Windows XP Unable to Login After Cleaning Out Rogue Antivirus



This article may come in handy if you are out there battling the latest rogue du jour. Occasionally I have been through a cleaning process for these rogues and got to a point where the scanner had run and cleaned things out (whether it was malwarebytes antimalware or superantispyware.) It was time to reboot and the system reboots, starts to load the desktop wallpaper and then…. You see the windows login screen and the words “saving settings” under the username followed by the words “logging out”. You may try again, but it doesn’t even load the desktop icons it just boots you back out to the login screen. If you try safe mode you may get the same behavior (it was in my case), administrator or the typical system user didn’t seem to make a difference. I couldn’t even get to safe mode with the command prompt. No choice but to reinstall right? Wrong….


For this you will need to get access to the registry. Obviously given that this system is problematic we have limited options. If you have been able to access the registry remotely over the network that may work for you, but in my case I have an Ultimate boot CD which includes a Windows live cd environment. One catch with windows live boot cds though is that they need to be made from a working windows system. So, if you don’t already have one in your toolkit, you will need to scrounge your way to a working windows xp system with your windows disk, internet connection and then get your boot cd setup.

You may be able to use a linux boot cd to edit the registry (using wine perhaps as this article suggests.) Although that’s a path I haven’t gone down before… Other than that though I don’t know another way to edit the registry from linux.

Here’s what you will need to check in the registry.

HKeyLocalMachineSoftwareMicrosoftWindows NTCurrentVersionWinlogon

You are looking for the userinit value which should be c:windowssystem32userinit.exe and shell should be explorer.exe

In my case userinit was set to c:windowssystem32winlogon32.exe or some such nonsense. Fixing this restored the ability to login.

However, if it appears set correctly it may be that your copy of userinit.exe is corrupted and you may need to extract it from the windows install disk in recovery console mode…

expand d:i386userinit.ex_ c:windowssystem32userinit.exe

So, if you’re stuck in a windows login logout loop that you just cannot login to windows it automatically logs you back out before you see the desktop the above may solve the problem for you.

Related Posts

Blog Traffic Exchange Related Posts
  • A closer look at x11vnc I've got to say, one of the things I really like about linux are the myriad of options for remotely administering a system. SSH is the one I use the most, but for the graphical you have x (especially on the LAN), nxserver (which is a compressed and optionally encrypted......
  • Zero-day ( 0-day) Microsoft Word exploit There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that's dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit......
  • Disinfecting a PC... part 2 Ok, the last post got a bit long with the hijackthis log, but I wanted to include the whole picture. I put a few comments in, but thought it might be useful to include the notes I took at the time. For starters I leave it unplugged from the network.......
Blog Traffic Exchange Related Websites
  • Fix Windows Registry Error For many people who do not know that their computer has on it, a registry cleaner can be a great idea. Oftentimes, people have computers for a year and two, and then begin to experience slower speeds when they are using it. This is not usually a problem with the......
  • Are You Facing A Debt Crisis? A large number of people are finding that they are facing a debt crisis today.  For some, their debt crisis occurs when they find that their credit limit has been cut and they can no longer charge the items that they need to maintain their quality of life.  Other people......
  • Linux and the Fight for Freedom This is a guest post! If you want to write for us, check out the Guest Post section. Linux users are the freedom fighters of computing. They love their independence, and they’re not going to give that up for anything. Like their counterparts, though, they also need a little structure.......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site