[havox]

I have been having this problem. I've been in a looping logging on/off situation in which i would log in, then one sec later, log off. i've tried using a windos xp os cd to boot from and launch the recovery tool. However, when it asks for an administrator password, im confused because i dont HAVE one. i've left it blank and pushed enter, but it still says its invalid. Im sure that i do not have a password because when i log on to my only account, it does not require a password. also, when i booted up in safe mode, and log into 'administrator' it also doesn't ask for a password, it simply logs on then off.

need some help, i would really rather not have to format my entire laptop.

im running windows xp on an Acer 5672

[Advertisements]

the easiest way is to get a copy of ERD commander to check the registry. You can check the location of the file and rename it to what usually is in the registry due to spyware to get going using recovery console but if you are having problems login in under admin you can't do that.
If using ERD:
you can download it here and then burn the image to a disk using nero or other burning software. When you boot it up go to start then admin tools and then regedit. When registry editor opens navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
when you have winlogon selected on the right you should see a key called userinit and in the value of it should be C:\windows\system32\userinit.exe
If it points to different file you can change it or create it if it doesn't exist.
also check to make sure the key "shell" shows explorer.exe
also while you are there check the C:\windows\system32\ directory to make sure you have a file called userinit.exe.
You can also do similar with bartPE

EDIT:not sure on the policy on posting links to download soft. i deleted the link, pm me if you need it.
EDIT2:
another way that might be more convenient. Straight from one of the microsoft articles:
Steps for rectifying this problem:


* Log on to a networked computer.
* Run Regedit.exe
* Point your cursor to HKEY_LOCAL_MACHINE
* Select File > Connect Remote Registry
* Type computer name (infected computer)
* Navigate to the following location in registry of destination or infected computer



HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon


* Edit these two values in right pane:


Shell
Userinit


* Change these two values to

Shell=explorer.exe
Userinit = x:\windows\system32\userinit.exe


* Exit from Registry
* Restart Infected computer.
* You should be able to log on to computer.

Edited by yevgenievich, 17 December 2008 - 11:55 PM.

[yevgenievich]

the easiest way is to get a copy of ERD commander to check the registry. You can check the location of the file and rename it to what usually is in the registry due to spyware to get going using recovery console but if you are having problems login in under admin you can't do that.
If using ERD:
you can download it here and then burn the image to a disk using nero or other burning software. When you boot it up go to start then admin tools and then regedit. When registry editor opens navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
when you have winlogon selected on the right you should see a key called userinit and in the value of it should be C:\windows\system32\userinit.exe
If it points to different file you can change it or create it if it doesn't exist.
also check to make sure the key "shell" shows explorer.exe
also while you are there check the C:\windows\system32\ directory to make sure you have a file called userinit.exe.
You can also do similar with bartPE

EDIT:not sure on the policy on posting links to download soft. i deleted the link, pm me if you need it.
EDIT2:
another way that might be more convenient. Straight from one of the microsoft articles:
Steps for rectifying this problem:


* Log on to a networked computer.
* Run Regedit.exe
* Point your cursor to HKEY_LOCAL_MACHINE
* Select File > Connect Remote Registry
* Type computer name (infected computer)
* Navigate to the following location in registry of destination or infected computer



HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon


* Edit these two values in right pane:


Shell
Userinit


* Change these two values to

Shell=explorer.exe
Userinit = x:\windows\system32\userinit.exe


* Exit from Registry
* Restart Infected computer.
* You should be able to log on to computer.

Edited by yevgenievich, 17 December 2008 - 11:55 PM.

[havox]

sorry, im having a little trouble deciphering what you're meaning. after i dl the ERD, what do i do? burn the file? make an image? or do i run the install and THEN burn it?

if i can't loggin to admin, then what?

[yevgenievich]

if you choose to use ERD commander. You will need to burn the image to a cd. Once you have the disk you will need to boot of the disk. I think for acer to boot from a disk is f12 or Esc. Once you are in ERD commander it will ask if you want to attach to windows xp installation. Press ok. It will try to load network stuff, just cancel. So it load in ERD commander, go to start->admin tools->registry editor
when registry editor opens navigate to this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
when you have winlogon selected on the right you should see a key called "userinit"(along with many different entries) and in the value of it should be C:\windows\system32\userinit.exe
If it points to different file you can change it or create it if it doesn't exist by double clicking on existing one to change or right click then select "new" then "key". You can type the name Userinit for they key. Once created edit it with the path.
also check to make sure the key "shell" shows explorer.exe
also while you are there check the C:\windows\system32\ directory to make sure you have a file called userinit.exe.

Edited by yevgenievich, 19 December 2008 - 09:22 PM.

[havox]

i think one of the reasons this is not working for me is that im not burning ERD commander correctly, can you post the link to ERD commander again? your above link didnt work