Solved

After Virus Removal, System will not boot up

Posted on 2009-04-08
2
414 Views
Last Modified: 2013-11-22
I have a Dell Computer with XP Media Center OS that I ran a virus scan/removal first with Malwarebytes then with AVG.  Both removed serveral virus, without any errors or complications.

Then upon reboot, I get to the user menu, I select the user I want....it starts by stateing "Loading Personal Settings"  then within a few seconds it states "Logging Off"  "Saving your settings" and it goes back to the user menu.

All users act in the same manor.  It does the same thing in Safe Mode.  I have tried Last known good configuration without any luck.  

I am lost here, can anyone provide some advice?

Thanks!!!
0
Comment
Question by:wayneg12345
2 Comments
 
LVL 59

Accepted Solution

by:
LeeTutor earned 500 total points
ID: 24097478
The following page describes how this problem occurs after you have attempted to clean up adware/spyware with a certain version of the data, and also what to do about it:

http://www.winxptutor.com/wsaremove.htm
Unable to logon to Windows after removing BlazeFind using a spyware removal utility?

[begin quote from the above page:]

Logon - Logoff loop, also caused by BlazeFind

Another critical symptom caused by this malware: This malware modifies the Userinit area in the registry (replacing the userinit.exe with wsaupdater.exe) and Ad-Aware (with a particular definition update) removes the wsaupdater.exe file from the system, thus causing the Logon - Logoff loop. That is, when you login to Windows, the 'loading personal settings" verbose will appear, but suddenly it will logoff. This issue was documented clearly by Lavasoftusa in it's Lavahelp Knowledgebase.

Here is the solution to the logon - logoff issue in Windows XP.

Enter the Recovery Console

Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)

Type the following command and press Enter.

CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)

COPY USERINIT.EXE WSAUPDATER.EXE

Quit Recovery Console by typing EXIT and restart Windows.

You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.


NOTE    If you don't have a Windows XP CD-ROM, you need to use Windows XP Setup floppy disks to enter the Recovery Console.

 Phase II  -  Fixing a registry entry which causes the Quick Launch issue (not retaining the settings)

Click Start, Run and type REGEDIT. Navigate to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]

In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\userinit.exe,"

Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately, if Windows is installed in a different drive.

Close Registry Editor and restart Windows.

[end quote.]


Sometimes, you will find that there is no file Userinit.exe or Wsaupdater.exe in the \Windows\System32\ folder.  In this case, all you need to do is, while in the Recovery Console, use the following command to decompress the file userinit.ex_ into the \Windows\System32\ folder as userinit.exe (where X: is replaced by whatever drive letter your CD-ROM uses):

EXPAND X:\I386\USERINIT.EX_  C:\WINDOWS\SYSTEM32
0
 

Author Closing Comment

by:wayneg12345
ID: 31568043
Outstanding job on this issue of mine!  Your responce time and accuracy was fantastic.  I was able to solve this issue very quickly, thanks to your assistance!!!!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now