Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 401
  • Last Modified:

Computer logs off immediately after logon

I think I got a good trojan virus.  Once I logon it immediately logs off.  Tried safe mode - same thing.  
What can be done except reinstall OS?

Thanks.
0
Tiras25
Asked:
Tiras25
  • 4
  • 3
  • 2
  • +6
3 Solutions
 
suvmitraCommented:
It also happens some time if you have some hardware troubles like loose Hard Disk cable; loose Power Cable etc. Ensure all the power cords are properly installed.
0
 
kcoectCommented:
If you have the installation media, you can try an operating system "repair".  Boot the installation media, don't press "r" to bring up the recovery console, let the disk search the hard drive for a current installation and from there you will be able to perform a "repair" of the OS.

If the machine is on a network and you can remotely edit the registry, look at the following key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

make sure it has the current value
C:\WINDOWS\System32\userinit.exe

where C: is the drive that Windows is installed on/.
0
 
ching023Commented:
Does it fresh out any screen before logging off?
Also, did you try to login with other user account? i Safe mode?
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
manojkundliyaCommented:

Log on to a networked computer.
Run Regedit.exe
Point your cursor to HKEY_LOCAL_MACHINE
Select File > Connect Remote Registry
Type computer name (infected computer)
Navigate to the following location in registry of destination or infected computer


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon


Edit these two values in right pane:

Shell
Userinit


Change these two values to
Shell=explorer.exe
Userinit = x:\windows\system32\userinit.exe
Exit from Registry
Restart Infected computer.
You should be able to log on to computer.
if it not work then go to back steps and just copy orwrite the file userinit.exe
0
 
Neil RussellTechnical Development LeadCommented:
Download a copy of UBCD4WIN iso, burn to a CD, BOOT CD and run AV & Spyware removal progs off the CD. Then if that still does not boot, use the registry restore tools on that CD to roll back to a prior Windows Restore Point.
Usually works if the checks that kcoect gave you above fails.
0
 
Tiras25Author Commented:
This is definely a virus, before it happened my ESET poped up with few trojan messages and asked to restart.  
This is not a netoworked computer, just a stand along home laptop.  although I can probably hookup another computer on the same line and login remotely.
CD boot option would probably be the best option though.  What AV/Spyware tools would you recommend?
Thanks.
0
 
suvmitraCommented:
0
 
Tiras25Author Commented:
Let me try that too.  Thank you!!
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
I would also suggest using the Sophos Anti-root kit good for malware removal.
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

Also, try booting from a WinPE and see if there is anything in the startup folder and the runonce folder in the registry.
http://apcmag.com/windows_pe_20_a_tiny_version_of_windows_for_system_maintenance.htm
0
 
flubbsterCommented:
If you have the wsaupdater virus, then follow this procedure:

Enter the Recovery Console

Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)

Type the following command and press Enter.

CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)

COPY USERINIT.EXE WSAUPDATER.EXE

Quit Recovery Console by typing EXIT and restart Windows.

You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.


NOTE    If you don't have a Windows XP CD-ROM, you need to use Windows XP Setup floppy disks to enter the Recovery Console.

 Phase II  -  Fixing a registry entry which causes the Quick Launch issue (not retaining the settings)

Click Start, Run and type REGEDIT. Navigate to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]

In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\userinit.exe,"

Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately, if Windows is installed in a different drive.


btw... in the instructions above, each instance that instructs you to verify/modify an entry to be userinit.exe is incorrect. The correct entry is:

c:\windows\system32\userinit.exe,   (NOTE THE COMMA)
0
 
Tiras25Author Commented:
Yes I can try that.  I am not sure I have that specific virus though.  

I there any tools I can download as an iso image alogn with a bootable CD?
0
 
Neil RussellTechnical Development LeadCommented:
The UBCD4WIN that i mentioned above comes with some AV & Spyware apps already on it as I mentioned above. That should be enough to get you logged in. Once your in then Just run Malwarebytes and Combofix.
0
 
flubbsterCommented:
If you build the ubcd4win cd, it has a tool called RegBrz that allows you to edit a local version of the registry (in other words, the registry on the pc you booted the cd from). This will allow you to view and edit the registry key noted above.  So...

Build the UBCD4WIN CD
Boot it and use the RegBrz function
Navigate to the key above and modify as I show above, with the userinit.exe, entry
Save the change, remove cd and reboot. If the real userinit.exe file has not been deleted or corrupted, it should boot. When you navigate to the key, you will see what name has been inserted in place of userinit.exe, entry. If it is not wsaupdater, pls post it here for future reference.
0
 
Tiras25Author Commented:
Will do tonight.
Thank  you again!
0
 
stiriderCommented:
I am having this same problem.  I tried the recovery console method but still cannot successfully log in.
0
 
flubbsterCommented:
Build the ubcd4win cd. There is another utility called RegResWiz. It is essentially the same as XP's System Restore. Run that utility, reboot to safe mode, then run the xp system restore.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
  • 2
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now