Cant get into Windows
#1
Team Owner
Thread Starter
Cant get into Windows
Caught Internet Security 2010 spyware. Ran updated version of Spybot. When i go to log in to XP i get logged off right away. Same thing in safe mode. Posting from phone now
#6
Chapter Leader (Southern Region)
You have a log in log off loop. Spybot probably deleted an infected registry file which put you into this loop. You have to insert the windows boot disk and repair the login files. I had this happen to me after being infected by virtuomonde. After repairing the files, boot into safe mode and install Avast! & MBAM.. run updated MBAM first.. then Avast!
I had Norton at the time of my infection and it didn't detect anything, worthless AV protection. I tried manually removing the bad registry entries and related files after finding the files through housecall & spybot but they would repopulate after restarting. Nasty malware.. GL.
I had Norton at the time of my infection and it didn't detect anything, worthless AV protection. I tried manually removing the bad registry entries and related files after finding the files through housecall & spybot but they would repopulate after restarting. Nasty malware.. GL.
Last edited by Majofo; 01-18-2010 at 10:04 AM.
#7
The sizzle in the Steak
![PC](https://acurazine.com/forums/images/smilies/pc.gif)
Trending Topics
#8
Chapter Leader (Southern Region)
http://thinkinginpixels.com/quick-fixes/fix-windows-xp-log-onlog-off-loop/
^ Very thorough tutorial to getting you back & running.
^ Very thorough tutorial to getting you back & running.
#10
Go Giants
You're screwed..
#12
Former Whiner
#14
Team Owner
I had a PC doing this. I ended up booting with BartPE, copying the data to an external hard drive, and reinstalling the OS.
#15
Chapter Leader (Southern Region)
http://thinkinginpixels.com/quick-fixes/fix-windows-xp-log-onlog-off-loop/
^ Very thorough tutorial to getting you back & running.
^ Very thorough tutorial to getting you back & running.
#18
Chapter Leader (Southern Region)
![hide](https://acurazine.com/forums/images/smilies/hide.gif)
Part 1 – Let’s start off easy
First, let’s try booting into Safe Mode.
You can get to Safe Mode by booting up the computer and hitting the F8 key on your keyboard after your computer manufacturer’s logo disappears. (e.g., Dell, HP, etc.) Normally, the tip I give to most people is just to start tapping the F8 key over and over after the logo goes away until a menu pops up. [At this point, if you have a wireless keyboard, make sure it has fresh batteries/charge, or switch to a wired keyboard if you are having issues.]
Select Safe Mode from the menu that comes up using the arrow keys, and then press Enter.A bunch of stuff will come up. Don’t worry about that. It’s just Windows listing files it’s loading. After a bit, you should be able to get to a place where you can log in.
NOTE: IF A BLUE SCREEN COMES UP AT THIS POINT OR YOUR SYSTEM REBOOTS/SHOWS A LIST OF FILES, THEN PLEASE SKIP THIS PAGE AND GO HERE. MORE AND MORE PEOPLE HAVE BEEN HAVING THIS ISSUE, AND I HAVE YET TO FIND THE ROOT CAUSE.
At this point, one of two things will happen:
- If it logs you back out, we know that the system is a bit more corrupted than usual.
- If you’re lucky enough to get logged in, we know that something is preventing Windows from starting up with everything loaded. (Normal mode)
- Your computer was most likely infected by spyware or a virus/trojan/worm.
- A spyware scanner such as Spybot: Search & Destroy wasn’t updated correctly and was detecting false positives because of this.
- A false positive is when a virus or spyware scanner finds something that it thought was a problem, but it really wasn’t. When it tried to fix it, your system got screwed up.
- A virus scanner such as Norton, AVast! or AVG found a false positive and tried to remove it.
- A virus or a piece of spyware detected that it was being removed and tried to save itself by infecting your system in another way.
Now, were you able to log in or not?
Yes:Go to the page that says “Cleanup time!”
No: Turn off the computer. Continue on to the next page.
