XP will NOT let me logon

built myself
May 1, 2006 at 07:52:23
Specs: Windows XP pro SP2, P4 2.8ghz with 2 gigs of
I have a very "special" problem on my hands. Yesterday, I came back from my house to my dorm room and got on my computer. I checked an e-mail from tickle.com and soon after I started experiencing some problems. I checked my task manager and had a lot of files running that I had never seen before. I terminated all the ones I could and then ran msconfig to make sure they wouldn't start back up. The rest of the files that were running could not be deleted or terminated. So I booted into safe mode with command prompt and deleted all the files that I could. So I reboot the computer and now when I type in my password at the login screen, it logs me in and IMMEDIATELY logs me out. It doesn't matter if I use the admin account or anything. I've also tried booting into EVERY safe mode, last known good configuration, debugging, EVERYTHING! I cannot log into my computer. Anybody have any ideas? ANYTHING would be appreciated.

See More: XP will NOT let me logon

Report •


#1
May 1, 2006 at 07:57:44
Can you get into the Administrator account that is at the Logon screen for the Safe-Mode ??

Report •

#2
May 1, 2006 at 08:05:19
Another thought...I inferred from your post that by leaving the PC in the dorm when you "went home," you knowly or unknowly allowed anyone to use it, correct?

i_XpUser


Report •

#3
May 1, 2006 at 08:22:13
No, the administrator account cannot be logged onto, either. And I had my computer locked the entire weekend and nobody knows the password, to my knowledge. My roomate is also my best friend for most of my life so I trust him.

Report •

Related Solutions

#4
May 1, 2006 at 08:26:41
Ok but who else beside Gasper the friendly Ghost added "a lot of files running that I had never seen before." Something doesn't sound right. Just rememnber all PC are dumb & lifeless without user interactions.

i_XpUser


Report •

#5
May 1, 2006 at 08:28:28
Refer to my first post where I said I checked an e-mail from a stupid site. From then on, my computer started running sluggishly and then I checked the task manager and noticed those files.

Report •

#6
May 1, 2006 at 08:30:48
Reading email (without clicking on any attachedlinks) does no harm. Alright, I'm bowing out on this one. Wishing you the best of luck ...

Good day.

i_XpUser


Report •

#7
Report •

#8
May 1, 2006 at 08:34:20
Oh, I did click on an attached link because I knew who the e-mail was from and it seemed legit. From the attached site I tried to go do a different site and my internet explorer closed out. That's when I knew that bad stuff was going on. Any help will be appreciated!

Report •

#9
May 1, 2006 at 08:38:26
This was a common problem when removing malware from PC’s. There is a registry key that may need repaired.

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Currentversion\Winlogon

UserInit=c:\windows\system32\???????.exe,

Should be:

UserInit=c:\windows\system32\userinit.exe,

(the comma is supposed to be there)

You will need to use something like ERD commander to access the system and check this key.

Or use a command line registry editor like:

http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/RegistryTips/Commandshell/XPcommandlineregistrytool.html

To check the key.


Report •

#10
May 1, 2006 at 08:50:40
What if that file got deleted?

Report •

#11
May 1, 2006 at 08:54:44
And is there any way I can download that ERD commander for free instead of paying? Give me a little bit more help, I've never had to deal with a problem of this magnitude.

Report •

#12
May 1, 2006 at 09:00:47
And is there any way I can access the registry without being logged on? I really don't know what to do.

Report •

#13
May 1, 2006 at 09:07:51
Usually what happens is malware will place its file name in the registry key in place of userinit.exe.

If the malware file is deleted and the key is not fixed it will cause the logon\logoff that you are having.

If userinit.exe was deleted from c:\windows\system32 then you would need to replace the file with the proper version.

There should be a copy in c:\windows\servicepackfiles\i386


Report •

#14
May 1, 2006 at 09:10:24
Alright, but what I'm asking is how can I copy the file from c:\windows\servicepackfiles\i386 to c:\windows\system32 without being able to use my command prompt or do anything? I don't know how to make/use these bootable CDs with ERD or the BartPE or UBCD4win or anything.

Report •

#15
May 1, 2006 at 09:25:07
Boot from your windows XP disk.

Press R at the frist prompt to enter the recover console.


Report •

#16
May 1, 2006 at 09:26:07
And then just copy the file from servicepackfiles to system32?

Report •

#17
May 1, 2006 at 10:15:14
I would like to thank you SO MUCH johns3! It works! THANK YOU!

Report •

#18
May 1, 2006 at 10:20:49
Before doing a reinstall, make sure you have read/write access to the %systemroot%.

You could also do a parallel install and change the permissions that way, if thats the problem.


Report •


Ask Question