > Windows to locate the file userinit.exe. The cure depends on your setup: > > - It is easy if the machine is networked with an other machine and if you > > know the Administrator's password. > > - It is less easy if you can connect its hard disk as a slave disk (or as > > a > > USB disk) to some other machine. > > - It is quite hard if none of the above apply. > > "Hard" means that the process is quite complex, possibly difficult to > > understand if you're a novice and very time consuming. > > I would not entertain reinstalling anything until the system is > determined to be unfixable using other methods. That has yet to be > determined. > > Please add ~5-10 minutes to create a bootable XP Recovery Console CD. > Do you need those instructions? > > After the system boots properly, more comprehensive scans for > malicious software can be run. > > =========== > > Please reply to the OP, not to me when your response is meant for him/her.. I'll try to do better!
From: Jose on 25 Nov 2009 19:13 On Nov 25, 4:38 pm, Skye <S...(a)discussions.microsoft.com> wrote: > I have no idea how to create a bootable XP CD > -- You can easily make a bootable Recovery Console CD by downloading an ISO file and burning it to a CD. This is not the same as bootable XP installation CD, but it may be all you need to resolve your issue, and it may come in handy some other day. See if you can get this much working: The bootable ISO image file you need to download is called: xp_rec_con.iso Download the ISO file from here: http://www.mediafire.com/?ueyyzfymmig Use this free and easy program to create your bootable CD: http://www.imgburn.com/ It would be a good idea to test your bootable CD on a computer that is working. You may need to adjust the computer BIOS settings to use the CD ROM drive as the first boot device instead of the hard disk. These adjustments are made before Windows tries to load. If you miss it, you will have to reboot the system again. When you boot on the CD, follow the prompts: Press any key to boot from CD... The Windows Setup... will proceed. Press 'R' to enter the Recovery Console. Select the installation you want to access (usually 1: C:\WINDOWS) You may be asked to enter the Administrator password (usually empty). You should be in the C:\WINDOWS folder. This is the same as the C:\WINDOWS folder you see in explorer.
From: Skye on 26 Nov 2009 06:42 Thanks for your help. I will have to wait until this evening before I have time to follow these instructions but first, when I do get into the C/Windows folder, what will be the advantage as I wouldn't know what to do from here-on-in? -- "Jose" wrote: > On Nov 25, 4:38 pm, Skye <S...(a)discussions.microsoft.com> wrote: > > I have no idea how to create a bootable XP CD > > -- > > You can easily make a bootable Recovery Console CD by downloading an > ISO file and burning it to a CD. > > This is not the same as bootable XP installation CD, but it may be all > you need to resolve your issue, and it may come in handy some other > day. > > See if you can get this much working: > > The bootable ISO image file you need to download is called: > > xp_rec_con.iso > > Download the ISO file from here: > > http://www.mediafire.com/?ueyyzfymmig > > Use this free and easy program to create your bootable CD: > > http://www.imgburn.com/ > > It would be a good idea to test your bootable CD on a computer that is > working. > > You may need to adjust the computer BIOS settings to use the CD ROM > drive > as the first boot device instead of the hard disk. These adjustments > are > made before Windows tries to load. If you miss it, you will have to > reboot > the system again. > > When you boot on the CD, follow the prompts: > > Press any key to boot from CD... > > The Windows Setup... will proceed. > > Press 'R' to enter the Recovery Console. > > Select the installation you want to access (usually 1: C:\WINDOWS) > > You may be asked to enter the Administrator password (usually empty). > > You should be in the C:\WINDOWS folder. This is the same as the > C:\WINDOWS folder you see in explorer. > > > . >
From: Jose on 26 Nov 2009 10:35 On Nov 26, 6:42 am, Skye <S...(a)discussions.microsoft.com> wrote: > Thanks for your help. I will have to wait until this evening before I have > time to follow these instructions but first, when I do get into the C/Windows > folder, what will be the advantage as I wouldn't know what to do from > here-on-in? > -- > > > > "Jose" wrote: > > On Nov 25, 4:38 pm, Skye <S...(a)discussions.microsoft.com> wrote: > > > I have no idea how to create a bootable XP CD > > > -- > > > You can easily make a bootable Recovery Console CD by downloading an > > ISO file and burning it to a CD. > > > This is not the same as bootable XP installation CD, but it may be all > > you need to resolve your issue, and it may come in handy some other > > day. > > > See if you can get this much working: > > > The bootable ISO image file you need to download is called: > > > xp_rec_con.iso > > > Download the ISO file from here: > > >http://www.mediafire.com/?ueyyzfymmig > > > Use this free and easy program to create your bootable CD: > > >http://www.imgburn.com/ > > > It would be a good idea to test your bootable CD on a computer that is > > working. > > > You may need to adjust the computer BIOS settings to use the CD ROM > > drive > > as the first boot device instead of the hard disk. These adjustments > > are > > made before Windows tries to load. If you miss it, you will have to > > reboot > > the system again. > > > When you boot on the CD, follow the prompts: > > > Press any key to boot from CD... > > > The Windows Setup... will proceed. > > > Press 'R' to enter the Recovery Console. > > > Select the installation you want to access (usually 1: C:\WINDOWS) > > > You may be asked to enter the Administrator password (usually empty). > > > You should be in the C:\WINDOWS folder. This is the same as the > > C:\WINDOWS folder you see in explorer. > > > . If you can get that far, and if this issue is the "userinit.exe issue", we can replace your userinit.exe if it is missing or corrupted. It could be that your scanning software thought the userinit.exe was infected and removed it. If you have no userinit.exe, you will not be able to login - ever. Maybe it was infected and if so, we will replace it. If sure sounds like it - you login, loading your personal settings, then saving your personal settings and back to the login screen, yes? It is a popular target for malware - fix your system so you can't login. Ha-ha! Another symptom of the userinit.exe infection is the registry may be modified to point to another executable instead of userinit.exe and the bogus executable was removed by the scan (the scan worked!), but the registry is still afflicted and pointing to a file that does not exist instead of userinit.exe. If that is the case, we can fool the system temporarily to allow you to boot and then fix it properly. The userinit.exe controls all the logins for all users - regular mode, and kind of Safe Mode... This is why "trying" to boot in any kind Safe Mode is a waste of time. You can "try" all the Safe Modes if you want, but it will never work. You can "try" to login as Administrator but that is also a waste of time and even if any of that worked, what would you do next? Try some more things? You can reinstall Windows and all your applications - that will fix it for sure but is not very convenient and you don't even have an XP installation CD to do that. You could "try" to repair XP, but you don't have an installation CD to do that either. Is your machine on some network so you can access it from some other machine? Probably not for the typical home user. You could "try" to get your computer on some network - then what? You can take your HDD out and put it in another machine and scan it there, but why? That is a complicated process if you are not handy moving around computer hardware. Plus, that will not replace the userinit.exe. If you got it moved, what would you do next? Try some more things? There is too much trying. You need to be doing. Get your RC disk made and booting, then we can do some things. While you are waiting, see if you can find a genuine bootable XP installation CD (not a manufacturers recovery CD) and make yourself a copy and put it with you new bootable RC disc.
