Question

Locked

Immediate Log Off

By wancona ·
I have a computer that I am working on. I ran a virus scan on the hard drive. There were about 4 trojan viruses on it. The anti-virus deleted the infected files. I think it may have attacked the registry. Something about userinit.exe. The current problem is as soon as you click the username (XP Home system) the computer logs in, and immediately logs off. I have done some research, and it says that it is something wrong with the registry file. However, I can't log into Windows to edit the registry. I can't connect to it through the network ability of the regedit.exe, under file. I have no idea what to do. Is there any other options for changing this registry key?

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Have you tried Safe Mode?

by OH Smeg In reply to Immediate Log Off

To get there after the POST Screen but before the Windows Starting screen press the F8 Key when you get a White on Black screen using the arrow keys highlight Safe Mode and press Enter.

This will start the unit in Safe Mode.

If that doesn't work try a In Place Install

http://support.microsoft.com/kb/315341

But you need a M$ Branded Install Disc for this not a System Makers recovery Disc.

Col

Collapse -

Safe Mode / In-Place Install

by wancona In reply to Have you tried Safe Mode?

I have tried it in safe mode. Both the user and the administrator still have the same problem.

Does the In-Place install delete files? I figured that I could easily do a re-install with the license key on the box, but the user wants to keep his pictures. He has thousand of family photos on his computer, which he really wants to keep.

Collapse -

Well if every thing goes smoothly

by OH Smeg In reply to Safe Mode / In-Place Inst ...

A In Pace Install will retain the all of the Programs and files currently installed.

But if something goes wrong or the steps are not correctly followed you can wipe the HDD.

You should always have a Working Backup before proceeding with any major change to any computer system.

Col

Collapse -

This will get you running again

by Jacky Howe In reply to Immediate Log Off

logon - logoff issue in Windows

Enter the Recovery Console
<br><br>
Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console.
<br><br>
1: C:\WINDOWS
<br><br>
Which Windows Installation would you like to log on to
(To cancel, press ENTER)?
After you enter the number for the appropriate Windows installation, Windows will then prompt you to enter the Administrator account password.
<br><br>
Note If you use an incorrect password three times, the Windows Recovery Console closes. Also, if the Security Accounts Manager (SAM) database is missing or damaged, you cannot use the Windows Recovery Console because you cannot have correct authentication. After you enter your password and the Windows Recovery Console starts, type exit to restart the computer.
<br><br>
Type the following command and press Enter.
<br><br>
CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)
At the prompt type in
<b>COPY USERINIT.EXE WSAUPDATER.EXE</b>
<br><br>
Quit Recovery Console by typing EXIT and restart Windows.
<br><br>
You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)
<br><br>
<b>"WARNING MODIFYING REGISTRY INFORMATION IS DANGEROUS"</b>
Backup the Key before making changes.
<br><br>
Now, change the USERINIT value in the registry
Click Start, Run and type <b>Regedt32</b> and press Enter.
<br><br>
Navigate to:
<br><br>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
<br><br>
In the right pane you will see that the value of the Userinit key is incorrectly set to <b>"wsaupdater.exe,"</b>
<br><br>

In the right-pane, change the value of Userinit to C:\WINDOWS\system32\<b>userinit.exe,</b>
<br><br>
Type the above value exactly as given, including the comma. Also, change the path to userinit.exe appropriately if Windows is installed in a different drive.
<br><br>
Close Registry Editor and restart Windows.</br>

Collapse -

I don't want to sound stupid but

by wancona In reply to This will get you running ...

I used a Windows XP disk to boot and start the setup. I pressed R for recovery. I selected the right windows installation, and entereded the password. However when i changed directory to system32, and tried to copy the file to wsaupdater.exe, it said file not found. Is the userinit.exe file located somewhere else?

Collapse -

Boot from the disk again

by Jacky Howe In reply to I don't want to sound stu ...

there is another copy in c:\windows\servicepackfiles\i386 also check your registry as in the above steps just in case.

Type this in at a command prompt and press enter.

copy c:\windows\servicepackfiles\i386\userinit.exe c:\windows\system32\userinit.exe

Restart the system.

Collapse -

This is what I did to fix it. Don't know why it worked.

by wancona In reply to Immediate Log Off

I took the hard drive out of the computer. I hooked it up to a USB device and power supply to attach to my laptop. This way I could at least copy the files to my computer to put back after I reinstalled the OS. I took ownership of the user's documents and settings folder, because this is where his pictures were located. After I took ownership, I copied them over to my HD. I re-inserted his HD into his computer and it booted right up. I had an error message that said something about not being able to load that user's desktop and it was switching to the default user. This allowed me to log in, I checked the Registry and the C:\windows\system32\userinit.exe file was already there. I created a new user with administrative priviledges. Restarted to the computer in safe mode. I gave ownership and rights of the necessary document files to the newly created user. Restarted again, copied the files into the new user profile. Then deleted the "corrupted" user.

Collapse -

This is what I did to fix it. Don't know why it worked.

by wancona In reply to Immediate Log Off

I took the hard drive out of the computer. I hooked it up to a USB device and power supply to attach to my laptop. This way I could at least copy the files to my computer to put back after I reinstalled the OS. I took ownership of the user's documents and settings folder, because this is where his pictures were located. After I took ownership, I copied them over to my HD. I re-inserted his HD into his computer and it booted right up. I had an error message that said something about not being able to load that user's desktop and it was switching to the default user. This allowed me to log in, I checked the Registry and the C:\windows\system32\userinit.exe file was already there. I created a new user with administrative priviledges. Restarted to the computer in safe mode. I gave ownership and rights of the necessary document files to the newly created user. Restarted again, copied the files into the new user profile. Then deleted the "corrupted" user.

Collapse -

You just answerd

by Jacky Howe In reply to This is what I did to fix ...

your question. Somehow the users profile became corrupted. Good to see that you are up and running.

Back to Malware Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums