Solved

After Virus Removal, System will not boot up

Posted on 2009-04-08
2
415 Views
Last Modified: 2013-11-22
I have a Dell Computer with XP Media Center OS that I ran a virus scan/removal first with Malwarebytes then with AVG.  Both removed serveral virus, without any errors or complications.

Then upon reboot, I get to the user menu, I select the user I want....it starts by stateing "Loading Personal Settings"  then within a few seconds it states "Logging Off"  "Saving your settings" and it goes back to the user menu.

All users act in the same manor.  It does the same thing in Safe Mode.  I have tried Last known good configuration without any luck.  

I am lost here, can anyone provide some advice?

Thanks!!!
0
Comment
Question by:wayneg12345
2 Comments
 
LVL 59

Accepted Solution

by:
LeeTutor earned 500 total points
ID: 24097478
The following page describes how this problem occurs after you have attempted to clean up adware/spyware with a certain version of the data, and also what to do about it:

http://www.winxptutor.com/wsaremove.htm
Unable to logon to Windows after removing BlazeFind using a spyware removal utility?

[begin quote from the above page:]

Logon - Logoff loop, also caused by BlazeFind

Another critical symptom caused by this malware: This malware modifies the Userinit area in the registry (replacing the userinit.exe with wsaupdater.exe) and Ad-Aware (with a particular definition update) removes the wsaupdater.exe file from the system, thus causing the Logon - Logoff loop. That is, when you login to Windows, the 'loading personal settings" verbose will appear, but suddenly it will logoff. This issue was documented clearly by Lavasoftusa in it's Lavahelp Knowledgebase.

Here is the solution to the logon - logoff issue in Windows XP.

Enter the Recovery Console

Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)

Type the following command and press Enter.

CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)

COPY USERINIT.EXE WSAUPDATER.EXE

Quit Recovery Console by typing EXIT and restart Windows.

You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.


NOTE    If you don't have a Windows XP CD-ROM, you need to use Windows XP Setup floppy disks to enter the Recovery Console.

 Phase II  -  Fixing a registry entry which causes the Quick Launch issue (not retaining the settings)

Click Start, Run and type REGEDIT. Navigate to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]

In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\userinit.exe,"

Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately, if Windows is installed in a different drive.

Close Registry Editor and restart Windows.

[end quote.]


Sometimes, you will find that there is no file Userinit.exe or Wsaupdater.exe in the \Windows\System32\ folder.  In this case, all you need to do is, while in the Recovery Console, use the following command to decompress the file userinit.ex_ into the \Windows\System32\ folder as userinit.exe (where X: is replaced by whatever drive letter your CD-ROM uses):

EXPAND X:\I386\USERINIT.EX_  C:\WINDOWS\SYSTEM32
0
 

Author Closing Comment

by:wayneg12345
ID: 31568043
Outstanding job on this issue of mine!  Your responce time and accuracy was fantastic.  I was able to solve this issue very quickly, thanks to your assistance!!!!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 10 4 36
how can I resolve popup issues with Microsoft Edge? 9 75
Protecting a SKY 4.0 (Android) devise 15 96
"k" and "i" wont work in a dell lap top 5 13
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now