-
November 7th, 2006, 07:21 AM
#1
Registered User
WinXP login/logoff problem
Just stumbled upon the spyware which causes your machine not to login (logs off immediately after login).
Tried overwriting the userinit.exe file with a clean one...
Tried changing the path userinit in the registry remotely...
Tried renaming the file to wsaupdater.exe...
No luck.
It appears that this spyware corrupts the registry too much.
Finally solved it running a repair for the windows.
BTW, I got it while moving files from HD to HD (the source HD was infected).
Last edited by Sneakers; November 7th, 2006 at 07:23 AM.
-
November 7th, 2006, 07:57 AM
#2
Brandon Enright wrote ( http://linuxart.com/log/archives/200...ily-computers/ ) and I enclose an editted version herein:
--------------------------------------------------------------------------
I've run into the 'log on/log off' problem with Windows XP on friend's computers a number of times in the last year and it took me several full re-installs before I figured out what was causing the problem.
Actually the problem isn't with Windows but with Spyware/Adware/Malware that modifies the log-in section of the registry. On particular piece of malware that comes to mind is Windows Search Assistant but I've seen others do the same. What they do is change the user initialization portion of the login to point to their software, thereby loading their software at login and then passing the control off to Window's userinit.exe.
All by itself this doesn't cause any problems (other than starting the malware), what does cause the problems though is how it is removed. If you use a program like Ad-Aware, often what will happen is that Ad-Aware will identify and remove the files on the hard drive associated with the login hijacking but won't fix the registry keys. Then when you go to log in Windows passes control to something that doesn't exist and aborts the login without a visible error.
The fix is generally really simple but requires editing the registry. If you can't log in editing the registry can be difficult.........
............The registry key(s) that need to be changed are at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Look for the 'Userinit' value. It should be 'C:\WINDOWS\system32\userinit.exe,'. The comma is correct at the end. If Userinit is not this value then you have found the problem. If it is then the problem is with the GPExtensions. Compare the GPExtensions of a working machine to a broken one and delete any extras.
-------------------------------------------------------------------------
Last edited by CCT; November 8th, 2006 at 07:43 AM.
-
November 8th, 2006, 02:38 AM
#3
Driver Terrier
CCT, it is important that when quoting an author that you put a link to the source of your quote.... especially if you edit the text. The above may be found here (response number 6)
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
November 8th, 2006, 07:44 AM
#4
OK NooNoo - I have 'fixed' it up I hope. tx
Similar Threads
-
By bishwa2005 in forum Windows XP
Replies: 1
Last Post: November 2nd, 2005, 07:51 AM
-
By achase in forum Windows XP
Replies: 28
Last Post: October 27th, 2005, 02:54 AM
-
By mjohns in forum Windows XP
Replies: 0
Last Post: July 9th, 2004, 02:50 AM
-
By taeoug in forum USB/Firewire
Replies: 1
Last Post: June 20th, 2004, 08:04 AM
-
By paul.rowling in forum Tech-To-Tech
Replies: 2
Last Post: May 26th, 2004, 12:34 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks