Solved

Windows xp automatically logs off immediately after I log on

Posted on 2003-11-13
16
25,673 Views
Last Modified: 2011-08-18
Safe mode = no good, last known good = no good. :-)
System restore = no good.

All accounts, included administrator.

I figure it might be a trojan or a backdoor virus that has created the problem... but how do I get by it?
0
Comment
Question by:tomee73
  • 3
  • 2
  • 2
  • +8
16 Comments
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
0
 
LVL 49

Expert Comment

by:sunray_2003
Comment Utility
0
 
LVL 49

Expert Comment

by:sunray_2003
Comment Utility
0
 
LVL 15

Expert Comment

by:Rob Stone
Comment Utility
Check this link, although its for 2000 see if the symptoms are the same
http://support.microsoft.com/default.aspx?scid=kb;en-us;249321&Product=win2000
0
 

Author Comment

by:tomee73
Comment Utility
Thanks for the posts ppl.

Petelong I cannot access Recovery console at all...  error -> wrong admin pass. Also ntfs disk etc so manual Dos repair is a no no.

Sunray.. I cannot log into windoze so accessing web sites is kinda a challenge in itself :-) , an yes we figured reinstalling was a solution, but rather as a last resort.

Stoner79, I'll have a look at that one, accessing the registry pc over ipc$ that is.

Cheers
Tom
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 125 total points
Comment Utility
>>Petelong I cannot access Recovery console at all...  error -> wrong admin pass. Also ntfs disk etc so manual Dos repair is a no no.


just hit enter or

Windows  Password Recovery

Try the following,

First: Are you sure yove forgotton it? Try just hitting return (in case there is no password), Then try all the password you would usually use
remember passwords are CaSe senSiTive so try with the caps lock on and off, or capitalise the first "Letter"

NB. All these tools, and links are to third party tools and involve directly or indirectly changing the registry. I accept no responsibility for their use.

Your passwords are held (encrypted) in your registry and in youre "restore" directory. These tools edit one or more of these locations from a boot disk

Arm yourself with a blank (clean) Floppy Disk

Ive used this one on XP and it works

http://home.eunet.no/~pnordahl/ntpasswd/




Good Luck! PL
0
 

Author Comment

by:tomee73
Comment Utility
I've got the password right, it's blank, I still get the error msg, 3 times and away we go, quite weird really.

btw I've used P. Nordals Password tool too earlier with great success, awesome tool that one. :-)

thx still Pete


Tom
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
:0)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
Comment Utility
btw......what OS do u have.....XP PRO or XP HOME??

if it's XP HOME then check for the activation of ur windows XP Home Edition......
coz this was happened with me when i didn't activate my windows.....and after about one month windows didn't allow me to login in any way......not sure but may be the same problem is happening with u :)
0
 

Expert Comment

by:skyeflye
Comment Utility
For anybody that is having this problem, one possible (and likely) solution is below. It worked for me.
I found this as the answer to another question on this same topic. I write the below based on an answer originally written by "Uritsukidoji" AKA "Wiebe". I just extrapolated a bit more to hopefully make it easier for less experienced users.

If you've just run AdAware by LavaSoft, check this out.

http://www.lavasofthelp.com/articles/v6/04/06/0901.html

basically do this:

- start the XP repair console by booting from your original Windows XP CD.
- Follow the onscreen instructions to launch the "Repair Console" (you hit the R key)
- It will ask which Windows XP Installation you want to repair even if there is only one single Windows XP installation on your computer. If this is the case (you only installed Windows XP once on one drive), then just enter "1" and hit return.
- If you are asked for an administrator password and you never set one, then just leave that line blank and hit return.
- You will then see a prompt that says:

C:\WINDOWS>

...and it is just waiting for you to type something.

Type in the following command, then hit the enter key:
 
copy c:\windows\system32\userinit.exe c:\windows\system32\wsautoupdater.exe

This makes a copy of a file called "userinit.exe" named "wsaupdater.exe". You see, a piece of spyware on your computer messed with your Registry and caused your bootup sequence to look for a file named "wsaupdater.exe" instead of "userinit.exe". I know...it's really freekin' weird. But apparently that is what happens. Now that you have made a copy of "userinit.exe" named "wsaupdater.exe" you will be able to log in normally.

- type "exit" and press the Enter key to exit the recovery console and reboot your computer. Be sure to remove your Windows XP CD from the CD-ROM drive so your computer will boot from the Hard Drive like normal.

- Now you need to run a program called "regedit" by clicking your start menu, then clicking "run". Then in the little box that appears type "regedit" (without the qoutes), and press return.

Editing your registry can be tricky, so pay attention!! If you don't know what you are doing or are scared, then see the above link to the Lavasoft website which links to more detailed info on Microsoft's site. If that doesn't help then call your favorite geek. But if you're ready to dive in, and if you've made it this far, then this part really is pretty simple...just pay attention and double check everything before each click!!!

- Navigate to the  the following registry value by expanding the appropriate "folders" inside the Registry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

- You will see that the value of the Userinit key is incorrectly set to "wsaupdater.exe," (without the quotes)

- All you need to do is change this value to be "userinit.exe," (DO NOT INCLUDE THE QUOTES and DO NOT FORGET THE COMMA AT THE END!!)

- Now you just exit regedit. You can feel free to delete the file you created earlier at:

C:\WINDOWS\System32\wsaupdater.exe (you can now safely delete this file, but you may want to reboot again first, just to be sure...then you can delete it).

Then, reboot your system again.

All is well!

-THEO-

(Big thanks to "Uritsukidoji" AKA "Wiebe" for posting the sumarized (advanced) version of this solution originally.)
0
 
LVL 10

Expert Comment

by:Cro0707
Comment Utility
I have similar problem with one user:
Under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit it was:
"C:\Windows\..." but his correct OS path was "C:\WinNT\...", so I have changed it to "C:\WinNT\... and problem has been solved.
0
 

Expert Comment

by:sraley
Comment Utility
I have same problem and made the wsautoupdater.exe copy and that didn't fix the problem, safe mode with administrator logs in and off automatically. Have taken out drive and attached to a pc and scanned and removed normal spyware cookies and things but had no viruses or anything.
0
 

Expert Comment

by:CaveMike
Comment Utility
sraley, I had the same problem, but the registry was not replaced with 'wsaupdater.exe', but 'userints.exe' instead.  

I resolved it with the instructions above.  I used ntpasswd to fix the registry.  I assume I could have used the Repair solution as well if I had copied userinit.exe to userints.exe.
0
 
LVL 7

Expert Comment

by:ManicD
Comment Utility
Just resolved same issue, in my case the userinit.exe file was missing, i copied from another copy of windows and pasted in and all was well.
0
 

Expert Comment

by:Jsmply
Comment Utility
Hey everyone.  I know this question was resolved, but I figured I would add something useful to help others who have the same problem.  As CaveMike said above, sometimes the registry entry does not neccesarily get changed to point to wsaupdater.exe.  His was pointed to userints.exe.  I just repaired a system whose registry entry was pointed at winlogon32.exe.  There was no way for me to keep guessing what it was pointed too, therefore it makes copying it from c:\windows\system32\userinit.exe sort of impossible.  I used a BartPE Boot CD to load the registry and see what it's pointed to (in my case, winlogon32.exe) and as long as I'm there I just fixed the registry instead of copying the file over.  At that point, I was able to boot back in.  

If anyone else has this problem, there is a walk through for editing the registry via the Bart PE CD.  As with all registry edits, be careful though!

http://windowsxp.mvps.org/peboot.htm
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now