Part 2 – Finding your Service Pack
[If you know for a fact that Windows has been updating itself recently, then you can skip this page completely and assume you have Service Pack 3]
Now, I’m going to have you boot into Safe Mode again, (yes, again) but this time you’re going to try and pay attention to something.
After all those files load up, (all that text appears on the screen) a black screen should load with white lettering in the four corners and a mouse cursor. One of the corners will say Service Pack X where X is either 1, 2 or 3. You’ll need that number later. If you miss the text, that’s OK! You can try and login (yeah, I know it won’t work) to make the blue Welcome screen go away for just a bit so you can get another glimpse at the writing. Also, you can always restart the computer and try again.
If you cannot find the Service Pack number AND YOU ARE SURE Windows has been updating itself properly, let’s assume you have SP3.
IMPORTANT NOTE: If you have recently used a Restore or Recovery Disc that came with your computer to try and get it functioning again, please ignore the Service Pack number you were just looking for (or found/assumed) and use the Service Pack number that is noted on the Restore/Recovery Disc. If your disc says SP1a, then you have SP1.
If you look ALL OVER and you cannot find a Service Pack (SP) number, then you may have an RTM version of XP. (aka, no Service Pack at all) Note it down as Service Pack 0! (that’s the number zero)
If you are having issues with this step, or see something completely different and you don’t know how to proceed, please contact me (see the first page) so I can edit this part accordingly. Thanks!
![](http://thinkinginpixels.com/wp-includes/images/smilies/icon_smile.gif)
After you find out your Service Pack, write down the number somewhere and continue onto the next page.
Part 3 – Setting your computer to boot to CDs/DVDs
You’re going to need to set the computer that is not working to check for CDs/DVDs first. [If you know for a fact that your computer boots to CDs/DVDs first already, then you can skip this page completely] You’ll need to enter your computer’s BIOS (Basic Input Output System) in order to set this up. Don’t worry about changing it back after you’ve fixed up your machine. It’s not going to affect anything. [At this point, if you have a wireless keyboard, make sure it has fresh batteries/charge, or switch to a wired keyboard if you are having issues.]
As your computer boots up, you’ll see your computer manufacturer’s logo. (e.g., Dell, HP, eMachines, ASUS, Sony Vaio, Compaq, etc.) Look in all four corners of the screen and near the bottom for an option called Setup, Enter Setup, Enter BIOS, or Enter BIOS Setup. Near these words will be a key to press, such as Delete (Del), F1, F2, F3, Escape (ESC) or F10. If you do not see these words, try a different key every time you boot up until you get the right one. I would recommend starting with Delete (Del) first. One pushed, it will bring you to a DOS-like screen where you can change some important system information.
Some BIOS’ will have their main categories organized in tabs (across the top in blue) which you’ll need to use left and right to navigate through. Others use a vertical menu on the left. Still others use a page-like interface. Look around on the screen for help if you need it.
You’re interested in options that look like Boot, Boot Options, Boot Priority, Boot Sequence, or Boot Order. Use the arrow keys to move around and Enter to confirm things or bring up more menus.
Is your CD/DVD Drive or Optical Drive (may be the make/model of the drive) at the top of the list?
Yes: Turn off your computer and go to the next page.
![](http://thinkinginpixels.com/wp-includes/images/smilies/icon_smile.gif)
No: Continue on this page for just a bit longer.
Once you get to it, make sure that your CD/DVD Drive or Optical Drive (may be the make/model of the drive) is listed at the top. Some BIOS’ require that you press a certain key to move the CD/DVD drive to the top, such as u. Read the onscreen directions carefully.
Once done, most BIOS’ will allow you to save your changes by pressing F10. If yours is different and you don’t know where to go, press the Escape (ESC) key to back out one screen. Some BIOS’ at this point may ask you to save changes for that part of the BIOS. Save it and use the arrow keys to find your way to Exit. When it asks, Save Changes.
If all went well, the computer should reboot. Boot into Safe Mode. When you get to the login screen, pop open your computer’s CD/DVD tray and shut down your computer via the normal menus.
We’re going to leave your computer alone for a while. Go to the next page.
Part 4 – Burning some CDs/DVDs
THIS PAGE REQUIRES YOU TO DOWNLOAD A DECENT AMOUNT OF DATA. (205MB) IF YOU DO NOT HAVE A HIGH SPEED INTERNET CONNECTION, THEN YOU MAY WANT TO GO TO A PLACE WHERE THERE IS ONE AVAILABLE, LIKE A FRIEND’S HOUSE OR A STARBUCKS.
So now it’s time to start fixing your system. We’re going to need some tools though. We’ll need to burn 2 CDs. (or DVDs if you don’t have any blank CDs. DO NOT USE CD-RWs OR DVD-RWs.) You should get a marker to label the CDs/DVDs so you don’t get them confused.
A file that ends with the extension .iso is a special kind of file. .iso files are like .zip files, but with special information that helps a CD/DVD burning program make CDs/DVDs you may burn bootable, etc. If you unzip an .iso file you download, you’ll ruin it. You can use CDBurnerXP, ImgBurn, or Active ISO Burner to burn the .iso file (also known as a CD/DVD image) you downloaded. When downloading Active ISO Burner, you can just get the middle one on the left side of the page. If you’re not going to use Active ISO Burner, make sure to use something along the lines of CD/DVD image burning in your CD/DVD burning program and NOT data burning! Please make sure to burn it at a slow speed (4x) to get the best results with even the most picky drives. Again, please leave the file in .iso form. Do NOT unzip it or anything like that.
If you’re having trouble burning or booting any of the CDs/DVDs I mention, please try booting them off of the machine you’re currently running first. (Make sure to set the BIOS accordingly.) If you’re still having issues, find a friend who can burn and test these CDs/DVDs for you. Either your batch of blank CDs/DVDs may be bad, or your CD/DVD burner is going.
Now, onto the CD burning!
- Download this file. (Save it, do not open it.) (If you’re running XP, don’t worry about it being a Vista Recovery Disc.)
- Burn the .iso to a blank CD/DVD using one of the programs I recommended above.
- Put the CD/DVD into the open CD/DVD tray of the computer that is still off.
- Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptops won’t)
- The CD/DVD should spin up and boot.
Yes: Good! This should mean that this CD/DVD is burnt correctly!
![](http://thinkinginpixels.com/wp-includes/images/smilies/icon_biggrin.gif)
No: You’re going to have to delete the .iso file you downloaded and redownload it and reburn a new CD/DVD.
If you’re having trouble burning or booting any of the CDs/DVDs I mention, please try booting them off of the machine you’re currently running first. (Make sure to set the BIOS accordingly.) If you’re still having issues, find a friend who can burn and test these CDs/DVDs for you. Either your batch of blank CDs/DVDs may be bad, or your CD/DVD burner is going.
- Download this file. (Save it, do not open it.)
- Burn the .iso to a blank CD/DVD using one of the programs I recommended above.
- Put the CD/DVD into the CD/DVD tray of the computer that you just used to burn the CD/DVD.
Yes: Good! This means that this CD/DVD is burnt correctly!
![](http://thinkinginpixels.com/wp-includes/images/smilies/icon_biggrin.gif)
No: You’re going to have to delete the .iso file you downloaded and redownload it and reburn a new CD/DVD. If you’re having trouble burning or booting any of the CDs/DVDs I mention, please try booting them off of the machine you’re currently running first. (Make sure to set the BIOS accordingly.) If you’re still having issues, find a friend who can burn and test these CDs/DVDs for you. Either your batch of blank CDs/DVDs may be bad, or your CD/DVD burner is going.
Congrats!
![](http://thinkinginpixels.com/wp-includes/images/smilies/icon_biggrin.gif)
![](http://thinkinginpixels.com/wp-includes/images/smilies/icon_biggrin.gif)
Part 5 – Run the Discs!
- Put the Vista Recovery Disc CD/DVD into the open CD/DVD tray of the computer that is still off.
- Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptops won’t)
- The CD/DVD should spin up and boot.
