Can't Logon
in [Windows XP]
|
Prev: kernrate and cpu
Next: Serscan.sys
From: Pegasus [MVP] on 26 Nov 2009 17:39 "Skye" <Skye(a)discussions.microsoft.com> wrote in message news:F3D2A725-346D-4D36-80D4-F599F823D844(a)microsoft.com... > Thanks sooooooooooooooooo much for your time and effort in helping me sort > the problem. With your info and the help of a pal next door, between us we > have managed to get the userinit back into the registry somehow and now I > am > up and running again. Ran Spysweeper and Malwarebytes which found numerous > virus', trojans and other errors which have now been rectified and all > seems > ok except for the System Restore, it no longer works. As soon as I access > it > a message appears saying I must restart my computer after which the same > message appears again. Any ideas on this one? Mhm, yes, at the danger of repeating myself: Machines that are/were infected are compromised and should be reloaded. You will need to decide if it worth the trouble spending a lot of time in an attempt at cleaning the machine and probably ending up with an unstable machine, in particular since your virus infestation was severe. A re-installation would give you a result of guaranteed quality within a few hours. Remember also that virus scanners are good at *preventing* virus attackes but in many cases they cannot possibly repair the damage done by viruses. When you write "which have now been rectified" then you're probably kidding yourself. You also need to ask yourself how your machine got so badly infected. Do you have a good virus scanner? Is it up-to-date? Do you practise safe hex?
From: Skye on 26 Nov 2009 18:46 You're right, things just ain't the same but for the time being it's a good compromise as no doubt I'll eventually end up doing a clean install. My virus scanner is updated at least once a day, probably more but there was an occasion when the firewall went missing so maybe things got in during that period, first time this has ever happened in 10 years so not a bad record eh? I would like to point out that it would be much more helpful though if you concentrated on helping solve the problem rather than harping on about what one should have done/be doing, it's too negative for me. -- "Pegasus [MVP]" wrote: > > "Skye" <Skye(a)discussions.microsoft.com> wrote in message > news:F3D2A725-346D-4D36-80D4-F599F823D844(a)microsoft.com... > > Thanks sooooooooooooooooo much for your time and effort in helping me sort > > the problem. With your info and the help of a pal next door, between us we > > have managed to get the userinit back into the registry somehow and now I > > am > > up and running again. Ran Spysweeper and Malwarebytes which found numerous > > virus', trojans and other errors which have now been rectified and all > > seems > > ok except for the System Restore, it no longer works. As soon as I access > > it > > a message appears saying I must restart my computer after which the same > > message appears again. Any ideas on this one? > > Mhm, yes, at the danger of repeating myself: Machines that are/were infected > are compromised and should be reloaded. You will need to decide if it worth > the trouble spending a lot of time in an attempt at cleaning the machine and > probably ending up with an unstable machine, in particular since your virus > infestation was severe. A re-installation would give you a result of > guaranteed > quality within a few hours. Remember also that virus scanners are good at > *preventing* virus attackes but in many cases they cannot possibly repair > the damage done by viruses. When you write "which have now been rectified" > then you're probably kidding yourself. > > You also need to ask yourself how your machine got so badly infected. Do > you have a good virus scanner? Is it up-to-date? Do you practise safe hex? > > > . >
From: Pegasus [MVP] on 26 Nov 2009 19:34 "Skye" <Skye(a)discussions.microsoft.com> wrote in message news:A39DB4FC-E5C8-4A68-812F-41A7B729B8A6(a)microsoft.com... > You're right, things just ain't the same but for the time being it's a > good > compromise as no doubt I'll eventually end up doing a clean install. My > virus > scanner is updated at least once a day, probably more but there was an > occasion when the firewall went missing so maybe things got in during that > period, first time this has ever happened in 10 years so not a bad record > eh? > I would like to point out that it would be much more helpful though if you > concentrated on helping solve the problem rather than harping on about > what > one should have done/be doing, it's too negative for me. In my first response I listed the options that were available to you to resolve the userinit.exe problem. I was quite prepared to step you through the process, as I have done in the past with other posters, in spite of this being quite difficult and time consuming for a novice. Fortunately you managed to get the job done with the assistance of your neighbour. If you use a dial-up modem then it is likely that your machine got infected while the firewall was down. If you use an ADSL or a cable modem to connect to the Internet then you need to look elsewhere for the cause of this incident. ADSL and cable modems form a hardware firewall that protects your PC very effectively against intruders. While I understand that you prefer positive words from respondents, keeping you in blissful ignorance would be irresponsible. I try to keep my responses factual, and if the facts are not good then I say so. Using encouraging words won't fix your PC but making the right decisions will.
From: Daave on 27 Nov 2009 01:37 The most important thing to do before you do anything else is to make sure all your data is backed up. Perhaps your neighbor can help you do this. If you need guidance, post back. I happen to agree with Pegasus that the most prudent course for you is a Clean Install. Otherwise, you are just taking unnecessary chances. That being said, as a learning opportunity, have a look at this page: http://bertk.mvps.org/html/srfail.html The probabble cause of your inability to run System Restore is the malware changed key settings, causing this situation. Then again, there can be other causes, and they can be found in the Web page referenced above. Skye wrote: > Thanks sooooooooooooooooo much for your time and effort in helping me > sort the problem. With your info and the help of a pal next door, > between us we have managed to get the userinit back into the registry > somehow and now I am up and running again. Ran Spysweeper and > Malwarebytes which found numerous virus', trojans and other errors > which have now been rectified and all seems ok except for the System > Restore, it no longer works. As soon as I access it a message appears > saying I must restart my computer after which the same message > appears again. Any ideas on this one? > >> On Nov 26, 6:42 am, Skye <S...(a)discussions.microsoft.com> wrote: >>> Thanks for your help. I will have to wait until this evening before >>> I have time to follow these instructions but first, when I do get >>> into the C/Windows folder, what will be the advantage as I wouldn't >>> know what to do from here-on-in? >>> -- >>> >>> >>> >>> "Jose" wrote: >>>> On Nov 25, 4:38 pm, Skye <S...(a)discussions.microsoft.com> wrote: >>>>> I have no idea how to create a bootable XP CD >>>>> -- >>> >>>> You can easily make a bootable Recovery Console CD by downloading >>>> an ISO file and burning it to a CD. >>> >>>> This is not the same as bootable XP installation CD, but it may be >>>> all you need to resolve your issue, and it may come in handy some >>>> other day. >>> >>>> See if you can get this much working: >>> >>>> The bootable ISO image file you need to download is called: >>> >>>> xp_rec_con.iso >>> >>>> Download the ISO file from here: >>> >>>> http://www.mediafire.com/?ueyyzfymmig >>> >>>> Use this free and easy program to create your bootable CD: >>> >>>> http://www.imgburn.com/ >>> >>>> It would be a good idea to test your bootable CD on a computer >>>> that is working. >>> >>>> You may need to adjust the computer BIOS settings to use the CD ROM >>>> drive >>>> as the first boot device instead of the hard disk. These >>>> adjustments are >>>> made before Windows tries to load. If you miss it, you will have >>>> to reboot >>>> the system again. >>> >>>> When you boot on the CD, follow the prompts: >>> >>>> Press any key to boot from CD... >>> >>>> The Windows Setup... will proceed. >>> >>>> Press 'R' to enter the Recovery Console. >>> >>>> Select the installation you want to access (usually 1: C:\WINDOWS) >>> >>>> You may be asked to enter the Administrator password (usually >>>> empty). >>> >>>> You should be in the C:\WINDOWS folder. This is the same as the >>>> C:\WINDOWS folder you see in explorer. >>> >>>> . >> >> If you can get that far, and if this issue is the "userinit.exe >> issue", we can replace your userinit.exe if it is missing or >> corrupted. It could be that your scanning software thought the >> userinit.exe was infected and removed it. If you have no >> userinit.exe, you will not be able to login - ever. Maybe it was >> infected and if so, we will replace it. >> >> If sure sounds like it - you login, loading your personal settings, >> then saving your personal settings and back to the login screen, yes? >> >> It is a popular target for malware - fix your system so you can't >> login. Ha-ha! >> >> Another symptom of the userinit.exe infection is the registry may be >> modified to point to another executable instead of userinit.exe and >> the bogus executable was removed by the scan (the scan worked!), but >> the registry is still afflicted and pointing to a file that does not >> exist instead of userinit.exe. If that is the case, we can fool the >> system temporarily to allow you to boot and then fix it properly. >> >> The userinit.exe controls all the logins for all users - regular >> mode, and kind of Safe Mode... This is why "trying" to boot in any >> kind Safe Mode is a waste of time. You can "try" all the Safe Modes >> if you want, but it will never work. You can "try" to login as >> Administrator but that is also a waste of time and even if any of >> that worked, what would you do next? Try some more things? >> >> You