Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 489
  • Last Modified:

Windows XP signs me back out right after logging in, any idea why?

I have a laptop I'm working on and the child that owns it was part of a school domain at one point, however the school offers no free tech help with the laptops.  The odd thing here is that as soon as you login to the domain with the credentials (obviously cached because the laptop is used at home, away from the domain) the laptop automatically shows "closing network connections" and logs you right back off, you never get to the desktop, just the wallpaper loads and then it logs you right back off.  According to the user this loop continues for about 10 tries and eventually it allows you to login.  

Anyone have any idea why or how to troubleshoot?
0
Jsmply
Asked:
Jsmply
  • 20
  • 11
  • 11
  • +2
2 Solutions
 
skywalker39Commented:
Insert the original Windows XP CD and reboot the computer. You may need to configure your computer to boot from the CD-ROM drive.

When the Windows XP Setup has started, press "R" to "repair the Windows XP installation using Recovery Console".

Select the Windows installation to repair (generally this is C:\Windows) by typing its number and then pressing ENTER.

Type the Administrator password and press ENTER.

 Type the following commands:

D:                               [ENTER]
CD I386                              [ENTER]
EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32      [ENTER]

NOTE: If your CD-ROM drive has a different letter assigned to it, enter "X:" instead, where X is the appropriate drive letter.

After entering "EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32" you should see the text "1 file(s) copied", in which case all went well.

Remove the Windows XP CD, type "EXIT" and press ENTER to restart your computer. You should now be able to log on.
0
 
bmatumburaCommented:
The laptop has been hit by some nasty virus. Try to boot the laptop in safe mode and use an anti-virus with the latest virus definitions to clean it
0
 
wpathanCommented:
try loggin in using a local account to this laptop.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
JsmplyAuthor Commented:
Well two things, one, the user does not know the admin password. Secondly, I can boot into safe mode no problem. I see whenever the machine boots up even in safe mode a program called "CrossTech SchoolVue Client" is always running, even on the bottom left before I login to windows. Could that be causing it?
0
 
wpathanCommented:
It could be a remote control client also.
0
 
bmatumburaCommented:
I don't think it's the "CrossTech SchoolVue Client" program; If it were, it would still log you off in safe mode.

I have encountered a virus that has those characteristics before: logs you off in normal mode, but everything seems ok in safe mode
0
 
bmatumburaCommented:
Goto:

http://www.google.co.bw/search?q=windows+automatically+logs+off&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

and follow some of the links. You'll get information on how you can fix this issue
0
 
JsmplyAuthor Commented:
Well I checked and the CrossTec software seems to have an IP address to call home and always link the student to classes when online. Weird. Ill scan the machine with malwarebytes now.
0
 
skywalker39Commented:
I would scan malwarebytes in Safe Mode Jsmply, also try some others as well,
http://www.superantispyware.com/
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
0
 
JsmplyAuthor Commented:
I'm running a full scan on Malwarebytes in safe mode right now.  Is there any definitive program that should be used for this kind of stuff?  I usually carry MalwareBytes around on my thumb stick with the latest definitions and I've very rarely found something it can't remove.  
0
 
skywalker39Commented:
Malwarebytes is a great tool to use, Also Combofix is great as well.
0
 
JsmplyAuthor Commented:
Do you have a link to ComboFix?  What's generally the best cocktail for infected machines.  Is MalwareBytes and ComboFix sufficient?  Does a "true anti-virus" need to be in the mix?
0
 
skywalker39Commented:
Combofix is similar to MalwareBytes, I would run a anti-virus to be safe as well. BitDefender is a good one, so is Spyware Doctor with AntiVirus, and so is Webroot Spy Sweeper with AntiVirus. Here's the links:
http://www.bitdefender.com/
http://www.pctools.com/spyware-doctor-antivirus/
http://www.pctools.com/free-antivirus/
http://www.webroot.com/En_US/consumer-products-antivirus.html
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
flubbsterCommented:
You need to fix the userinit file if it is corrupt. You should be able to do it while booting with the XP CD OR you can do it by using the userinit.ex_ file in the C:\i386 folder. This is usually placed on the C drive during installation.

