Strange reboot loop

moletech
moletech used Ask the Experts™
on
Have this strange reboot loop issueon a XP Pro Desktop. Not sure if it is malware or what.  At first when I powered on the PC, it would get just past  the windows splash screen, the a box would pop up saying "lsass.exe operation failed" then when you click OK the PC reboots.  When I try to boot to safe mode there it starts to load the drivers, then there is a short pause and a reboot. I have also tried to boot using the Last Known Good Configuration option.  
I took an XP CD, booted into recovery console and ran CHKDSK /r.  I made some a litlle progress from this,  now when I boot I get to the login screen enter username and password, now it goes as far as showing the desktop background ((no icons or anything els)) then it just reboots.
If I leave the login screen alone without doing anything the default windows screen saver will appear for about 1 second then go right back to the login screen.  I've begun to wonder if this is a malicious script hiding somewhere or a corrupted registry.  I've also tried holding down the SHIFT key durring the boot process because this supposedly bypasses the startup items, but this did not help.  Iwould try a repair intall but that is not an option as it is an ACER computer and the recover disk will do nothing but wipe the disk and install from a factory image.

Not sure what my options are here, hope someone can help.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2009
Commented:
Try scanning machine with kaspersky live cd http://ftp.kaspersky.com/devbuilds/RescueDisk/ 
See if that finds anything
Top Expert 2013

Commented:
Have you installed any new software or hardware recently? - if so, undo the changes with System Restore (if you have a suitable restore point) (http://support.microsoft.com/kb/306084, http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx)
Alternatively - a repair install should fix this - you will require a Windows XP CD with the same Service Pack integrated - so, if you currently have XP SP3 installed, you might need to slipstream an installation on another computer. (http://www.helpwithwindows.com/WindowsXP/Slipstreaming_Windows_XP_Service_Pack_3.html)
Information regarding Repair Install - http://michaelstevenstech.com/XPrepairinstall.htm, http://support.microsoft.com/kb/315341)
 
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Commented:
If I where you, I would remove & connect the hard drive to another computer, backup all your data, and then use your acer recovery disks to format and reload your pc. Copy your data back afterwards.

 
Beg or borrow an XP CD. It does not matter what service pack or version it is. You only need it to boot to the recovery console to follow this procedure.

Refer to this page for additional info:

http://www.winxptutor.com/wsaremove.htm
Unable to logon to Windows after removing BlazeFind using a spyware removal utility?

Logon - Logoff loop, also caused by BlazeFind

Another critical symptom caused by this malware: This malware modifies the Userinit area in the registry (replacing the userinit.exe with wsaupdater.exe) and Ad-Aware (with a particular definition update) removes the wsaupdater.exe file from the system, thus causing the Logon - Logoff loop. That is, when you login to Windows, the 'loading personal settings" verbose will appear, but suddenly it will logoff. This issue was documented clearly by Lavasoftusa in it's Lavahelp Knowledgebase.

Here is the solution to the logon - logoff issue in Windows XP.

Enter the Recovery Console

Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)

Type the following command and press Enter.

CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)

COPY USERINIT.EXE WSAUPDATER.EXE

Quit Recovery Console by typing EXIT and restart Windows.

You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.


NOTE    If you don't have a Windows XP CD-ROM, you need to use Windows XP Setup floppy disks to enter the Recovery Console.

 Phase II  -  Fixing a registry entry which causes the Quick Launch issue (not retaining the settings)

Click Start, Run and type REGEDIT. Navigate to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]

In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\userinit.exe,"

Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately, if Windows is installed in a different drive.

Close Registry Editor and restart Windows.

Author

Commented:
Thanks, the Kaspersky CD worked,  It was definitly malware, after the scan and removal of the the Live CD found, I was able to boot and remove the remaining malware on the PC

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial