?
Solved

Windows xp automatically logs off immediately after I log on

Posted on 2003-11-13
16
Medium Priority
?
25,698 Views
Last Modified: 2011-08-18
Safe mode = no good, last known good = no good. :-)
System restore = no good.

All accounts, included administrator.

I figure it might be a trojan or a backdoor virus that has created the problem... but how do I get by it?
0
Comment
Question by:tomee73
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +8
16 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 9738818
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9739031
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 15

Expert Comment

by:Rob Stone
ID: 9740280
Check this link, although its for 2000 see if the symptoms are the same
http://support.microsoft.com/default.aspx?scid=kb;en-us;249321&Product=win2000
0
 

Author Comment

by:tomee73
ID: 9742177
Thanks for the posts ppl.

Petelong I cannot access Recovery console at all...  error -> wrong admin pass. Also ntfs disk etc so manual Dos repair is a no no.

Sunray.. I cannot log into windoze so accessing web sites is kinda a challenge in itself :-) , an yes we figured reinstalling was a solution, but rather as a last resort.

Stoner79, I'll have a look at that one, accessing the registry pc over ipc$ that is.

Cheers
Tom
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 250 total points
ID: 9742212
>>Petelong I cannot access Recovery console at all...  error -> wrong admin pass. Also ntfs disk etc so manual Dos repair is a no no.


just hit enter or

Windows  Password Recovery

Try the following,

First: Are you sure yove forgotton it? Try just hitting return (in case there is no password), Then try all the password you would usually use
remember passwords are CaSe senSiTive so try with the caps lock on and off, or capitalise the first "Letter"

NB. All these tools, and links are to third party tools and involve directly or indirectly changing the registry. I accept no responsibility for their use.

Your passwords are held (encrypted) in your registry and in youre "restore" directory. These tools edit one or more of these locations from a boot disk

Arm yourself with a blank (clean) Floppy Disk

Ive used this one on XP and it works

http://home.eunet.no/~pnordahl/ntpasswd/




Good Luck! PL
0
 

Author Comment

by:tomee73
ID: 9742389
I've got the password right, it's blank, I still get the error msg, 3 times and away we go, quite weird really.

btw I've used P. Nordals Password tool too earlier with great success, awesome tool that one. :-)

thx still Pete


Tom
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9742551
:0)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 9757182
btw......what OS do u have.....XP PRO or XP HOME??

if it's XP HOME then check for the activation of ur windows XP Home Edition......
coz this was happened with me when i didn't activate my windows.....and after about one month windows didn't allow me to login in any way......not sure but may be the same problem is happening with u :)
0
 

Expert Comment

by:skyeflye
ID: 12050615
For anybody that is having this problem, one possible (and likely) solution is below. It worked for me.
I found this as the answer to another question on this same topic. I write the below based on an answer originally written by "Uritsukidoji" AKA "Wiebe". I just extrapolated a bit more to hopefully make it easier for less experienced users.

If you've just run AdAware by LavaSoft, check this out.

http://www.lavasofthelp.com/articles/v6/04/06/0901.html

basically do this:

- start the XP repair console by booting from your original Windows XP CD.
- Follow the onscreen instructions to launch the "Repair Console" (you hit the R key)
- It will ask which Windows XP Installation you want to repair even if there is only one single Windows XP installation on your computer. If this is the case (you only installed Windows XP once on one drive), then just enter "1" and hit return.
- If you are asked for an administrator password and you never set one, then just leave that line blank and hit return.
- You will then see a prompt that says:

C:\WINDOWS>

...and it is just waiting for you to type something.

Type in the following command, then hit the enter key:
 
copy c:\windows\system32\userinit.exe c:\windows\system32\wsautoupdater.exe

This makes a copy of a file called "userinit.exe" named "wsaupdater.exe". You see, a piece of spyware on your computer messed with your Registry and caused your bootup sequence to look for a file named "wsaupdater.exe" instead of "userinit.exe". I know...it's really freekin' weird. But apparently that is what happens. Now that you have made a copy of "userinit.exe" named "wsaupdater.exe" you will be able to log in normally.

- type "exit" and press the Enter key to exit the recovery console and reboot your computer. Be sure to remove your Windows XP CD from the CD-ROM drive so your computer will boot from the Hard Drive like normal.

- Now you need to run a program called "regedit" by clicking your start menu, then clicking "run". Then in the little box that appears type "regedit" (without the qoutes), and press return.

Editing your registry can be tricky, so pay attention!! If you don't know what you are doing or are scared, then see the above link to the Lavasoft website which links to more detailed info on Microsoft's site. If that doesn't help then call your favorite geek. But if you're ready to dive in, and if you've made it this far, then this part really is pretty simple...just pay attention and double check everything before each click!!!

- Navigate to the  the following registry value by expanding the appropriate "folders" inside the Registry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

- You will see that the value of the Userinit key is incorrectly set to "wsaupdater.exe," (without the quotes)

- All you need to do is change this value to be "userinit.exe," (DO NOT INCLUDE THE QUOTES and DO NOT FORGET THE COMMA AT THE END!!)

- Now you just exit regedit. You can feel free to delete the file you created earlier at:

C:\WINDOWS\System32\wsaupdater.exe (you can now safely delete this file, but you may want to reboot again first, just to be sure...then you can delete it).

Then, reboot your system again.

All is well!

-THEO-

(Big thanks to "Uritsukidoji" AKA "Wiebe" for posting the sumarized (advanced) version of this solution originally.)
0
 
LVL 10

Expert Comment

by:Cro0707
ID: 21649686
I have similar problem with one user:
Under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit it was:
"C:\Windows\..." but his correct OS path was "C:\WinNT\...", so I have changed it to "C:\WinNT\... and problem has been solved.
0
 

Expert Comment

by:sraley
ID: 21915783
I have same problem and made the wsautoupdater.exe copy and that didn't fix the problem, safe mode with administrator logs in and off automatically. Have taken out drive and attached to a pc and scanned and removed normal spyware cookies and things but had no viruses or anything.
0
 

Expert Comment

by:CaveMike
ID: 22263205
sraley, I had the same problem, but the registry was not replaced with 'wsaupdater.exe', but 'userints.exe' instead.  

I resolved it with the instructions above.  I used ntpasswd to fix the registry.  I assume I could have used the Repair solution as well if I had copied userinit.exe to userints.exe.
0
 
LVL 7

Expert Comment

by:ManicD
ID: 25504113
Just resolved same issue, in my case the userinit.exe file was missing, i copied from another copy of windows and pasted in and all was well.
0
 

Expert Comment

by:Jsmply
ID: 26366410
Hey everyone.  I know this question was resolved, but I figured I would add something useful to help others who have the same problem.  As CaveMike said above, sometimes the registry entry does not neccesarily get changed to point to wsaupdater.exe.  His was pointed to userints.exe.  I just repaired a system whose registry entry was pointed at winlogon32.exe.  There was no way for me to keep guessing what it was pointed too, therefore it makes copying it from c:\windows\system32\userinit.exe sort of impossible.  I used a BartPE Boot CD to load the registry and see what it's pointed to (in my case, winlogon32.exe) and as long as I'm there I just fixed the registry instead of copying the file over.  At that point, I was able to boot back in.  

If anyone else has this problem, there is a walk through for editing the registry via the Bart PE CD.  As with all registry edits, be careful though!

http://windowsxp.mvps.org/peboot.htm
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question