fccinvest
asked on
removed antivirus with superantispy on media center and now will not go past login screen?
I removed antivirus with superantispy on customer's media center pc remotely
and did the normal things, uninstalled garbage, edit msconfig, reomoved antivirus 2008 from registry
and so on. This has worked many times for me but now after reboot the pc will not go past login screen?
You click on the profile or log in as admin and it starts to load then says logging off ?
anyone seen this before ? Suggestions?
and did the normal things, uninstalled garbage, edit msconfig, reomoved antivirus 2008 from registry
and so on. This has worked many times for me but now after reboot the pc will not go past login screen?
You click on the profile or log in as admin and it starts to load then says logging off ?
anyone seen this before ? Suggestions?
Turn on the pc and start in "Safe Mode with Networking". Press the F8 key repeatedly prior to windows booting and choose "Safe Mode With Networking" from the menu. Next, download HijackThis
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html?hhTest=1
run a scan and post the logfile here.
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html?hhTest=1
run a scan and post the logfile here.
If you can log on in safe-mode, try control panel - user accounts - change the way users log on and off.
This has worked for me in the past...
This has worked for me in the past...
The following page describes how this problem occurs after you have attempted to clean up adware/spyware with a certain version of the data, and also what to do about it:
http://www.winxptutor.com/wsaremove.htm
Unable to logon to Windows after removing BlazeFind using a spyware removal utility?
Logon - Logoff loop, also caused by BlazeFind
Another critical symptom caused by this malware: This malware modifies the Userinit area in the registry (replacing the userinit.exe with wsaupdater.exe) and Ad-Aware (with a particular definition update) removes the wsaupdater.exe file from the system, thus causing the Logon - Logoff loop. That is, when you login to Windows, the 'loading personal settings" verbose will appear, but suddenly it will logoff. This issue was documented clearly by Lavasoftusa in it's Lavahelp Knowledgebase.
Here is the solution to the logon - logoff issue in Windows XP.
Enter the Recovery Console
Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)
Type the following command and press Enter.
CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)
COPY USERINIT.EXE WSAUPDATER.EXE
Quit Recovery Console by typing EXIT and restart Windows.
You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)
Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.
NOTE If you don't have a Windows XP CD-ROM, you need to use Windows XP Setup floppy disks to enter the Recovery Console.
Phase II - Fixing a registry entry which causes the Quick Launch issue (not retaining the settings)
Click Start, Run and type REGEDIT. Navigate to:
[HKEY_LOCAL_MACHINE\SOFTWA
In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\useri
Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately, if Windows is installed in a different drive.
Close Registry Editor and restart Windows. The Quick Launch settings should be retained now.
http://www.winxptutor.com/wsaremove.htm
Unable to logon to Windows after removing BlazeFind using a spyware removal utility?
Logon - Logoff loop, also caused by BlazeFind
Another critical symptom caused by this malware: This malware modifies the Userinit area in the registry (replacing the userinit.exe with wsaupdater.exe) and Ad-Aware (with a particular definition update) removes the wsaupdater.exe file from the system, thus causing the Logon - Logoff loop. That is, when you login to Windows, the 'loading personal settings" verbose will appear, but suddenly it will logoff. This issue was documented clearly by Lavasoftusa in it's Lavahelp Knowledgebase.
Here is the solution to the logon - logoff issue in Windows XP.
Enter the Recovery Console
Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)
Type the following command and press Enter.
CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)
COPY USERINIT.EXE WSAUPDATER.EXE
Quit Recovery Console by typing EXIT and restart Windows.
You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)
Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.
NOTE If you don't have a Windows XP CD-ROM, you need to use Windows XP Setup floppy disks to enter the Recovery Console.
Phase II - Fixing a registry entry which causes the Quick Launch issue (not retaining the settings)
Click Start, Run and type REGEDIT. Navigate to:
[HKEY_LOCAL_MACHINE\SOFTWA
In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\useri
Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately, if Windows is installed in a different drive.
Close Registry Editor and restart Windows. The Quick Launch settings should be retained now.
While also in the Recovery Console, also try this:
Try and boot into the recovery console as seen on the link below(scroll a little down the page):
http://www.webtree.ca/windowsxp/repair_xp.htm#How%20to%20access%20the%20Recovery%20Console:
Then at the command prompt type the following line as shown:
copy C:\windows\ServicePackFile
Then remove the cdrom and type exit to reboot.
Try and boot into the recovery console as seen on the link below(scroll a little down the page):
http://www.webtree.ca/windowsxp/repair_xp.htm#How%20to%20access%20the%20Recovery%20Console:
Then at the command prompt type the following line as shown:
copy C:\windows\ServicePackFile
Then remove the cdrom and type exit to reboot.
ASKER
Thanks to all fo rthe responses,
Nobus no I can not boot the pc to safe mode it responds the same way with logging in and logging off.
SysOp-X and Phototropic same with your suggestion I can not boot to safe mode.
