Jump to content
Compatible Support Forums
Sign in to follow this  
PeterLeutert

Immediate Logout after Login into Windows XP

Recommended Posts

After (partial) removal of the W32.Funner worm from my XP-Home PC

I can boot the PC (whether in secure mode or not is not important), but as soon as I login under any user account,which works ok, I am immediatly within half a second or so logged out again. I have no chance to enter into any account. Has anybody an idea what to do in this situation (beside installing the system again from scratch)?

Share this post


Link to post

That nasty worm have changed userinit value in Registry...

 

<long post>

 

Quote:

"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"

Value: Userinit

Data: %system32%\wsaupdater.exe

 

%system32% represents the path to the System32 folder. For example, if the path is C:\Windows\System32, then the data would be: "C:\Windows\System32\wsaupdater.exe"

 

Instead of "wsaupdater.exe", the data should contain "userinit.exe,".

Using the example above, the data would be "C:\Windows\System32\userinit.exe,"

(!Note! the comma following the file path information.)

 

Using the XP's recovery console, copy userinit.exe to wsaupdater.exe to allow log on capability to be restored, and correct the registry data manually.

 

In the following instructions, C:\Windows\System32 shall be used as the System32 location. Change the path accordingly to accommodate for your installation directory.

 

Insert the Windows XP startup disk into the floppy disk drive, or insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.

Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted to do so.

 

When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

If you have a dual-boot or multiple-boot computer, select the installation that you want to access from the Recovery Console.

When you are prompted to do so, type the Administrator password.

 

If the administrator password is blank (which is likely the case if Windows XP was preinstalled by your computer manufacturer), just press ENTER.

 

You should now be in the Windows installation folder ("C:\Windows").

At the Recovery Console command prompt, type the following lines, pressing ENTER after you type each line:

 

Quote:

cd system32

copy userinit.exe wsaupdater.exe

exit

 

At this time, remove the startup floppy or CD-ROM from your system, and boot into Windows XP. Log on to the system using an account with administrator-level privileges, and edit the registry using this information. It is recommeded that a registry backup be created prior to continuing.

 

Click start, then run. Enter

 

regedit

 

and click OK. Using RegEdit, expand

 

HKEY_LOCAL_MACHINE

+Software

+Microsoft

+Windows NT

+CurrentVersion

+Winlogon

 

Locate Userinit in the value column, right-click this item, and choose modify. Replace

"wsaupdater.exe" with "userinit.exe," (do not use quotes, and ensure the trailing comma is present as shown) and click OK.

Exit RegEdit.

 

Restart your computer, and log on to the system using an account with administrator-level privileges.

 

Go to My Computer, then to the System32 folder (usually C:, then Windows, then System32). If Explorer prompts that removing files from these areas is not recommended, click to continue. Locate and remove wsaupdater.exe, and delete this file.

 

</long post>

Share this post


Link to post
Quote:

"Wuurm"

smile
In Finland, these are called "mato", which means same as English word "worm".

Quote:

If the guys creating these bastardz would put their time into creating better softwares, we'd have Longhorn out by now!

Agreed.

I wonder, why have none created a worm, which does not use "zombie" computers for spam spreading but for eg. SETI@Home, cancer curing programs, etc. Then again, this would be no "malware" then, it would be "careware". smile

And the programmers of these worms, would not get their money (or whatever drives them to do these pests) from their employers, if they got any.

Or these programmers could use their programming skills in eg. linux world and make it so, that we could use any Windows application in linux, without emulator of any sort.

Ok.
Daydreaming off.
Back to work ->
smile

Share this post


Link to post

Bah, worms, viruses and trojans have been around since the dawn of man...err...computers. I wouldn't know what to do with myself, if none of these things exist. But, one thing I do wish. That the old days of having a disk that contains both Mcafee and Norton on it to scan current computers. Via DOS. Now, one thing I have noticed which is pretty cool. Avast! has a boot up virus scanner that I have not seen before. Yes, Norton has one, but only if you are not running in NTFS. Avast! doesn't care, it can still scan away. This is run in the mode where chkdsk is run with xp.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×