can reinstall Windows and all your applications - that will fix >> it for sure but is not very convenient and you don't even have an XP >> installation CD to do that. >> >> You could "try" to repair XP, but you don't have an installation CD >> to do that either. >> >> Is your machine on some network so you can access it from some other >> machine? Probably not for the typical home user. You could "try" to >> get your computer on some network - then what? >> >> You can take your HDD out and put it in another machine and scan it >> there, but why? That is a complicated process if you are not handy >> moving around computer hardware. Plus, that will not replace the >> userinit.exe. If you got it moved, what would you do next? Try some >> more things? >> >> There is too much trying. You need to be doing. >> >> Get your RC disk made and booting, then we can do some things. >> >> While you are waiting, see if you can find a genuine bootable XP >> installation CD (not a manufacturers recovery CD) and make yourself a >> copy and put it with you new bootable RC disc. >> >> .
From: Jose on 27 Nov 2009 14:26
On Nov 26, 5:06 pm, Skye <S...(a)discussions.microsoft.com> wrote: > Thanks sooooooooooooooooo much for your time and effort in helping me sort > the problem. With your info and the help of a pal next door, between us we > have managed to get the userinit back into the registry somehow and now I am > up and running again. Ran Spysweeper and Malwarebytes which found numerous > virus', trojans and other errors which have now been rectified and all seems > ok except for the System Restore, it no longer works. As soon as I access it > a message appears saying I must restart my computer after which the same > message appears again. Any ideas on this one? > -- > > > > "Jose" wrote: > > On Nov 26, 6:42 am, Skye <S...(a)discussions.microsoft.com> wrote: > > > Thanks for your help. I will have to wait until this evening before I have > > > time to follow these instructions but first, when I do get into the C/Windows > > > folder, what will be the advantage as I wouldn't know what to do from > > > here-on-in? > > > -- > > > > "Jose" wrote: > > > > On Nov 25, 4:38 pm, Skye <S...(a)discussions.microsoft.com> wrote: > > > > > I have no idea how to create a bootable XP CD > > > > > -- > > > > > You can easily make a bootable Recovery Console CD by downloading an > > > > ISO file and burning it to a CD. > > > > > This is not the same as bootable XP installation CD, but it may be all > > > > you need to resolve your issue, and it may come in handy some other > > > > day. > > > > > See if you can get this much working: > > > > > The bootable ISO image file you need to download is called: > > > > > xp_rec_con.iso > > > > > Download the ISO file from here: > > > > >http://www.mediafire.com/?ueyyzfymmig > > > > > Use this free and easy program to create your bootable CD: > > > > >http://www.imgburn.com/ > > > > > It would be a good idea to test your bootable CD on a computer that is > > > > working. > > > > > You may need to adjust the computer BIOS settings to use the CD ROM > > > > drive > > > > as the first boot device instead of the hard disk. These adjustments > > > > are > > > > made before Windows tries to load. If you miss it, you will have to > > > > reboot > > > > the system again. > > > > > When you boot on the CD, follow the prompts: > > > > > Press any key to boot from CD... > > > > > The Windows Setup... will proceed. > > > > > Press 'R' to enter the Recovery Console. > > > > > Select the installation you want to access (usually 1: C:\WINDOWS) > > > > > You may be asked to enter the Administrator password (usually empty). > > > > > You should be in the C:\WINDOWS folder. This is the same as the > > > > C:\WINDOWS folder you see in explorer. > > > > > . > > > If you can get that far, and if this issue is the "userinit.exe > > issue", we can replace your userinit.exe if it is missing or > > corrupted. It could be that your scanning software thought the > > userinit.exe was infected and removed it. If you have no > > userinit.exe, you will not be able to login - ever. Maybe it was > > infected and if so, we will replace it. > > > If sure sounds like it - you login, loading your personal settings, > > then saving your personal settings and back to the login screen, yes? > > > It is a popular target for malware - fix your system so you can't > > login. Ha-ha! > > > Another symptom of the userinit.exe infection is the registry may be > > modified to point to another executable instead of userinit.exe and > > the bogus executable was removed by the scan (the scan worked!), but > > the registry is still afflicted