LeeTutor, very well written and explained. Was looking forward to theis being the resolution as it made a lot of sense. However when I booted to Recovery Console both through F8 and through booting to the Media Center CD, I was able to log in as administrator and get to the prompt, and access the windows drive and switch to system32 but could not find userinit.exe... there is a userini.exe though.
So I am stuck awaiting help at this point.
rpggamergirl, I tried your suggestion as well but again could not locate the userinit.exe in that or any other path.
Any other suggestions or followup, am I doing something wrong ?
Nobus no I can not boot the pc to safe mode it responds the same way with logging in and logging off.
SysOp-X and Phototropic same with your suggestion I can not boot to safe mode.
LeeTutor, very well written and explained. Was looking forward to theis being the resolution as it made a lot of sense. However when I booted to Recovery Console both through F8 and through booting to the Media Center CD, I was able to log in as administrator and get to the prompt, and access the windows drive and switch to system32 but could not find userinit.exe... there is a userini.exe though.
So I am stuck awaiting help at this point.
rpggamergirl, I tried your suggestion as well but again could not locate the userinit.exe in that or any other path.
Any other suggestions or followup, am I doing something wrong ?
Okay, so userinit.exe is missing from the System32 folder. You need to copy (and expand) the compressed version on the XP installation CD from the I386 folder: copy cddrive:/i386/userinit.ex_
(the userinit.ex_ is a compressed version of userinit.exe) Of course, you would replace cddrive above with the actual drive letter of your CD-ROM.
(the userinit.ex_ is a compressed version of userinit.exe) Of course, you would replace cddrive above with the actual drive letter of your CD-ROM.
ASKER
LeeTutor, okay I copied the file and now just reboot or what is next ?
ASKER
You said expand... ?
ASKER
I went into system32 and verified the file was copied there
and then typed expand userinit.ex_ and it said could not be expanded ?
and then typed expand userinit.ex_ and it said could not be expanded ?
Sorry, I had to go away for breakfast... ;0)
From this MS article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;888017
How to expand Windows XP files from the installation disk
Method 2: Use Expand.exe at a command prompt
To use Expand.exe at a command prompt, follow these steps:1. Insert your Windows XP installation disk into your CD drive or DVD drive.
2. Click Start, click Run, type Cmd, and then click OK.
3. Type cd\, and then press ENTER.
4. At the command prompt, type expand source destination, where source is the path to the file that you want to expand on the Windows XP installation disk, and destination is the path to the location where you want to save the file, and then press ENTER.
So you should, while in the System32 folder, type expand userinit.ex_ userinit.exe
From this MS article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;888017
How to expand Windows XP files from the installation disk
Method 2: Use Expand.exe at a command prompt
To use Expand.exe at a command prompt, follow these steps:1. Insert your Windows XP installation disk into your CD drive or DVD drive.
2. Click Start, click Run, type Cmd, and then click OK.
3. Type cd\, and then press ENTER.
4. At the command prompt, type expand source destination, where source is the path to the file that you want to expand on the Windows XP installation disk, and destination is the path to the location where you want to save the file, and then press ENTER.
So you should, while in the System32 folder, type expand userinit.ex_ userinit.exe
ASKER
Welcome back, watch out for the extra butter on the toast.
I typed expand userinit.ex_ userinit.exe from the system32 folder where I copied the file from cd
and and it says could not be expanded.
I typed expand userinit.ex_ userinit.exe from the system32 folder where I copied the file from cd
and and it says could not be expanded.
ASKER
I can do dir of the system32 folder and the userinit.ex_ is there but I can not seem to get it to expand ?
Hmm. Then maybe it works a bit different in the Recovery Console. See this article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314058
Description of the Windows XP Recovery Console
quote:
EXPAND
expand source [/F:filespec] [ destination ] [/y]
expand source [/F:filespec] /D
Use this command to expand a file. In the command syntax, source specifies the name of the file to be expanded and destination specifies the folder for the new file. If you do not specify a destination, the command defaults to the current folder. You cannot include wildcard characters.
You can use the following options:
/y Do not prompt before overwriting an existing file.
/f:filespec Identifies the files to be expanded.
/d Do not expand; display only a directory of the files in the source.
If the source contains more than one file, the /f:filespec parameter is required to identify the specific files to be expanded. You can include wildcard characters.
The destination can be any folder in the system folders of the current Windows installation, in the root of the drive, in the local installation sources, or in the Cmdcons folder. The destination cannot be removable media, and the destination file cannot be read-only. Use the attrib command to remove the read-only attribute.
Unless you use the /y option, the expand command prompts you if the destination file already exists.
http://support.microsoft.com/default.aspx?scid=kb;en-us;314058
Description of the Windows XP Recovery Console
quote:
EXPAND
expand source [/F:filespec] [ destination ] [/y]
expand source [/F:filespec] /D
Use this command to expand a file. In the command syntax, source specifies the name of the file to be expanded and destination specifies the folder for the new file. If you do not specify a destination, the command defaults to the current folder. You cannot include wildcard characters.
You can use the following options:
/y Do not prompt before overwriting an existing file.
/f:filespec Identifies the files to be expanded.
