• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1346
  • Last Modified:

windows logs off immediately after loggon

after we cleared a virus from this computer we cannot get it to logon without it returning back to the logon screen, this happens in safe mode as well.
Prior to this it would not run any software  " you do not have sufficient rights to run this software" was the message when we tried to run SFC or regedit
0
james Mckenzie
Asked:
james Mckenzie
  • 4
  • 3
  • 2
  • +5
2 Solutions
 
laskovdCommented:
Hi  Mainsystems
Have You tried also Last known good configuration?
If yes - You;ll possibly need to connect problematic HDD as slave to any other PC and rescan it and also reset NTFS permissions.
Last opportunity - You may use Repair Installation
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx 
0
 
yasserdCommented:
Hi,

Your maching may be infected by a spyware. Scan your PC using superantispyware:

www.superantispyware.com

Regards,
0
 
james MckenzieAuthor Commented:
we have already done that using Webroot, Trend and Mcafee
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
james MckenzieAuthor Commented:
we know that it is a line in the registry possibly  WindowsNT entry that is causing the problem but no one here can remember what or were the line is
0
 
eXpeLLeD_4RM_heLLCommented:
Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)

Type the following command and press Enter.

CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)

COPY USERINIT.EXE WSAUPDATER.EXE

Quit Recovery Console by typing EXIT and restart Windows.

You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.


NOTE    If you don't have a Windows XP CD-ROM, you need to use Windows XP Setup floppy disks to enter the Recovery Console.

 Phase II  -  Fixing a registry entry which causes the Quick Launch issue (not retaining the settings)

Click Start, Run and type REGEDIT. Navigate to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]

In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\userinit.exe,"

Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately, if Windows is installed in a different drive.
0
 
johnb6767Commented:
If you can access the workstaion on a network, using remote registry, then the above process can be shortned to simply reflect checking the following....

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]
In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\userinit.exe,"
0
 
james MckenzieAuthor Commented:
after trying the above solutions we are now able to logon, but still cant run any software the error message is " windows cannot access the specified device, path,  or file, you may not have the appropriate permissions to access the item"
0
 
johnb6767Commented:
Cant run certain File Types, or is it really ANYTHING? Could you be more specific?

Does Safe Mode now work?
0
 
johnb6767Commented:
work any better, in regaRDS TO THE FILE ASSOCIATIONS?

0
 
johnb6767Commented:
I would do a few things....Install and update Super Anti Spyware and reboot to Safe Mode.

Then do a full scan, and see what it finds. Then you can even do an Online Virusscan for Housecall if you use Safe mode w/ networking.

SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!
http://www.superantispyware.com/
One of the best on the market (and it is free, although you can upgrade and get Real Time Protection)

AVG Anti-Virus Free Edition
http://free.grisoft.com/doc/download-free-anti-virus/us/frt/0
Excellent Virus Scanner, with the best price.

Housecall Online Free Virus Scanner
http:\\housecall.trendmicro.com
Great to do an online Scan in Safe Mode w/ networking
0
 
Mohammed HamadaSenior IT ConsultantCommented:
policy is messed up there you should try to log on to safe mode on administrator account and see if there's away to run any programs?
0
 
san_mustafa79Commented:
From what I read your machine was infected and it has corrupted certain sections of your registry tree.
Also when you cleaned it up the antivirus deleted certain operating system files which were renamed by the virus.

Your best bet is to save all your data as you can log on now and then reinstall the machine. I know this is the lay man solution but with windows to work better and when you have save d your data this is your best bet.

In case you do not have a windows xp cd then we have to check the registry entries in a lot of places.

0
 
eXpeLLeD_4RM_heLLCommented:
Download SDfix from :http://downloads.andymanchesta.com/removaltools/sdfix.exe and run it in safe mode with administrator rights. Also run SAV32CLI from the SDFix utillity and report back to us on what viruses were found. We might be able to help you in restoring the registry by knowing what viruses are infecting you.
0
 
danichCommented:
This machine has obvioiusly been badly compromised. You could spend the next six months chasing down gremlins and still not get them all.

Back up the important data, flatten it and reinstall from scratch.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now