• Creator
  • #2150591

    Unable to logon


    by anqara05 ·

    one of our users received the UPS_invoice.exe virus and clicked on it.
    now after he restarted his computer, he logs on the background is blue and right after the logon audio is played the logoff audio follows and the sessions logsoff right away.

    i tried chkdsk , scanned with Norton , nothing found.

    anybody has any idea will be appreciated.


All Answers

  • Author
    • #2914039


      by anqara05 ·

      In reply to Unable to logon


    • #2914037

      turn off

      by clarkd038 ·

      In reply to Unable to logon

      turn off system restore then run norton antivirus, as it may be hiding in there. Or do a system restore to before the virus was recieved.

    • #2914036


      by loonit ·

      In reply to Unable to logon

      Try to log in as a different user and install the Kaspersky trial version AV software. Norton pretty much blows as does McCrapee. If you cant get onto it long enough to install anything, try to salvage your important files (connect drive to a sandbox or something)and just douche the whole thing.

      • #2926455

        can’t logon period!

        by anqara05 ·

        In reply to Kaspersky

        let me add that i tried different logon accounts both on normal and safe mode.
        it logs on long enough to play the logon audio, which is less than 10 secs and then logs off right after. the user logon files are messed up and i need to fix them remotely , the problem is accessing the registry remotely as well.

        so i can’t do a system restore, or install any Antivirus solution.

    • #2926441

      See if this will get you back in

      by rob miners ·

      In reply to Unable to logon

      Enter the Recovery Console

      Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press “R” (in the first screen) enter the Recovery Console.

      1: C:\WINDOWS

      Which Windows Installation would you like to log on to
      (To cancel, press ENTER)?
      After you enter the number for the appropriate Windows installation, Windows will then prompt you to enter the Administrator account password.

      Note If you use an incorrect password three times, the Windows Recovery Console closes. Also, if the Security Accounts Manager (SAM) database is missing or damaged, you cannot use the Windows Recovery Console because you cannot have correct authentication. After you enter your password and the Windows Recovery Console starts, type exit to restart the computer.

      Type the following command and press Enter.

      CD SYSTEM32
      (If that does not work, try CHDIR SYSTEM32)
      At the prompt type in

      Quit Recovery Console by typing EXIT and restart Windows.

      You’ll be able to login successfully as you’ve created the wsaupdater.exe file (now, a copy of userinit.exe)

      Backup the Key before making changes.

      Now, change the USERINIT value in the registry
      Click Start, Run and type Regedt32 and press Enter.

      Navigate to:


      In the right pane you will see that the value of the Userinit key is incorrectly set to “wsaupdater.exe,”

      In the right-pane, change the value of Userinit to C:\WINDOWS\system32\userinit.exe,

      Type the above value exactly as given, including the comma. Also, change the path to userinit.exe appropriately if Windows is installed in a different drive.

      Close Registry Editor and restart Windows.

      If you haven’t access to an XP CD, here is an alternative.

      The Windows Vista Recovery CD can be used to Boot to a Command Prompt where you can run these Commands.

      Boot from the CD and on the first screen click Next, click Repair your computer, click Next and select Command Prompt.

      It does’nt matter if the Default OS is XP it can still be used on XP PRO or Home.

      Creating a Windows Vista Recovery CD

      Download from here:

      • #2926319

        No go

        by anqara05 ·

        In reply to See if this will get you back in

        This didn’t work either.
        i copied the file over and then i rebooted and tried to logon, still the same issue.

        any other ideas.


        • #2926302


          by cmiller5400 ·

          In reply to No go

          take the hard drive out and plop it into a USB caddy. Then plug that into a working computer and then copy all your files off. (Make sure that the computer has an up to date antivirus program installed and working!!) Then put the drive back in the computer and run [url=]DBAN[/url] on it to wipe the drive and then reload the OS.

        • #2926299

          Best choice

          by wehkingml ·

          In reply to Yup.

          Yep, I agree. Pull off your files you need, DBan, and rebuild from scratch.

          Also don’t allow your users to be Admins or Power users. If this user had a regular user accounts they would not have been able to run the exe file. This will save you lots of headaches.

        • #2926269


          by anqara05 ·

          In reply to Best choice

          yeah i gave up on solving the issue, i tried many suggestions none of them worke.
          I’m backing up the data now and will format the HD later.

          thanks for all the help people. i really appreciate it.

        • #2926170


          by cmiller5400 ·

          In reply to Yup

          Sometimes they are so FUBAR they can not be recovered. Much simpler to rebuild than to tinker with something that probably will be very unstable anyway.

        • #2926150

          I have to agree

          by rob miners ·

          In reply to Yup

          with cmiller5400 here. Sometimes it just isn’t worth the trouble. Get the Data off and Nuke the drive.

        • #2925433

          Nuked it

          by anqara05 ·

          In reply to I have to agree

          that’s what i had to do. i tried BartPE utility it wouldn’t boot it goes to blue screen, so i took data off and wiped the drive.

          thanks for your help.

Viewing 3 reply threads