Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1402
  • Last Modified:

windows stuck in login loop

I have customer running Windows XP Home, upgraded to SP2. He recently went to a web site and got a trojan cusing his computer to get stuck in a login loop. The computer boots to the login screen and when he selects any user login, the computer acts like it is loading the user settings, but it returns back to the login screen.

I have run Xoftspy to detect any spyware but it did not detect anyting. Unfortunately I cannot update the trojan adatabase file since I cannot login in ruinning full windows.

I can boot into safe mode OK. I checked to see if the registery entry for userinit.exe is pointing to wsaupdater.exe. It is not. There is no file wsaupdater.exe on the computer. The registry entry is c:\windows\system32\userinit.exe. The userinit.exe file is a 24K file dated 8/4/2004.

I am reluctant to perform a windows reinstallation since I have had problems in the past with some applications not running properly after the reinstall.

What recommendations do you have? Thanks in advance.

Kevin Becker

0
kcbecker
Asked:
kcbecker
  • 4
  • 3
  • 2
  • +4
4 Solutions
 
simpswrCommented:
Did you try a system restore while in safe mode?
0
 
rhickmottCommented:
The userinit.exe file sounds ok and is in the correct place. Mine is XP PRO sp2 and is the same size and dated 4 days prior to that.

Can you run userinit.exe from safe mode? because if its not working, or corrupted then the desktop will fail to load the system will just logout again as your experiancing.
0
 
kcbeckerAuthor Commented:
I did a system restore to a point approximately 1 month before the problem occured.

As for running userinit.exe; I assume it is running since I can get into safe mode and the destop appears to be intact. I can enter safemode via any user on the login screen.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
javeedabdulCommented:
what virus software have you tried

try this

download.com

free edition avg antivirus
ad-aware (lavasoft)

microsoft
window defender
Control Spy 2.0
 
 jut try this

to not to occur this kind of issue  try to make an image of OS+program image

this way even something  happen(like virus attact) you can resotre the image  back and  you up running  in 5 min .just likek fresh installation

try
nortonghost 7.5 or8 or 9

let me know the out come

cheers





window defender

ad-aware

0
 
fruitloopyCommented:
I have heard of an issue where because the security event log is full and wont allow users to logon. Apparantly the administrator can though. The fix is to disable the welcome screen and clear the event logs.
See if that fixes it.
You can get to the event viewer by right clicking My Computer and choosing Manage from the menu.
0
 
kcbeckerAuthor Commented:
Ran Ad-Aware using latest definitions in safe mode. Found win32.trojan.downloader and topmoxie. Clean both ojects off computer but still login loops.
Have not yet installed AVG.

How do you disable welcome screen?
0
 
DrAskeCommented:
take a look at this PAQ :
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_20972739.html 
I guess it has a good suggestions
0
 
fruitloopyCommented:
Disabling welcome screen:
http://www.petri.co.il/disable_the_welcome_screen_in_xp_pro.htm

Here's more details of the full security log bug in Windows, straight from MS themselves:
http://support.microsoft.com/default.aspx?scid=kb;en-us;313322 

This is an activated version of XP home isnt it? I have read that if you didnt activate after 30 days you cant login, when you do it just returns to the login screen. It is supposed to prompt you to activate but sometimes it doesnt.
0
 
kcbeckerAuthor Commented:
I have tried Fruitloopy's suggestion. I turned off the welcome screen and cleared the security log. This did not help.

I tried some of Javeedabdul"s suggestions. I ran Ad-aware and Norton Antivirus in safe mode. I found 2 ojects. Win32.trojan.download land topmoxie. These where removed. Still stuck in login loop.

I had some success with the PAQ from DrAske. I changed the userinit string in HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON from C:\WINDOWS\SYSTEM32\USERINIT.EXE, to C:\WINDOWS\EXPLORER.EXE, . I was able to login under normal windows. I ran AD-AWARE and NAV again and no oblects where found.
I changed the userinit string back to C:\WINDOWS\SYSTEM32\USERINIT.EXE, and rebooted. Stuck in the login loop.

I expaned userinit.ex_ from the windows CD that came with the computer to the system32 directory. Still stuck in the login loop.

Any ideas on what to ttry next?
0
 
javeedabdulCommented:
it means you have virus. whic blocking to start the computer  

u might need to run few more.
note if the virus is new or too old it might not get detected. who you trust when you have too many software.

the way i do to my customer is running some good software

try this in safemode as well its a good one  
www.bullguard.com

they have list of virus and utilty to go trhough

check this site as well. its my favourite. which might help  y ou
lot of information in it
http://www.kellys-korner-xp.com/xp.htm

i
here are few free and trial antivirus you can check them out and run them

All the big antivirus manfacturers offer free trials, some offer free for private use licenses as well:
http://nct.symantecstore.com/fulfill/0001.105 
http://download.mcafee.com/us/eval/evaluate2.asp 
http://www.bullguard.com 
http://www.f-prot.com/download/ 

free ones
http://www.grisoft.com/us/us_index.php 
http://www.free-av.com/ 
http://store.ca.com/dr/v2/ec_main.entry25? 
page=pyocantiarmor&client=ComputerAssociates&sid=35715&CID=183869
http://www.rushhohol.com/software/antivirus.htm 
http://reviews-zdnet.com.com/4520-7297_16-4208073.html 
http://www.gladiator-antivirus.com/ 
http://www.avast.com/eng/free_software.html 
http://www.bitdefender.com/index.php 
http://www.thefreecountry.com/security/antivirus.shtml 

should fix your problem
0
 
fruitloopyCommented:
There is a virus according to Sophos which replaces the MSGINA.DLL file (which is an essential file for logon authentication) with its own version. Even if the virus is detected and deleted the registry entries remain the same.

Open the registry editor and look for this entry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL = "C:\windows\system32\MS_GINA.DLL"

If its not there then dont worry.
If it is then change the entry to read:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL = "C:\windows\system32\MSGINA.DLL" (NOTE the underscore between MS and GINA.DLL, thats the difference)

You can read the Sophos report on the virus here:
http://www.sophos.com/security/analyses/trojginac.html

One thing that couldnt hurt is to replace the msgina.dll file with a working version from another similar computer. The file can be found in C;\Windows\System32.
0
 
kcbeckerAuthor Commented:
I have to terminate this job. The cost to the customer is climbing. I will reformat the hard drive. Thanks for all your help
0
 
waypointsupportCommented:
Its two years later and I would lovea resoultion on this issue, i have tried everything mentioned in this article, and I am having the same problems. PLS HLP!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 3
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now