kcbecker
asked on
windows stuck in login loop
I have customer running Windows XP Home, upgraded to SP2. He recently went to a web site and got a trojan cusing his computer to get stuck in a login loop. The computer boots to the login screen and when he selects any user login, the computer acts like it is loading the user settings, but it returns back to the login screen.
I have run Xoftspy to detect any spyware but it did not detect anyting. Unfortunately I cannot update the trojan adatabase file since I cannot login in ruinning full windows.
I can boot into safe mode OK. I checked to see if the registery entry for userinit.exe is pointing to wsaupdater.exe. It is not. There is no file wsaupdater.exe on the computer. The registry entry is c:\windows\system32\userin it.exe. The userinit.exe file is a 24K file dated 8/4/2004.
I am reluctant to perform a windows reinstallation since I have had problems in the past with some applications not running properly after the reinstall.
What recommendations do you have? Thanks in advance.
Kevin Becker
I have run Xoftspy to detect any spyware but it did not detect anyting. Unfortunately I cannot update the trojan adatabase file since I cannot login in ruinning full windows.
I can boot into safe mode OK. I checked to see if the registery entry for userinit.exe is pointing to wsaupdater.exe. It is not. There is no file wsaupdater.exe on the computer. The registry entry is c:\windows\system32\userin
I am reluctant to perform a windows reinstallation since I have had problems in the past with some applications not running properly after the reinstall.
What recommendations do you have? Thanks in advance.
Kevin Becker
Did you try a system restore while in safe mode?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did a system restore to a point approximately 1 month before the problem occured.
As for running userinit.exe; I assume it is running since I can get into safe mode and the destop appears to be intact. I can enter safemode via any user on the login screen.
As for running userinit.exe; I assume it is running since I can get into safe mode and the destop appears to be intact. I can enter safemode via any user on the login screen.
what virus software have you tried
try this
download.com
free edition avg antivirus
ad-aware (lavasoft)
microsoft
window defender
Control Spy 2.0
jut try this
to not to occur this kind of issue try to make an image of OS+program image
this way even something happen(like virus attact) you can resotre the image back and you up running in 5 min .just likek fresh installation
try
nortonghost 7.5 or8 or 9
let me know the out come
cheers
window defender
ad-aware
try this
download.com
free edition avg antivirus
ad-aware (lavasoft)
microsoft
window defender
Control Spy 2.0
jut try this
to not to occur this kind of issue try to make an image of OS+program image
this way even something happen(like virus attact) you can resotre the image back and you up running in 5 min .just likek fresh installation
try
nortonghost 7.5 or8 or 9
let me know the out come
cheers
window defender
ad-aware
I have heard of an issue where because the security event log is full and wont allow users to logon. Apparantly the administrator can though. The fix is to disable the welcome screen and clear the event logs.
See if that fixes it.
You can get to the event viewer by right clicking My Computer and choosing Manage from the menu.
See if that fixes it.
You can get to the event viewer by right clicking My Computer and choosing Manage from the menu.
ASKER
Ran Ad-Aware using latest definitions in safe mode. Found win32.trojan.downloader and topmoxie. Clean both ojects off computer but still login loops.
Have not yet installed AVG.
How do you disable welcome screen?
Have not yet installed AVG.
How do you disable welcome screen?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Disabling welcome screen:
http://www.petri.co.il/disable_the_welcome_screen_in_xp_pro.htm
Here's more details of the full security log bug in Windows, straight from MS themselves:
http://support.microsoft.com/default.aspx?scid=kb;en-us;313322
This is an activated version of XP home isnt it? I have read that if you didnt activate after 30 days you cant login, when you do it just returns to the login screen. It is supposed to prompt you to activate but sometimes it doesnt.
http://www.petri.co.il/disable_the_welcome_screen_in_xp_pro.htm
Here's more details of the full security log bug in Windows, straight from MS themselves:
http://support.microsoft.com/default.aspx?scid=kb;en-us;313322
This is an activated version of XP home isnt it? I have read that if you didnt activate after 30 days you cant login, when you do it just returns to the login screen. It is supposed to prompt you to activate but sometimes it doesnt.
ASKER
I have tried Fruitloopy's suggestion. I turned off the welcome screen and cleared the security log. This did not help.
I tried some of Javeedabdul"s suggestions. I ran Ad-aware and Norton Antivirus in safe mode. I found 2 ojects. Win32.trojan.download land topmoxie. These where removed. Still stuck in login loop.
I had some success with the PAQ from DrAske. I changed the userinit string in HKEY_LOCAL_MACHINE\SOFTWAR E\MICROSOF T\WINDOWS NT\CURRENTVERSION\WINLOGON from C:\WINDOWS\SYSTEM32\USERIN IT.EXE, to C:\WINDOWS\EXPLORER.EXE, . I was able to login under normal windows. I ran AD-AWARE and NAV again and no oblects where found.
I changed the userinit string back to C:\WINDOWS\SYSTEM32\USERIN IT.EXE, and rebooted. Stuck in the login loop.
I expaned userinit.ex_ from the windows CD that came with the computer to the system32 directory. Still stuck in the login loop.
Any ideas on what to ttry next?
I tried some of Javeedabdul"s suggestions. I ran Ad-aware and Norton Antivirus in safe mode. I found 2 ojects. Win32.trojan.download land topmoxie. These where removed. Still stuck in login loop.
I had some success with the PAQ from DrAske. I changed the userinit string in HKEY_LOCAL_MACHINE\SOFTWAR
I changed the userinit string back to C:\WINDOWS\SYSTEM32\USERIN
I expaned userinit.ex_ from the windows CD that came with the computer to the system32 directory. Still stuck in the login loop.
Any ideas on what to ttry next?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have to terminate this job. The cost to the customer is climbing. I will reformat the hard drive. Thanks for all your help
Its two years later and I would lovea resoultion on this issue, i have tried everything mentioned in this article, and I am having the same problems. PLS HLP!