Windows XP Unable to Login After Cleaning Out Rogue Antivirus



This article may come in handy if you are out there battling the latest rogue du jour. Occasionally I have been through a cleaning process for these rogues and got to a point where the scanner had run and cleaned things out (whether it was malwarebytes antimalware or superantispyware.) It was time to reboot and the system reboots, starts to load the desktop wallpaper and then…. You see the windows login screen and the words “saving settings” under the username followed by the words “logging out”. You may try again, but it doesn’t even load the desktop icons it just boots you back out to the login screen. If you try safe mode you may get the same behavior (it was in my case), administrator or the typical system user didn’t seem to make a difference. I couldn’t even get to safe mode with the command prompt. No choice but to reinstall right? Wrong….


For this you will need to get access to the registry. Obviously given that this system is problematic we have limited options. If you have been able to access the registry remotely over the network that may work for you, but in my case I have an Ultimate boot CD which includes a Windows live cd environment. One catch with windows live boot cds though is that they need to be made from a working windows system. So, if you don’t already have one in your toolkit, you will need to scrounge your way to a working windows xp system with your windows disk, internet connection and then get your boot cd setup.

You may be able to use a linux boot cd to edit the registry (using wine perhaps as this article suggests.) Although that’s a path I haven’t gone down before… Other than that though I don’t know another way to edit the registry from linux.

Here’s what you will need to check in the registry.

HKeyLocalMachineSoftwareMicrosoftWindows NTCurrentVersionWinlogon

You are looking for the userinit value which should be c:windowssystem32userinit.exe and shell should be explorer.exe

In my case userinit was set to c:windowssystem32winlogon32.exe or some such nonsense. Fixing this restored the ability to login.

However, if it appears set correctly it may be that your copy of userinit.exe is corrupted and you may need to extract it from the windows install disk in recovery console mode…

expand d:i386userinit.ex_ c:windowssystem32userinit.exe

So, if you’re stuck in a windows login logout loop that you just cannot login to windows it automatically logs you back out before you see the desktop the above may solve the problem for you.

Related Posts

Blog Traffic Exchange Related Posts
  • Zero-day ( 0-day) Microsoft Word exploit There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that's dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit......
  • How to Remove Windows Smart Security (Removal Guide) Windows Smart Security is a rogue spyware application that may fool people into installing and purchasing due to the use of the words Windows and Security in the title. It may fool people into thinking that it is related to Microsoft Windows and perhaps even a part of the operating......
  • Disinfecting a PC... part 2 Ok, the last post got a bit long with the hijackthis log, but I wanted to include the whole picture. I put a few comments in, but thought it might be useful to include the notes I took at the time. For starters I leave it unplugged from the network.......
Blog Traffic Exchange Related Websites
  • How to Replace a Window Replacing your windows can bring numerous benefits to your home. Not only will they look nicer and add value to your property, but you can also gain significant energy savings. Most new windows are now heat and cold efficient and will greatly reduce the amount of drafts coming in as......
  • Free Registry Cleaner - Safely Scan And Repair Registry Problems If your computer is running slowly and you are limited for funds then using a free trial registry cleaner makes good sense. However, choosing the right one can be a little tricky especially if you have limited knowledge of them. On the other hand, eventually working your way towards a......
  • Linux and the Fight for Freedom This is a guest post! If you want to write for us, check out the Guest Post section. Linux users are the freedom fighters of computing. They love their independence, and they’re not going to give that up for anything. Like their counterparts, though, they also need a little structure.......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site