and pointing to a file that does not > > exist instead of userinit.exe. If that is the case, we can fool the > > system temporarily to allow you to boot and then fix it properly. > > > The userinit.exe controls all the logins for all users - regular mode, > > and kind of Safe Mode... This is why "trying" to boot in any kind > > Safe Mode is a waste of time. You can "try" all the Safe Modes if you > > want, but it will never work. You can "try" to login as Administrator > > but that is also a waste of time and even if any of that worked, what > > would you do next? Try some more things? > > > You can reinstall Windows and all your applications - that will fix it > > for sure but is not very convenient and you don't even have an XP > > installation CD to do that. > > > You could "try" to repair XP, but you don't have an installation CD to > > do that either. > > > Is your machine on some network so you can access it from some other > > machine? Probably not for the typical home user. You could "try" to > > get your computer on some network - then what? > > > You can take your HDD out and put it in another machine and scan it > > there, but why? That is a complicated process if you are not handy > > moving around computer hardware. Plus, that will not replace the > > userinit.exe. If you got it moved, what would you do next? Try some > > more things? > > > There is too much trying. You need to be doing. > > > Get your RC disk made and booting, then we can do some things. > > > While you are waiting, see if you can find a genuine bootable XP > > installation CD (not a manufacturers recovery CD) and make yourself a > > copy and put it with you new bootable RC disc. > > > . You have to think like malicious software - which is really more annoying that anything else. It will do what it finds fun to keep you from removing it - like keep you from logging it, keep you from loogin in in safe mode, keep popular malware scanners from running (MBAM & SAS), keep you from running regedit, and of course keep you from running System Restore. The world is lucky malicious software is not as malicious as it could be - it is merely an annoyance. Your login issue is well known and easy to fix from Recovery Console which is why I wanted you to make a RC CD in the first place, and don't know if you did or not. It is not difficult and time consuming and my copy/paste directions from having fixed this so many times would have had you running in minutes - after you got the RC going. Then you could run some good scans and clean up the leftovers and anything else. We don't know how you fixed that issue either and maybe you fixed it "right" or had some good luck, but it doesn't matter now. After fixing the userinit issue, you would not want to do a SR anyway because your RPs are probably compromised as well, so you would just reinfect your machine. Do you know if SR has ever worked in the first place or is this the first time you have tried to use it? SR is certainly not a time machine. SR is often the fist thing people try to do and of course it doesn't work after an attack. It is broken and it is broken because the malicious software broke it on purpose. Malicious software breaks things that can be used to detect and remove it. Removal programs sometimes don't fix everything. One you get your machine cleaned up, you should whack all your old RPs and make a new one. Trying to "fix" a broken SR is generally easy, but the best advice is to not count on or try to use any of your old RPs. Reinstalling XP is an option, but to me it is an admission of defeat, losing and giving up. I have never reinstalled XP or needed to - ever. Your SR problem is also well known and likely quite fixable, but the solution will cost you your all of your old (and probably worthless) RPs - why would you want to use them anyway? I certainly would not trust any of them. You would also have to answer a few more questions, and might (but probably not) have to come up with a copy of an XP installation CD that matches your configuration. It is not in my nature to guess at what might could be or have been or suggest things to try that might work. People need specifics to solve these issues, not vague guesses about what it might be. You did not mention SAS but you should run it too. Perform some scans for malicious software first, then fix any remaining issues: Download, install, update and do a full scan with these free malware detection programs: Malwarebytes (MBAM): http://malwarebytes.org/ SUPERAntiSpyware: (SAS): http://www.superantispyware.com/ They can be uninstalled later if desired. Then let us know if you want to fix your SR or do you want to reinstall. |