Windows xp automatically logs off immediately after I log on

Safe mode = no good, last known good = no good. :-)
System restore = no good.

All accounts, included administrator.

I figure it might be a trojan or a backdoor virus that has created the problem... but how do I get by it?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Rob StoneCommented:
Check this link, although its for 2000 see if the symptoms are the same;en-us;249321&Product=win2000
tomee73Author Commented:
Thanks for the posts ppl.

Petelong I cannot access Recovery console at all...  error -> wrong admin pass. Also ntfs disk etc so manual Dos repair is a no no.

Sunray.. I cannot log into windoze so accessing web sites is kinda a challenge in itself :-) , an yes we figured reinstalling was a solution, but rather as a last resort.

Stoner79, I'll have a look at that one, accessing the registry pc over ipc$ that is.

Pete LongTechnical ConsultantCommented:
>>Petelong I cannot access Recovery console at all...  error -> wrong admin pass. Also ntfs disk etc so manual Dos repair is a no no.

just hit enter or

Windows  Password Recovery

Try the following,

First: Are you sure yove forgotton it? Try just hitting return (in case there is no password), Then try all the password you would usually use
remember passwords are CaSe senSiTive so try with the caps lock on and off, or capitalise the first "Letter"

NB. All these tools, and links are to third party tools and involve directly or indirectly changing the registry. I accept no responsibility for their use.

Your passwords are held (encrypted) in your registry and in youre "restore" directory. These tools edit one or more of these locations from a boot disk

Arm yourself with a blank (clean) Floppy Disk

Ive used this one on XP and it works

Good Luck! PL

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tomee73Author Commented:
I've got the password right, it's blank, I still get the error msg, 3 times and away we go, quite weird really.

btw I've used P. Nordals Password tool too earlier with great success, awesome tool that one. :-)

thx still Pete

Pete LongTechnical ConsultantCommented:
btw......what OS do u have.....XP PRO or XP HOME??

if it's XP HOME then check for the activation of ur windows XP Home Edition......
coz this was happened with me when i didn't activate my windows.....and after about one month windows didn't allow me to login in any way......not sure but may be the same problem is happening with u :)
For anybody that is having this problem, one possible (and likely) solution is below. It worked for me.
I found this as the answer to another question on this same topic. I write the below based on an answer originally written by "Uritsukidoji" AKA "Wiebe". I just extrapolated a bit more to hopefully make it easier for less experienced users.

If you've just run AdAware by LavaSoft, check this out.

basically do this:

- start the XP repair console by booting from your original Windows XP CD.
- Follow the onscreen instructions to launch the "Repair Console" (you hit the R key)
- It will ask which Windows XP Installation you want to repair even if there is only one single Windows XP installation on your computer. If this is the case (you only installed Windows XP once on one drive), then just enter "1" and hit return.
- If you are asked for an administrator password and you never set one, then just leave that line blank and hit return.
- You will then see a prompt that says:


...and it is just waiting for you to type something.

Type in the following command, then hit the enter key:
copy c:\windows\system32\userinit.exe c:\windows\system32\wsautoupdater.exe

This makes a copy of a file called "userinit.exe" named "wsaupdater.exe". You see, a piece of spyware on your computer messed with your Registry and caused your bootup sequence to look for a file named "wsaupdater.exe" instead of "userinit.exe". I's really freekin' weird. But apparently that is what happens. Now that you have made a copy of "userinit.exe" named "wsaupdater.exe" you will be able to log in normally.

- type "exit" and press the Enter key to exit the recovery console and reboot your computer. Be sure to remove your Windows XP CD from the CD-ROM drive so your computer will boot from the Hard Drive like normal.

- Now you need to run a program called "regedit" by clicking your start menu, then clicking "run". Then in the little box that appears type "regedit" (without the qoutes), and press return.

Editing your registry can be tricky, so pay attention!! If you don't know what you are doing or are scared, then see the above link to the Lavasoft website which links to more detailed info on Microsoft's site. If that doesn't help then call your favorite geek. But if you're ready to dive in, and if you've made it this far, then this part really is pretty simple...just pay attention and double check everything before each click!!!

- Navigate to the  the following registry value by expanding the appropriate "folders" inside the Registry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

- You will see that the value of the Userinit key is incorrectly set to "wsaupdater.exe," (without the quotes)

- All you need to do is change this value to be "userinit.exe," (DO NOT INCLUDE THE QUOTES and DO NOT FORGET THE COMMA AT THE END!!)

- Now you just exit regedit. You can feel free to delete the file you created earlier at:

C:\WINDOWS\System32\wsaupdater.exe (you can now safely delete this file, but you may want to reboot again first, just to be sure...then you can delete it).

Then, reboot your system again.

All is well!


(Big thanks to "Uritsukidoji" AKA "Wiebe" for posting the sumarized (advanced) version of this solution originally.)
I have similar problem with one user:
Under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit it was:
"C:\Windows\..." but his correct OS path was "C:\WinNT\...", so I have changed it to "C:\WinNT\... and problem has been solved.
I have same problem and made the wsautoupdater.exe copy and that didn't fix the problem, safe mode with administrator logs in and off automatically. Have taken out drive and attached to a pc and scanned and removed normal spyware cookies and things but had no viruses or anything.
sraley, I had the same problem, but the registry was not replaced with 'wsaupdater.exe', but 'userints.exe' instead.  

I resolved it with the instructions above.  I used ntpasswd to fix the registry.  I assume I could have used the Repair solution as well if I had copied userinit.exe to userints.exe.
Just resolved same issue, in my case the userinit.exe file was missing, i copied from another copy of windows and pasted in and all was well.
Hey everyone.  I know this question was resolved, but I figured I would add something useful to help others who have the same problem.  As CaveMike said above, sometimes the registry entry does not neccesarily get changed to point to wsaupdater.exe.  His was pointed to userints.exe.  I just repaired a system whose registry entry was pointed at winlogon32.exe.  There was no way for me to keep guessing what it was pointed too, therefore it makes copying it from c:\windows\system32\userinit.exe sort of impossible.  I used a BartPE Boot CD to load the registry and see what it's pointed to (in my case, winlogon32.exe) and as long as I'm there I just fixed the registry instead of copying the file over.  At that point, I was able to boot back in.  

If anyone else has this problem, there is a walk through for editing the registry via the Bart PE CD.  As with all registry edits, be careful though!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.