/d Do not expand; display only a directory of the files in the source.
If the source contains more than one file, the /f:filespec parameter is required to identify the specific files to be expanded. You can include wildcard characters.
The destination can be any folder in the system folders of the current Windows installation, in the root of the drive, in the local installation sources, or in the Cmdcons folder. The destination cannot be removable media, and the destination file cannot be read-only. Use the attrib command to remove the read-only attribute.
Unless you use the /y option, the expand command prompts you if the destination file already exists.
ASKER
none of that seems to be working, keeps saying could not be expanded
I can view the system32 folder now that we have copied the userinit.ex_ to it fro windoes cd and the only user*.* files there are:
user.exe
user32.dll
userenv.dll
userini.exe
userinit.ex_
I can view the system32 folder now that we have copied the userinit.ex_ to it fro windoes cd and the only user*.* files there are:
user.exe
user32.dll
userenv.dll
userini.exe
userinit.ex_
Oh, man, you've got real problems, then. There should be HUNDREDS of other files there, including EXPAND.EXE
I think you need to do an XP repair. This is a very good page on how to perform an XP Repair Install, which will preserve your data and programs:
http://www.michaelstevenst
I think you need to do an XP repair. This is a very good page on how to perform an XP Repair Install, which will preserve your data and programs:
http://www.michaelstevenst
ASKER
can I just copy userinit.exe from another pc or will that work ?
Help, you can not be at lunch yet :)
Help, you can not be at lunch yet :)
ASKER
I think you misunderstood the previous text, there are many other files and I referenced the user files by saying user*.* meaning any user file with any extension. I compared this to another pc and it is the same other than the userinit.ex_ instead of userinit.exe.
I ran the windows restore yesterday and it does not replace the file or change anything.
The system was working fine other than spyware antivirus 2008 popping up and I ran superantispy on the recommendation of this site. The I scanned for virus and spyware using spybot and everything seemed fine, spyware was gone, popups were gone, until I rebooted the machine. Then it comes to the login screen and does the login logoff thing. You can not boot to safe mode so I booted to the cd and ran a repair, but afterwards same situation login logoff can not get into machine.
Now I have been trying all the different things in recovery console and there has to be a way to fix this.
I do not understand why we can not expand the userinit.ex_ file???
Can you copy userinit.exe from another pc to this one or ???
I ran the windows restore yesterday and it does not replace the file or change anything.
The system was working fine other than spyware antivirus 2008 popping up and I ran superantispy on the recommendation of this site. The I scanned for virus and spyware using spybot and everything seemed fine, spyware was gone, popups were gone, until I rebooted the machine. Then it comes to the login screen and does the login logoff thing. You can not boot to safe mode so I booted to the cd and ran a repair, but afterwards same situation login logoff can not get into machine.
Now I have been trying all the different things in recovery console and there has to be a way to fix this.
I do not understand why we can not expand the userinit.ex_ file???
Can you copy userinit.exe from another pc to this one or ???
Oh, all right. Then I am not sure whether userinit.exe is installation-dependent like the hal.dll, for instance, but you could certainly try copying it from another pc and see if it works.
ASKER
well just an fyi... I copied the userinit.exe from another machine with the same windows version and placed it in the system32 folder and exit and reboot but the same problem exist... login and logoff.
Please anyone that has an idea i am desperate. Thanks to LeeTutor for trying a great many things,
but Lee if you or anyone eles has an idea I am ready.
Please anyone that has an idea i am desperate. Thanks to LeeTutor for trying a great many things,
but Lee if you or anyone eles has an idea I am ready.
ASKER
Hold on here, just a minute...I tried clicking on their log in and it did not work after the coping of the file from another machine.
But after a few hits and kicking the mahine...possibly a few bad words :)
I went ctr-alt-del twice and logged in as administrator and it let me in, so LeeTutor what do i need to do to repair the other profiles ?
I think we are almost there my friend
But after a few hits and kicking the mahine...possibly a few bad words :)
I went ctr-alt-del twice and logged in as administrator and it let me in, so LeeTutor what do i need to do to repair the other profiles ?
I think we are almost there my friend
Did you do the rest of the steps I posted above in my first comment (check the correct value is in the registry, etc.)?
ASKER
I forgot, that was before breakfast :)
I will compare the registry key you mentioned against another machine, but we were
under the pretense of the wsaupdater file being in play.
So I just need to be sure the userinit.exe is what is in the key ???
I will compare the registry key you mentioned against another machine, but we were
under the pretense of the wsaupdater file being in play.
So I just need to be sure the userinit.exe is what is in the key ???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
LeeTutor, thank you very much for all your support and patient.
This was a difficult issue to resolve and i truly appreciate you sticking with me.
Everything now seems to be working fine again, and spyware free.
Thanks Rick
This was a difficult issue to resolve and i truly appreciate you sticking with me.
Everything now seems to be working fine again, and spyware free.
Thanks Rick
http://www.bleepingcomputer.com/malware-removal/antivirus-2008
can you boot into safe mode? then run sfc /scannow from the run box