From: Skye on 26 Nov 2009 17:06
Thanks sooooooooooooooooo much for your time and effort in helping me sort the problem. With your info and the help of a pal next door, between us we have managed to get the userinit back into the registry somehow and now I am up and running again. Ran Spysweeper and Malwarebytes which found numerous virus', trojans and other errors which have now been rectified and all seems ok except for the System Restore, it no longer works. As soon as I access it a message appears saying I must restart my computer after which the same message appears again. Any ideas on this one? -- "Jose" wrote: > On Nov 26, 6:42 am, Skye <S...(a)discussions.microsoft.com> wrote: > > Thanks for your help. I will have to wait until this evening before I have > > time to follow these instructions but first, when I do get into the C/Windows > > folder, what will be the advantage as I wouldn't know what to do from > > here-on-in? > > -- > > > > > > > > "Jose" wrote: > > > On Nov 25, 4:38 pm, Skye <S...(a)discussions.microsoft.com> wrote: > > > > I have no idea how to create a bootable XP CD > > > > -- > > > > > You can easily make a bootable Recovery Console CD by downloading an > > > ISO file and burning it to a CD. > > > > > This is not the same as bootable XP installation CD, but it may be all > > > you need to resolve your issue, and it may come in handy some other > > > day. > > > > > See if you can get this much working: > > > > > The bootable ISO image file you need to download is called: > > > > > xp_rec_con.iso > > > > > Download the ISO file from here: > > > > >http://www.mediafire.com/?ueyyzfymmig > > > > > Use this free and easy program to create your bootable CD: > > > > >http://www.imgburn.com/ > > > > > It would be a good idea to test your bootable CD on a computer that is > > > working. > > > > > You may need to adjust the computer BIOS settings to use the CD ROM > > > drive > > > as the first boot device instead of the hard disk. These adjustments > > > are > > > made before Windows tries to load. If you miss it, you will have to > > > reboot > > > the system again. > > > > > When you boot on the CD, follow the prompts: > > > > > Press any key to boot from CD... > > > > > The Windows Setup... will proceed. > > > > > Press 'R' to enter the Recovery Console. > > > > > Select the installation you want to access (usually 1: C:\WINDOWS) > > > > > You may be asked to enter the Administrator password (usually empty). > > > > > You should be in the C:\WINDOWS folder. This is the same as the > > > C:\WINDOWS folder you see in explorer. > > > > > . > > If you can get that far, and if this issue is the "userinit.exe > issue", we can replace your userinit.exe if it is missing or > corrupted. It could be that your scanning software thought the > userinit.exe was infected and removed it. If you have no > userinit.exe, you will not be able to login - ever. Maybe it was > infected and if so, we will replace it. > > If sure sounds like it - you login, loading your personal settings, > then saving your personal settings and back to the login screen, yes? > > It is a popular target for malware - fix your system so you can't > login. Ha-ha! > > Another symptom of the userinit.exe infection is the registry may be > modified to point to another executable instead of userinit.exe and > the bogus executable was removed by the scan (the scan worked!), but > the registry is still afflicted and pointing to a file that does not > exist instead of userinit.exe. If that is the case, we can fool the > system temporarily to allow you to boot and then fix it properly. > > The userinit.exe controls all the logins for all users - regular mode, > and kind of Safe Mode... This is why "trying" to boot in any kind > Safe Mode is a waste of time. You can "try" all the Safe Modes if you > want, but it will never work. You can "try" to login as Administrator > but that is also a waste of time and even if any of that worked, what > would you do next? Try some more things? > > You can reinstall Windows and all your applications - that will fix it > for sure but is not very convenient and you don't even have an XP > installation CD to do that. > > You could "try" to repair XP, but you don't have an installation CD to > do that either. > > Is your machine on some network so you can access it from some other > machine? Probably not for the typical home user. You could "try" to > get your computer on some network - then what? > > You can take your HDD out and put it in another machine and scan it > there, but why? That is a complicated process if you are not handy > moving around computer hardware. Plus, that will not replace the > userinit.exe. If you got it moved, what would you do next? Try some > more things? > > There is too much trying. You need to be doing. > > Get your RC disk made and booting, then we can do some things. > > While you are waiting, see if you can find a genuine bootable XP > installation CD (not a manufacturers recovery CD) and make yourself a > copy and put it with you new bootable RC disc. > > . > |