Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

After Virus Removal, System will not boot up

Posted on 2009-04-08
2
Medium Priority
?
423 Views
Last Modified: 2013-11-22
I have a Dell Computer with XP Media Center OS that I ran a virus scan/removal first with Malwarebytes then with AVG.  Both removed serveral virus, without any errors or complications.

Then upon reboot, I get to the user menu, I select the user I want....it starts by stateing "Loading Personal Settings"  then within a few seconds it states "Logging Off"  "Saving your settings" and it goes back to the user menu.

All users act in the same manor.  It does the same thing in Safe Mode.  I have tried Last known good configuration without any luck.  

I am lost here, can anyone provide some advice?

Thanks!!!
0
Comment
Question by:wayneg12345
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 59

Accepted Solution

by:
LeeTutor earned 2000 total points
ID: 24097478
The following page describes how this problem occurs after you have attempted to clean up adware/spyware with a certain version of the data, and also what to do about it:

http://www.winxptutor.com/wsaremove.htm
Unable to logon to Windows after removing BlazeFind using a spyware removal utility?

[begin quote from the above page:]

Logon - Logoff loop, also caused by BlazeFind

Another critical symptom caused by this malware: This malware modifies the Userinit area in the registry (replacing the userinit.exe with wsaupdater.exe) and Ad-Aware (with a particular definition update) removes the wsaupdater.exe file from the system, thus causing the Logon - Logoff loop. That is, when you login to Windows, the 'loading personal settings" verbose will appear, but suddenly it will logoff. This issue was documented clearly by Lavasoftusa in it's Lavahelp Knowledgebase.

Here is the solution to the logon - logoff issue in Windows XP.

Enter the Recovery Console

Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)

Type the following command and press Enter.

CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)

COPY USERINIT.EXE WSAUPDATER.EXE

Quit Recovery Console by typing EXIT and restart Windows.

You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.


NOTE    If you don't have a Windows XP CD-ROM, you need to use Windows XP Setup floppy disks to enter the Recovery Console.

 Phase II  -  Fixing a registry entry which causes the Quick Launch issue (not retaining the settings)

Click Start, Run and type REGEDIT. Navigate to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]

In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\userinit.exe,"

Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately, if Windows is installed in a different drive.

Close Registry Editor and restart Windows.

[end quote.]


Sometimes, you will find that there is no file Userinit.exe or Wsaupdater.exe in the \Windows\System32\ folder.  In this case, all you need to do is, while in the Recovery Console, use the following command to decompress the file userinit.ex_ into the \Windows\System32\ folder as userinit.exe (where X: is replaced by whatever drive letter your CD-ROM uses):

EXPAND X:\I386\USERINIT.EX_  C:\WINDOWS\SYSTEM32
0
 

Author Closing Comment

by:wayneg12345
ID: 31568043
Outstanding job on this issue of mine!  Your responce time and accuracy was fantastic.  I was able to solve this issue very quickly, thanks to your assistance!!!!
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question