General discussion

Locked

I Cannot log onto XP in Safe Mode

By me ·
I suspect a virus is causing constant WINLOGON FAILURE. Attempts to mitigate with taskmgr fail with stop error C000021a BSOD.

Cannot logon in safe mode console as Administrator Attempts result in shutting down system, or looping of logon screen.

How do I stop viral processes with only the Recovery console available to me? Which corrupted files should I extract from the recovery cd?

The whole community appreciates your help.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to I Cannot log onto XP in S ...

you could try Recovery console. boot from xp cd and tap r key. login at console prompt with local administrator account. password may be blank.
run sasser removal tool or removal tools of your choice.
second idea, boot from xp installation cd. tell it you want to (re)install XP. it should go and find your existing installation and ask if you want to recover it. yes, please.
good luck hope it helps

Collapse -

by cglrcng In reply to I Cannot log onto XP in S ...

The viral process you describe seems to be Sasser worm (nearly identical stop process and repair regimen as the Blater worm only using the Sasser patch & the Sasser removal tool. Can you get into XP normally at all, even momentarily? If you can, right click My Computer, choose properties, then choose the advanced tab, then Startup & Recovery, uncheck the box "Automatically Restart" under System Failure. Then restart the computer. Then go immediately to (use an uninfected computer if possible), www.grc.com, get most of the freeware tools listed there, but especially Shootthemessenger & DCOMBobulate, make sure you lso pick up the Raw Sockets tool. Also go get the Sasser repair tool from Symantec.com, and the patch suite from MS.

Turn off System restore first, install DCOMBobulate (closes unneeded DCOM ports stopping those nasty RPC clients from running), install Shootthemessenger (this shuts of Windows Messenger and doesn't stop th MSN Messenger at all), who needs those nasty backdoor MS ads anyway.

Patch the computer to keep Sasser from reinfecting after the tool is run. Then run the Sasser removal tool, update (or reinstall your AV if the worm affected it from loading normally) your AV and Firewall (I personally use both the XP firewall and ZA free w/ no problems between the two), run a full scan and do the final cleanup.

Good Luck!

Collapse -

by cglrcng In reply to

If you can't get in, come back here....You really do not have to be in safe mode the first time you run the tool, it's etter if ou can be, but it isn't absolutely necessary. Stop those worm processes anyway you can, kill the basic tasks & processes using the manual removal instructions @ Symantec if you have to, then Safe Mode is easier to reach.

I dealt w/ this worm on 2 machines way back in February and didn't really know what it was (acted way too much exactly like Blaster, only the Blaster tools had no affect on it), and entry was actually made via MSN Messenger, client had blocked a contact while they were talking and the clients machine had attacked via an RPC client using a DCOM port. Ran the removal tool on both machines last week and sure enough they were infected. (Both machines are currently fixed).

Collapse -

by me In reply to

I cannot log into windows. The logongui comes up, and I enter a profile to logon and the "Loading user settings" dialog appears, then before it displays anything else the "Logging off" dialog appears, saving user settings and restarting the computer.

Collapse -

by w2ktechman In reply to I Cannot log onto XP in S ...

If you cannot get to safe mode, try system restore. After the restore point scan with AV and patch the system.

Collapse -

by me In reply to

Cannot restore if I cannot get into the gui. The commmand line restore prog won't run from the recovery console, which is the only thing I can load. I could probably restore a previous saved registry export, except the regedit command will not work in restore mode.

Any suggestions?

Collapse -

by me In reply to I Cannot log onto XP in S ...

Perhaps I wasn't clear enough, I could not log into windows at all, not even in safe mode. I was able to use suggestion below to perform a reinstall/repair option to bring windows where I can log in in safe mode. The problem now is that none of the user profiles will load, but it is up. Thanks.

Back to Desktop Forum
7 total posts (Page 1 of 1)  

Related Forums