Boot into safe mode first to check if the folder and file is there. If so, reboot again to "Safe mode with cmd prompt" and follow the instructions above describing how to expand and replace the file. If it turns out that you do not have the C:\i386 folder on the pc, then do the following:

Download ERD Commander from here:
http://www.fullandfree.info/software/erd-commander-2005/
you will need the password to unrar it. The password is simply the website you downloaded it from, as follows:

www.fullandfree.info

After it is unrared (same as unzip), you will have an iso file. Burn the iso to a CD (do not just copy the iso. make sure you use an image burning tool). Boot with the CD and you will boot into a windows environment. The CD includes a utility to reset the admin password. This will allow you to now boot from a windows cd to get to the recovery console. Perform the repair as above.
0
 
JsmplyAuthor Commented:
Okay, I ran MalwareBytes and it removed 63 infections so that's good, but the bad news is I still can't get in.  I'm going to try what Flubbster said now.
0
 
flubbsterCommented:
Based on the fact that you found a considerable amount of malware, you should perform this full procedure to fix the logon problem. It goes a little beyond the above fix.

Enter the Recovery Console

Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)

Type the following command and press Enter.

CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)

COPY USERINIT.EXE WSAUPDATER.EXE

Quit Recovery Console by typing EXIT and restart Windows.

You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

Now, change the USERINIT value in the registry

Click Start, Run and type REGEDIT. Navigate to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]

In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\userinit.exe,"

Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately, if Windows is installed in a different drive.

Close Registry Editor and restart Windows.
0
 
skywalker39Commented:
I would recommend what flubbster suggests (as I mentioned something similar in my first post).
0
 
JsmplyAuthor Commented:
I'm working on that now.  The admin password was nothing I could guess so I'm burning the ISO for ERD Commander.  That's very useful if it can reset the admin password.  What OS'ses will it work for?
0
 
flubbsterCommented:
Just Xp I believe. However, if you can boot properly to safe mode, you may not need to do the ERD thing. I would do it anyway just to reset the admin password. However, you might be able  make the required repairs in safe mode by accessing the registry and following the above procedure. The only thing I am not sure of is whether you will be able to copy the file while windows is running. You will be able to do it in safe mode with cmd prompt though. Copy the file, I mean. Then boot and make the registry edit.
0
 
JsmplyAuthor Commented:
Well it did not have an I386 folder on the C drive, so I'm going the ERD route and will then use the XP cd.  Out of curiousity, is there a similiar method for resetting the admin password on Vista?  This is a problem I've run into with several clients with no easy solution.  Now I have one for XP, thanks!  Is there any limitation on XP?  IE: Which service pack it needs, etc.  Thx!
0
 
flubbsterCommented:
No, it is sp independent. It simply provides a windows environment and provides several tools for troubleshooting a non-booting system. As far as Vista goes, apparently it can be done by using a vista dvd to provide some required files. Take a look here:

http://www.windowsvistaplace.com/vista/erd-commander/
0
 
JsmplyAuthor Commented:
I just tried changing the admin password using the "Locksmith" program in ERD commander.  For some reason, when I booted up tp the XP SP3 CD and tried to go into the repair console, it would not take the password it changes the administator PW too.  I'm not sure why.  I'm going to try locksmith again.
0
 
flubbsterCommented:
just remove the password if you can instead of trying to change it to something else.
0
 
flubbsterCommented:
basically, when it asks for the new password, just hit enter.
0
 
JsmplyAuthor Commented:
Strange, I booted back into ERD and ran locksmith and it said "you have a pending password change, you must restart your computer for it to take effect". I did that already since I had to restart to try the repair console. Could it want me to shutdown competely?  I don't see what that would do.
0
 
flubbsterCommented:
That is strange. I have not seen that message before. I guess it can't hurt though.
0
 
flubbsterCommented:
If you continue to have trouble resetting the admin password, then use this instead. It is a linux based rest program. 99%+ of the time, just use the defaults as they are presented, selecting "1" to change the admin password. Leave new password blank! DO NOT select a new password, just hit enter.

