windows stuck in login loop

Posted on 2006-06-27
Last Modified: 2012-06-27
I have customer running Windows XP Home, upgraded to SP2. He recently went to a web site and got a trojan cusing his computer to get stuck in a login loop. The computer boots to the login screen and when he selects any user login, the computer acts like it is loading the user settings, but it returns back to the login screen.

I have run Xoftspy to detect any spyware but it did not detect anyting. Unfortunately I cannot update the trojan adatabase file since I cannot login in ruinning full windows.

I can boot into safe mode OK. I checked to see if the registery entry for userinit.exe is pointing to wsaupdater.exe. It is not. There is no file wsaupdater.exe on the computer. The registry entry is c:\windows\system32\userinit.exe. The userinit.exe file is a 24K file dated 8/4/2004.

I am reluctant to perform a windows reinstallation since I have had problems in the past with some applications not running properly after the reinstall.

What recommendations do you have? Thanks in advance.

Kevin Becker

Question by:kcbecker
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +4
LVL 19

Expert Comment

ID: 16992550
Did you try a system restore while in safe mode?
LVL 13

Assisted Solution

rhickmott earned 50 total points
ID: 16992662
The userinit.exe file sounds ok and is in the correct place. Mine is XP PRO sp2 and is the same size and dated 4 days prior to that.

Can you run userinit.exe from safe mode? because if its not working, or corrupted then the desktop will fail to load the system will just logout again as your experiancing.

Author Comment

ID: 16992817
I did a system restore to a point approximately 1 month before the problem occured.

As for running userinit.exe; I assume it is running since I can get into safe mode and the destop appears to be intact. I can enter safemode via any user on the login screen.
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.


Expert Comment

ID: 16993427
what virus software have you tried

try this

free edition avg antivirus
ad-aware (lavasoft)

window defender
Control Spy 2.0
 jut try this

to not to occur this kind of issue  try to make an image of OS+program image

this way even something  happen(like virus attact) you can resotre the image  back and  you up running  in 5 min .just likek fresh installation

nortonghost 7.5 or8 or 9

let me know the out come


window defender



Expert Comment

ID: 16993931
I have heard of an issue where because the security event log is full and wont allow users to logon. Apparantly the administrator can though. The fix is to disable the welcome screen and clear the event logs.
See if that fixes it.
You can get to the event viewer by right clicking My Computer and choosing Manage from the menu.

Author Comment

ID: 16994234
Ran Ad-Aware using latest definitions in safe mode. Found win32.trojan.downloader and topmoxie. Clean both ojects off computer but still login loops.
Have not yet installed AVG.

How do you disable welcome screen?

Accepted Solution

DrAske earned 100 total points
ID: 16995118
take a look at this PAQ : 
I guess it has a good suggestions

Expert Comment

ID: 16999138
Disabling welcome screen:

Here's more details of the full security log bug in Windows, straight from MS themselves:;en-us;313322 

This is an activated version of XP home isnt it? I have read that if you didnt activate after 30 days you cant login, when you do it just returns to the login screen. It is supposed to prompt you to activate but sometimes it doesnt.

Author Comment

ID: 17003032
I have tried Fruitloopy's suggestion. I turned off the welcome screen and cleared the security log. This did not help.

I tried some of Javeedabdul"s suggestions. I ran Ad-aware and Norton Antivirus in safe mode. I found 2 ojects. land topmoxie. These where removed. Still stuck in login loop.

I had some success with the PAQ from DrAske. I changed the userinit string in HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON from C:\WINDOWS\SYSTEM32\USERINIT.EXE, to C:\WINDOWS\EXPLORER.EXE, . I was able to login under normal windows. I ran AD-AWARE and NAV again and no oblects where found.
I changed the userinit string back to C:\WINDOWS\SYSTEM32\USERINIT.EXE, and rebooted. Stuck in the login loop.

I expaned userinit.ex_ from the windows CD that came with the computer to the system32 directory. Still stuck in the login loop.

Any ideas on what to ttry next?

Assisted Solution

javeedabdul earned 50 total points
ID: 17007597
it means you have virus. whic blocking to start the computer  

u might need to run few more.
note if the virus is new or too old it might not get detected. who you trust when you have too many software.

the way i do to my customer is running some good software

try this in safemode as well its a good one

they have list of virus and utilty to go trhough

check this site as well. its my favourite. which might help  y ou
lot of information in it

here are few free and trial antivirus you can check them out and run them

All the big antivirus manfacturers offer free trials, some offer free for private use licenses as well: 

free ones 

should fix your problem

Assisted Solution

fruitloopy earned 50 total points
ID: 17007811
There is a virus according to Sophos which replaces the MSGINA.DLL file (which is an essential file for logon authentication) with its own version. Even if the virus is detected and deleted the registry entries remain the same.

Open the registry editor and look for this entry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL = "C:\windows\system32\MS_GINA.DLL"

If its not there then dont worry.
If it is then change the entry to read:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL = "C:\windows\system32\MSGINA.DLL" (NOTE the underscore between MS and GINA.DLL, thats the difference)

You can read the Sophos report on the virus here:

One thing that couldnt hurt is to replace the msgina.dll file with a working version from another similar computer. The file can be found in C;\Windows\System32.

Author Comment

ID: 17017317
I have to terminate this job. The cost to the customer is climbing. I will reformat the hard drive. Thanks for all your help

Expert Comment

ID: 22661679
Its two years later and I would lovea resoultion on this issue, i have tried everything mentioned in this article, and I am having the same problems. PLS HLP!

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL ( and MongoDB (…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question