- Press any key at the prompt as it says. [At this point, if you have a wireless keyboard, make sure it has fresh batteries/charge, or switch to a wired keyboard if you are having issues.]
- Some files will load. (some machines may take up to 25 minutes to load!)
- You’ll be brought to a colorful screen with a cursor.
[If you get any strange errors at this point, please shut down your machine by holding down the power button for at least 5 seconds and try booting it up with the disc again.] - Wait (at most 5-10 minutes on very old systems) until a window appears.
- After the window appears, click Next.
- Click Repair your computer on the bottom left.
- Click Next on the small window that appears. (Don’t worry about it not detecting XP.)
- Click Command Prompt on the window that appears.
- Take the Vista Recovery Disc CD/DVD out and put the Save Me v1.55.0 CD/DVD in your CD/DVD drive.
[If you are having issues with this, try downloading and unzipping this .zip file, taking the files that were in it and putting them onto a USB flash drive. (making sure that you can see a file called "saveme" or "saveme.bat" in the root of the drive) Then, put the USB flash drive into the computer. SOME PEOPLE MAY NEED TO REBOOT THE VISTA RECOVERY DISC TO HAVE IT SEE THE USB FLASH DRIVE.] - Try typing D:\saveme, E:\saveme or F:\saveme to start up the recovery process.
- Follow the directions in the Command Prompt window.
Yes!: Please go on to the next page!
![](http://thinkinginpixels.com/wp-includes/images/smilies/icon_smile.gif)
Still No!: Please contact me. (see the first page)
Part 6 – Cleanup time!
You’re in! Congrats! I would STRONGLY recommend you scan for spyware and viruses. (keep reading)
DO NOT BOOT INTO NORMAL MODE YET OR ELSE THE SPYWARE/VIRUSES (if present) COULD CAUSE MORE PROBLEMS!
You may be able to go into Safe Mode with Networking to access the Internet and download files that can clean your machine that way, however, I would recommend downloading the utilities listed below from another computer and putting them on a CD. Do not use a USB flash drive as that may become infected. Try and keep the infected computer off the Internet or your home network as long as possible. Not rebooting will also keep the virus/spyware at bay because it may want to undo some things each time you reboot.
PLEASE, IF YOU VALUE
YOUR COMPUTER AND
EVERYTHING ON IT,
BACKUP YOUR DATA
AND
HAVE A BACKUP PLAN
SO YOU DO NOT HAVE
TO SCRAMBLE
LIKE THIS AGAIN!
Also, please consider donating!
![](http://thinkinginpixels.com/wp-includes/images/smilies/icon_smile.gif)
First, do the following:
- Click Start
- Click My Computer
- Select the Tools menu
- Click Folder Options at the top
- Select the View tab
- Under the Hidden files and folders heading, select Show hidden files and folders
- Uncheck the Hide protected operating system files (recommended) option
- Click Yes on the warning dialog that pops up
- Uncheck the Hide file extensions for known file types option
- Click Apply
- Click OK
![](http://thinkinginpixels.com/wp-includes/images/smilies/icon_smile.gif)
PLEASE REMEMBER TO UPDATE
THESE SCANNERS BEFORE
SCANNING!
YOU NEED TO USE ALL THE
PROGRAMS ON THIS PAGE!
- AVast! Antivirus
- Can be installed/run under Safe Mode
- Choose to run a Boot time scan
- Choose to Restart later
- Update AVast!’s defintions
- Reboot into Safe Mode to run the boot time scan
- If you have an antivirus scanner already, don’t use it anymore. Use AVast!. You can uninstall your old antivirus program when you get back into Normal mode.
- Once you run AVast! Antivirus’ boot time scan, if it says you’ve been infected by Win32:Vitro, THERE IS NOTHING YOU CAN DO TO RESTORE YOUR SYSTEM TO A USABLE STATE WITHOUT REFORMATTING AND REINSTALLING. Backup your data and reformat the drive pronto. PLEASE MAKE SURE TO SCAN YOUR BACKUP AS WELL ON A CLEAN SYSTEM TO PREVENT REINFECTION.