The download is here:
http://home.eunet.no/pnordahl/ntpasswd/cd080802.zip  Agian, burn the image.

The website is here:
http://home.eunet.no/pnordahl/ntpasswd/

walkthrough here:
http://home.eunet.no/pnordahl/ntpasswd/walkthrough.html
0
 
JsmplyAuthor Commented:
I tried ERD till my head hurt, it won't do change the password.  Could it be because it's changing the domain password on the machine and not the local acccount?  i don't know, really weird.  

Either way, I'm trying your linux one now.
0
 
JsmplyAuthor Commented:
Ok. Good news and bad news. Good news is I was able to use your linux tool to reset admin pw and get into recovery console. I copied the files you told me and restarted. Same thing, immediatly upon logging it it says loading profile . . . Closing network connections . . . Logging off . . . And bam I'm back on the logon screen.
0
 
JsmplyAuthor Commented:
Its not the account either, I just tried to logon to the comp locally with the admin username now that I reset the pw. Same deal, logs on and logs off. Never get to the desktop.
0
 
flubbsterCommented:
so... you copied userinit.exe to wsaupdater.exe?
0
 
JsmplyAuthor Commented:
Yep. It said copied succesfully. Restarted, and same thing.
0
 
flubbsterCommented:
If you can boot to safe mode, look at the registry and make sure that the second part is ok... ensuring that userinit, is the correct entry.
0
 
JsmplyAuthor Commented:
Ok. Could it be more malware?  I left the machine at the logon prompt while I was typing on EE and came back and it still said press ctrl alt del to logon, but there was an empty internet explorer page and three pop ups saying "you may have a security problem, click ok to scan for viruses"
0
 
JsmplyAuthor Commented:
Okay, i tried installing SuperAntiSpyware, but it wont let me install from safe mode and since I can't boot into Windows normally, that doesn't leave me much.  I'm trying a full scan again from MalwareBytes from the admin account.  Should that make a difference?
0
 
JsmplyAuthor Commented:
Btw: I checked the registry in safe mode, it shows the path you gave me already
0
 
skywalker39Commented:
It shouldn't make a difference in the admin account.
0
 
JsmplyAuthor Commented:
I didn't think so. Any other ideas?
0
 
skywalker39Commented:
You could try using a UBCD The Ultimate Boot CD? Here's a link: http://www.ultimatebootcd.com/
It has Anti-Virus/Malware Tools on the cd, since you can't boot into normal Windows.
0
 
JsmplyAuthor Commented:
Well I can boot into safemode, just not normal Windows
0
 
skywalker39Commented:
Do you have system restore enabled? You can to do a system restore in Safe Mode.
0
 
skywalker39Commented:
I understand that you can't boot into Normal Windows, the reason I mentioned UBCD is because it has some different  Anti-Virus/Malware Tools to try if you wanted to.
0
 
JsmplyAuthor Commented:
Thanks, i can try that.  I just found a link to several other places that had the problem with no resolution beyond the one's we have tried so far =(

http://www.geekstogo.com/forum/Windows-XP-Logs-Then-Immediately-Logs-Off-t15771.html&st=15
0
 
JsmplyAuthor Commented:
I'm in!  I re-read flubsters post and realized that was just taking userinit.exe from the system32 folder on the c drive and copying it to wsaupdated.exe assuming that was the issue. But the registry showed it was not pointing to wsaupdated, but userinit. This made me realize maybe userinit was corrupt. Sure enough, skywalkers post worked just fine. I should have tried that from the beggining. It copies a new copy from the CD. I'm good to go now!  Thanks!  I'm downloading updates for superantispyware. I'm going to give a few points to fubbster bc his post about the admin pw got me into the recovery console. That was needed too. Thanks!
0
 
skywalker39Commented:
Glad you got it to work!
0
 
skywalker39Commented:
Thank you Jsmply!
0
 
flubbsterCommented:
Glad you're in...

take care  :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 20
  • 11
  • 11
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now