New XP Pro Vulnerability or Virus Attack ?

G

Guest

As of two hours ago, I appear to be completely locked out of my XP Pro
laptop. Very scary !!!

I have been desperately trawling the web to try and see if there is any new
virus or trojan that might have caused this. I found this thread via Google,
and was hoping that folks here might be able to shed some light on my current
predicament...

Currently I cannot log in as either my normal user (with admin rights) or as
Guest
In both cases, after choosing either user (and entering password for normal
account) XP says loading personal settings. A few seconds later the desktop
image for the account flashes up BUT then I get logged out again almost
immediately, and am then returned to the login menu.

Other symptoms appear to be that boot from CD is now disabled

Have tried logging on in SAFE mode - but same problem

Has anyone ANY idea of what might be causing this ?

I have been using this laptop (Sony PCG-Z1GP) for about 18 months without
any problems.
Am still using originally installed XP Pro, and have systematically
installed all XP security patches up to BUT excluding latest SP2
Have been running Norton Systemworks2004 with all virus fingerprint patches.
And even ran full scan earlier tonight.
This showed up a few Low risk Adware programs - nothing unusual, as I have
encountered similar files before

It may not be relevant, but in the last 48 hours I have installed the
following software:
RealPlayer 10 - as recommended from BBC Radio site
TotalRecorder v4.x - and registered it online
Agilix GoBinder 2005 - demo version, which I have not even had the chance to
run yet

Sorry for the length of this message, BUT due to data held on my laptop I am
desperate for any possible help or suggestions.

Many thanks,
Andrew
 
C

Carey Frisch [MVP]

How to Perform a Windows XP Repair Install
http://www.michaelstevenstech.com/XPrepairinstall.htm

[Courtesy of MS-MVP Michael Stevens]

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

-----------------------------------------------------------------------------------------

:

| As of two hours ago, I appear to be completely locked out of my XP Pro
| laptop. Very scary !!!
|
| I have been desperately trawling the web to try and see if there is any new
| virus or trojan that might have caused this. I found this thread via Google,
| and was hoping that folks here might be able to shed some light on my current
| predicament...
|
| Currently I cannot log in as either my normal user (with admin rights) or as
| Guest
| In both cases, after choosing either user (and entering password for normal
| account) XP says loading personal settings. A few seconds later the desktop
| image for the account flashes up BUT then I get logged out again almost
| immediately, and am then returned to the login menu.
|
| Other symptoms appear to be that boot from CD is now disabled
|
| Have tried logging on in SAFE mode - but same problem
|
| Has anyone ANY idea of what might be causing this ?
|
| I have been using this laptop (Sony PCG-Z1GP) for about 18 months without
| any problems.
| Am still using originally installed XP Pro, and have systematically
| installed all XP security patches up to BUT excluding latest SP2
| Have been running Norton Systemworks2004 with all virus fingerprint patches.
| And even ran full scan earlier tonight.
| This showed up a few Low risk Adware programs - nothing unusual, as I have
| encountered similar files before
|
| It may not be relevant, but in the last 48 hours I have installed the
| following software:
| RealPlayer 10 - as recommended from BBC Radio site
| TotalRecorder v4.x - and registered it online
| Agilix GoBinder 2005 - demo version, which I have not even had the chance to
| run yet
|
| Sorry for the length of this message, BUT due to data held on my laptop I am
| desperate for any possible help or suggestions.
|
| Many thanks,
| Andrew
 
G

Guest

Within the past 24 hours, I have corrected this issue both on Windows XP and
Windows Server 2003.
Both involved the value of the HKLM\software\microsoft\windows
nt\currentversion\winlogon
Userinit = C:\windows\system32\userinit.exe
That is the correct value.
Incorrect: Anything else, unless you installed Windows into another directory.
http://www.kellys-korner-xp.com/xp_wel_screen.htm
That site offers advice.

But, basically you have two choices.
First, make a copy of the userinit.exe file and rename it wsaupdater.
Copy it to c:\windows\system32 overwriting the existing wsaupdater file.
Wsaupdater may not exist, as some spyware-removal programs delete this file
as a result of scanning.
The other way to fix it.
If PC accessible via the network, remotely connect to registry.
Enter the correct value of the previously mentioned key:
HKLM\software\microsoft\windows nt\currentversion\winlogon
Userinit = C:\windows\system32\userinit.exe
That is the correct value.

Or, place the hard drive into another PC. (PC must be running 2k or XP)
Open regedit on good PC, highlight HKeyLocalMachine.
Choose registry - load hive. Browse to following directory on bad PC hard
drive:
C:\windows\system32\config
Highlight SOFTWARE (no file extension).
Open.
Give it an arbitrary name and it will appear in the regedit tree.
Browse again to the userinit value and enter the problem data:
C:\windows\system32\userinit.exe

Close regedit and place hard drive back into original PC.

Good luck.

Joe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

New ransomware attack hits Europe 3
Windows 10 Edge Attack 5
Recovering from virus attack 1
Virus Attack 1
New Zero Day IE vulnerability 0
Urgent! Virus Attack 18
Virus Attack 6
DCOM vulnerability 1

Top