HELP! I still have this problem, the gateway computer has now been down for 5 days and I don't know how to fix it.

Starting XP from boot results in Windows immediately logging off. This process keeps continuing on every attempt, including in Safe mode.

After the logging on, as the user XXX, the screen then simply announces "now saving your settings" and then "logging off xxx" and prompts for a shutdown or restart.

I cannot log on as Administrator either, it will accept NO passwords for admin priveleges (I'm sure that "Admin" was never set up in the first place).

I was running all major spyware, virus, adware and trojan hunters on it. Only minutes before I had completed hours of cleaning up the computer. I am running ZoneAlarm Pro on it.

The only way I am getting this message out is via another computer on our LAN and which can still see most of the others drive.

URGENT help please. I know this is a complex issue (there are hundreds of pages of advice on the net on this kind of problem, possibly involving a trojan, restoring etc but I am bewildered by it all). I must get that machine back up and running however. Where do I start?

Any help welcome and thanks in advance.

gazza :=[

hi gaz,
you might have the sasser worm, try getting the fix from any good anti-virus company.
all the best,
murve

hey gazza,

thats a toughie, could be anything really..

the quick-easy fix would be to boot from your windows xp cd, and run a setup over the top of your current installation (making sure you dont wipe anything.. read everything carefully). this will replace all vital syste, files and keep all your files/programs installed, this works majority of the time but be careful what you choose in the setup

other than that, its something that you'd have to have someone who knows what their doing there and then to have a look at ur comp.. if you are desperate, i would go for what i said above, ive saved many computers using this..

gazza - I responded to one of your earlier posts to say I had a solution but there was no response back from you so I assumed everything was O.K. Can you boot from the XP CD and get to the Recovery Console? If not, the only way is to hook your drive to another computer as a slave and do it from there. Either way the solution is the same. Look at the following thread for the answer. If this doesn't work for you let me know - there may be another way. http://www.computing.net/windowsxp/wwwboard/forum/116408.html

ADI and others, - thankyou. I had to leave the problem for a few days due to other commitments, but I will keep checking in to this page. At present I have moved the hard-drive into this computer and I can see all its contents ok. I'm just not sure what to do next (I didn't see your earlier thread sorry ADI) but I will have a look your link now. I will report back here soon.

Many thanks all.

OK, I'm back. Thanks to all for help.

I read the post 116408 and it all seemed the same. The value in my registry had also been changed to wsaupdater.exe, instead of userinit.exe.

With the drive in another machine, I renamed the Windows\System32 log-on file "userinit.exe" to "wsaupdater.exe". When fitted back in the original computer, log-on and entry was back to normal (as the names matched?).

Then able to access the registry in the troubled machine, I renamed the registry value to "userinit.exe". This of course did not match the system32 filename and the computer did not allow log-on once again. I removed the drive back to the other machine, renamed the system32 file "wsaupdater.exe" back to "userinit.exe", refitted the drive and - bingo!, all booting and logging is now properly executed using the usual username and password.

I just hope I have done all this correctly. Presumably, the virus or trojan that altered the filename in the first place may strike again and repeat the process? I now am operating ZoneAlarm Pro and AdAwareSE.

After all this wasting of time over this problem, including 5 days lost productivity on that computer, I'd like to know what exactly "wsaupdater.exe" got in, and what was its function (aside from locking me out of my computer?).

gazza

I have now found this information as to the original cause of the log-on problem to XP:

http://www.lavasofthelp.com/articles/v6/04/06/0901.html

It all fits with what we did!

It is recommended to replace Adaware Build 181 with the newer SE Edition.

gazza