Windows xp automatically logs off immediately after I log on

Posted on 2003-11-13
Last Modified: 2011-08-18
Safe mode = no good, last known good = no good. :-)
System restore = no good.

All accounts, included administrator.

I figure it might be a trojan or a backdoor virus that has created the problem... but how do I get by it?
Question by:tomee73
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +8
LVL 57

Expert Comment

by:Pete Long
ID: 9738818
LVL 49

Expert Comment

ID: 9739027
LVL 49

Expert Comment

ID: 9739031
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

LVL 15

Expert Comment

by:Rob Stone
ID: 9740280
Check this link, although its for 2000 see if the symptoms are the same;en-us;249321&Product=win2000

Author Comment

ID: 9742177
Thanks for the posts ppl.

Petelong I cannot access Recovery console at all...  error -> wrong admin pass. Also ntfs disk etc so manual Dos repair is a no no.

Sunray.. I cannot log into windoze so accessing web sites is kinda a challenge in itself :-) , an yes we figured reinstalling was a solution, but rather as a last resort.

Stoner79, I'll have a look at that one, accessing the registry pc over ipc$ that is.

LVL 57

Accepted Solution

Pete Long earned 125 total points
ID: 9742212
>>Petelong I cannot access Recovery console at all...  error -> wrong admin pass. Also ntfs disk etc so manual Dos repair is a no no.

just hit enter or

Windows  Password Recovery

Try the following,

First: Are you sure yove forgotton it? Try just hitting return (in case there is no password), Then try all the password you would usually use
remember passwords are CaSe senSiTive so try with the caps lock on and off, or capitalise the first "Letter"

NB. All these tools, and links are to third party tools and involve directly or indirectly changing the registry. I accept no responsibility for their use.

Your passwords are held (encrypted) in your registry and in youre "restore" directory. These tools edit one or more of these locations from a boot disk

Arm yourself with a blank (clean) Floppy Disk

Ive used this one on XP and it works

Good Luck! PL

Author Comment

ID: 9742389
I've got the password right, it's blank, I still get the error msg, 3 times and away we go, quite weird really.

btw I've used P. Nordals Password tool too earlier with great success, awesome tool that one. :-)

thx still Pete

LVL 57

Expert Comment

by:Pete Long
ID: 9742551
LVL 65

Expert Comment

ID: 9757182
btw......what OS do u have.....XP PRO or XP HOME??

if it's XP HOME then check for the activation of ur windows XP Home Edition......
coz this was happened with me when i didn't activate my windows.....and after about one month windows didn't allow me to login in any way......not sure but may be the same problem is happening with u :)

Expert Comment

ID: 12050615
For anybody that is having this problem, one possible (and likely) solution is below. It worked for me.
I found this as the answer to another question on this same topic. I write the below based on an answer originally written by "Uritsukidoji" AKA "Wiebe". I just extrapolated a bit more to hopefully make it easier for less experienced users.

If you've just run AdAware by LavaSoft, check this out.

basically do this:

- start the XP repair console by booting from your original Windows XP CD.
- Follow the onscreen instructions to launch the "Repair Console" (you hit the R key)
- It will ask which Windows XP Installation you want to repair even if there is only one single Windows XP installation on your computer. If this is the case (you only installed Windows XP once on one drive), then just enter "1" and hit return.
- If you are asked for an administrator password and you never set one, then just leave that line blank and hit return.
- You will then see a prompt that says:


...and it is just waiting for you to type something.

Type in the following command, then hit the enter key:
copy c:\windows\system32\userinit.exe c:\windows\system32\wsautoupdater.exe

This makes a copy of a file called "userinit.exe" named "wsaupdater.exe". You see, a piece of spyware on your computer messed with your Registry and caused your bootup sequence to look for a file named "wsaupdater.exe" instead of "userinit.exe". I's really freekin' weird. But apparently that is what happens. Now that you have made a copy of "userinit.exe" named "wsaupdater.exe" you will be able to log in normally.

- type "exit" and press the Enter key to exit the recovery console and reboot your computer. Be sure to remove your Windows XP CD from the CD-ROM drive so your computer will boot from the Hard Drive like normal.

- Now you need to run a program called "regedit" by clicking your start menu, then clicking "run". Then in the little box that appears type "regedit" (without the qoutes), and press return.

Editing your registry can be tricky, so pay attention!! If you don't know what you are doing or are scared, then see the above link to the Lavasoft website which links to more detailed info on Microsoft's site. If that doesn't help then call your favorite geek. But if you're ready to dive in, and if you've made it this far, then this part really is pretty simple...just pay attention and double check everything before each click!!!

- Navigate to the  the following registry value by expanding the appropriate "folders" inside the Registry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

- You will see that the value of the Userinit key is incorrectly set to "wsaupdater.exe," (without the quotes)

- All you need to do is change this value to be "userinit.exe," (DO NOT INCLUDE THE QUOTES and DO NOT FORGET THE COMMA AT THE END!!)

- Now you just exit regedit. You can feel free to delete the file you created earlier at:

C:\WINDOWS\System32\wsaupdater.exe (you can now safely delete this file, but you may want to reboot again first, just to be sure...then you can delete it).

Then, reboot your system again.

All is well!


(Big thanks to "Uritsukidoji" AKA "Wiebe" for posting the sumarized (advanced) version of this solution originally.)
LVL 10

Expert Comment

ID: 21649686
I have similar problem with one user:
Under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit it was:
"C:\Windows\..." but his correct OS path was "C:\WinNT\...", so I have changed it to "C:\WinNT\... and problem has been solved.

Expert Comment

ID: 21915783
I have same problem and made the wsautoupdater.exe copy and that didn't fix the problem, safe mode with administrator logs in and off automatically. Have taken out drive and attached to a pc and scanned and removed normal spyware cookies and things but had no viruses or anything.

Expert Comment

ID: 22263205
sraley, I had the same problem, but the registry was not replaced with 'wsaupdater.exe', but 'userints.exe' instead.  

I resolved it with the instructions above.  I used ntpasswd to fix the registry.  I assume I could have used the Repair solution as well if I had copied userinit.exe to userints.exe.

Expert Comment

ID: 25504113
Just resolved same issue, in my case the userinit.exe file was missing, i copied from another copy of windows and pasted in and all was well.

Expert Comment

ID: 26366410
Hey everyone.  I know this question was resolved, but I figured I would add something useful to help others who have the same problem.  As CaveMike said above, sometimes the registry entry does not neccesarily get changed to point to wsaupdater.exe.  His was pointed to userints.exe.  I just repaired a system whose registry entry was pointed at winlogon32.exe.  There was no way for me to keep guessing what it was pointed too, therefore it makes copying it from c:\windows\system32\userinit.exe sort of impossible.  I used a BartPE Boot CD to load the registry and see what it's pointed to (in my case, winlogon32.exe) and as long as I'm there I just fixed the registry instead of copying the file over.  At that point, I was able to boot back in.  

If anyone else has this problem, there is a walk through for editing the registry via the Bart PE CD.  As with all registry edits, be careful though!

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IE stops ANY website from loading because of Data Execution Prevention (DEP). 6 129
Application Not Found 3 104
symbolic link problem 6 109
windows explorer default details view 10 98
There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like, I've seen routers with default values of:,,, …
Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question