login logoff loop

ok i wish i knew more about computers but i dont so i went searching for help online and found your wonderful site that had a forum post from about 4 years ago with the same problem i am having right now on my home PC running xp, this is the story i got a worm that attached its self to my userinit file it pretty much took over my computer well i have no clue as to what happened but my virus software AVG 8.0 kept finding this same infected file over and over "userinit.exe" i was able to network some of my photos over to my husbands computer but i didnt think i would get stuck in this login logoff loop so there are still files that i need off my computer. anyways what is happening is my coputer logs in to the welcome screen then shows my background for a split second the back to the welcome screen that says logging off,

so one of your users "garry" i think, posted about useing the xp cd to boot, i get as far as getting in to the recovery console, i cant seem to get in to the system32 when i type it, the recovery console doesnt reconize the command, what command should i use if any that would get me to the point of C:/windows/system32

http://www.geekstogo...Off-t15771.html
Had a chance to read up on this issue and I suspect I know why this is happening, but fixing it is a bit of a problem because we need to know what the bad file it.

The most common cause of this right now, is running a malware detection progam that deletes a file, but the registry still points at it. This, wsaupdater.exe, seems to be the most widely seen culprit, but it could potentially be other things, too.

Let's test it out.

Boot using your winxp cd.
Enter recovery console.
at the command prompt go to

C:/windows/system32

next type:
Dir *.exe

If you find, it, type

copy userinit.exe wsaupdater.exe

Exit and reboot normally. You should now be able to logon.

Run regedit

Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

In the right pane, you should see

C:\WINDOWS\System32\wsaupdater.exe,

Change it so that it reads:

C:\WINDOWS\System32\userinit.exe

That should solve the problem, if the malware was the one that caused the issue.

The scary thing is since more malware programs are inserting themselves into the winlogon key, this is going to be a moving target.

thank you for your help, i hope i wasnt confusing. Mrs. Gilmore

Edited by Mrsgilmore, 05 February 2009 - 10:00 AM.

Ok, I contracted trojan vundo and a host of other STD's and now I have the xp logon/logoff loop problem. But, I also have a unique situation. I have three hardrives all which have win xp pro installed. One hard drive is bootable the others aren't. looking at my infected hard drive I find that userinit.exe and wsaupdater do not exist. However, wsaupdater also does not exist on my functioning drive. Here is my plan: I'm going to compare the infected hard drive with the working one and investigate dissimilar files. My question(s):

Can I simply copy userinit.exe from one drive to the other or is that file unique to different setups?

Is wsaupdater required? (In my case apparently not)

Can I edit the registry of the infected drive while operating from the functioning one?

I have Norton 360 2009, I ran it on all drives but I still think the virus is in there somewhere. I am planning to run spybot next. Because of having three hard drives I anticipate the run taking two to three days. (Running Nortons took two).

I'm hoping to learn enough here to regain my full geek status and possibly join the team. Thanks for any and all help.

Timbo

#1
Mrsgilmore

Posted 05 February 2009 - 09:56 AM

Advertisements

#2
Timreid

Posted 03 March 2009 - 11:12 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us