- Mozilla Firefox
- Can be installed/run under Safe Mode
- Please use this to browse the Internet from now on!
- Spybot – Search & Destroy
- Can be installed/run under Safe Mode
- Do not select TeaTimer during installation
- Do not select “Download updates” during installation
- Close Spybot – Search & Destroy
- Update the detection rules
- Before installing: (if you have a version on your machine already)
- Open Spybot – Search & Destroy
- Undo all Immunization
- Close Spybot – Search & Destroy
- Remove it via Add/Remove Programs in the Control Panel
- Restart the computer as it says, but go back into Safe Mode
- Delete the following folders: (it is OK if some do not exist)
- C:\Program Files\Spybot – Search & Destroy
- C:\Program Files\TeaTimer
- C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy
- C:\Documents and Settings\All Users\Application Data\TeaTimer
- Once your machine is clean enough to get back into Normal mode, you’ll need to take note of this special procedure again for updating Spybot. You’ll need to uninstall it and reinstall it, as installing it under Normal mode will provide extra protection.
- After you’re back in Normal mode and have uninstalled, cleaned up (see above) and then reinstalled Spybot, remember to update it and do another scan with it to take out anything else.
- Malwarebytes’ Anti-Malware
- Can be installed/run under Safe Mode
- Update the program
- Do a Full Scan
- Windows Malicious Software Removal Tool
- Can be installed/run under Safe Mode
- Do a Full Scan
- SpywareBlaster
- Can be installed/run under Safe Mode
- Before installing: (if you have a version on your machine already)
- Open SpywareBlaster
- Disable all Protection
- Close SpywareBlaster
- Remove it via Add/Remove Programs in the Control Panel
- Bazooka Adware and Spyware Scanner
- Can be installed/run under Safe Mode
- If you’re running Windows Vista, you’ll see two false positives. Ignore them.
- Update the program
- Do a scan
- Windows Defender
- This program needs to be installed in Normal mode. YOU CANNOT INSTALL THIS UNDER SAFE MODE.
- Update the program
- Do a Full Scan
- COMODO Firewall
- Can be installed/run under Safe Mode
- Do not install the COMODO Antivirus, as the software program below will take care of viruses
- You do not need COMODO SafeSurf
- Do the Spyware Scan
- SUPERAntiSpyware
- This program needs to be installed in Normal mode. YOU CANNOT INSTALL THIS UNDER SAFE MODE.
- Update the program
- Do a Full Scan
- Ad-Aware
- This program needs to be installed in Normal mode. YOU CANNOT INSTALL THIS UNDER SAFE MODE.
- Update the program
- Do a Full Scan
AFTER YOUR MACHINE IS
CLEAN, REMEMBER TO
UPDATE TO XP SP3 IF
YOU DID NOT HAVE IT!
Some of the main things I’ve found that causes this loop:
- People don’t uninstall old version(s) of Spybot: Search & Destroy when installing a new version
- People uninstall the old version, but they don’t get rid of the Spybot/TeaTimer folders in C:\Program Files
- People uninstall the old version, but they don’t get rid of the Spybot folders in C:\Documents and Settings\All Users\Application Data (I don’t think you really need to get rid of this, but I do just to have a full uninstall)
- People don’t know when a new version of Spybot: Search & Destroy is available (no notification in updater, no auto-updater, etc.) Always check before doing a scan!
- People are still using Internet Explorer (IE) to browse the Internet without adequate protection.
- People are heavily infected with spyware and viruses without knowing it.
#20
Drifting
iTrader: (1)
At a glance, the nitty gritty here is the same but the guide looks to be for Vista. In XP, you don't choose repair on the first screen. You must go through the setup like you are installing windows and a few screens in, it detects your existing install and asks if you would like to repair it and you pick that.
#21
Chapter Leader (Southern Region)
At a glance, the nitty gritty here is the same but the guide looks to be for Vista. In XP, you don't choose repair on the first screen. You must go through the setup like you are installing windows and a few screens in, it detects your existing install and asks if you would like to repair it and you pick that.
![Tomato](https://acurazine.com/forums/images/smilies/tomato.gif)
I can't wait to get 7 running.. I just don't want to reinstall all my programs.
![ugh](https://acurazine.com/forums/images/smilies/ugh.gif)
#22
Sanest Florida Man
#25
Chapter Leader (Southern Region)
![Thumbs Up](https://acurazine.com/forums/images/smilies/thumbsup.gif)
#26
I just fixed this exact problem...
On a PC here at work. Once I did this it logged in, AVG popped up and cleaned whatever program it was and now it seems to be fine. I'm running some more scans now to make sure...
http://www.geekstogo.com/forum/Windo...ff-t15771.html
Post #9
Had a chance to read up on this issue and I suspect I know why this is happening, but fixing it is a bit of a problem because we need to know what the bad file it.
The most common cause of this right now, is running a malware detection progam that deletes a file, but the registry still points at it. This, wsaupdater.exe, seems to be the most widely seen culprit, but it could potentially be other things, too.
Let's test it out.
Boot using your winxp cd.
Enter recovery console.
at the command prompt go to
C:/windows/system32
next type:
Dir *.exe
If you find, it, type
copy userinit.exe wsaupdater.exe
Exit and reboot normally. You should now be able to logon.
Run regedit
Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
In the right pane, you should see
C:\WINDOWS\System32\wsaupdater.exe,
^This file was different for me...just look for the C:\WINDOWS\System32 and change whatever extension it is now to userinit.exe
Change it so that it reads:
C:\WINDOWS\System32\userinit.exe
^This file was different for me though...just look for the C:\WINDOWS\System32 and change whatever extension
That should solve the problem, if the malware was the one that caused the issue.
The scary thing is since more malware programs are inserting themselves into the winlogon key, this is going to be a moving target.
The most common cause of this right now, is running a malware detection progam that deletes a file, but the registry still points at it. This, wsaupdater.exe, seems to be the most widely seen culprit, but it could potentially be other things, too.
Let's test it out.
Boot using your winxp cd.
Enter recovery console.
at the command prompt go to
C:/windows/system32
next type:
Dir *.exe
If you find, it, type
copy userinit.exe wsaupdater.exe
Exit and reboot normally. You should now be able to logon.
Run regedit
Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
In the right pane, you should see
C:\WINDOWS\System32\wsaupdater.exe,
^This file was different for me...just look for the C:\WINDOWS\System32 and change whatever extension it is now to userinit.exe
Change it so that it reads:
C:\WINDOWS\System32\userinit.exe
^This file was different for me though...just look for the C:\WINDOWS\System32 and change whatever extension
That should solve the problem, if the malware was the one that caused the issue.
The scary thing is since more malware programs are inserting themselves into the winlogon key, this is going to be a moving target.
http://www.geekstogo.com/forum/Windo...ff-t15771.html
Post #9
Last edited by Scottman111; 01-19-2010 at 10:04 AM.
#27
^ I'm surprised that this worked since that article is 4 years old.
Sweet
![Pimp](https://acurazine.com/forums/images/smilies/pimp.gif)
#29
Team Owner
Thread Starter
At a glance, the nitty gritty here is the same but the guide looks to be for Vista. In XP, you don't choose repair on the first screen. You must go through the setup like you are installing windows and a few screens in, it detects your existing install and asks if you would like to repair it and you pick that.
On a PC here at work. Once I did this it logged in, AVG popped up and cleaned whatever program it was and now it seems to be fine. I'm running some more scans now to make sure...
http://www.geekstogo.com/forum/Windo...ff-t15771.html
Post #9
http://www.geekstogo.com/forum/Windo...ff-t15771.html
Post #9
![Smile](https://acurazine.com/forums/images/smilies/smile.gif)
Thread
Thread Starter
Forum
Replies
Last Post
xsilverhawkx
2G TL Problems & Fixes
5
09-28-2015 06:51 PM
AcuraKidd
Non-Automotive & Motorcycle Sales
0
09-25-2015 11:18 PM