Can't log into Windows XP.

[worldc8804]

I had a virus on my computer called 'Internet Security 2010' which i tried to
remove with 'AVG Free 9.0'. My anti-virus software required a restart in
order to remove all of the virus's. I restarted and now when i try to log
into my profile it logs in for 3 seconds and logs out before I can do
anything. I tried logging into every advanced login option, IE safemode /w
command prompt and all of the other options. I can not log in with
administrator either. I read some things online that said to boot from the
Windows xp CD. I tried this and got a message on the blue screen saying my
computer is infected and it must shut down to prevent further damage. Is
there anyway to bypass the login screen or get to a command prompt to
reformat? PLEASE HELP!@@!!@

-Chris

 

[sandy58]

I had a virus on my computer called 'Internet Security 2010' which i tried to
remove with 'AVG Free 9.0'. My anti-virus software required a restart in
order to remove all of the virus's. I restarted and now when i try to log
into my profile it logs in for 3 seconds and logs out before I can do
anything. I tried logging into every advanced login option, IE safemode /w
command prompt and all of the other options. I can not log in with
administrator either. I read some things online that said to boot from the
Windows xp CD. I tried this and got a message on the blue screen saying my
computer is infected and it must shut down to prevent further damage. Is
there anyway to bypass the login screen or get to a command prompt to
reformat? PLEASE HELP!@@!!@

-Chris

Try tapping F8 during POST to get safe mode .

 

[Elmo]

I had a virus on my computer called 'Internet Security 2010' which i tried to
remove with 'AVG Free 9.0'. My anti-virus software required a restart in
order to remove all of the virus's. I restarted and now when i try to log
into my profile it logs in for 3 seconds and logs out before I can do
anything. I tried logging into every advanced login option, IE safemode/w
command prompt and all of the other options. I can not log in with
administrator either. I read some things online that said to boot from the
Windows xp CD. I tried this and got a message on the blue screen sayingmy
computer is infected and it must shut down to prevent further damage. Is
there anyway to bypass the login screen or get to a command prompt to
reformat? PLEASE HELP!@@!!@

-Chris

Download this Avira Antivir Rescue System program which will burn a CD
image to a blank CD. It's updated a few times per day. Insert the CD
into the damaged machine and let it do a scan of your system. Before
starting the scan, select "Configuration" and set to repair or rename
the infected files. Sometimes your machine won't restart after such a
repair process, so you might want to save needed files to another system
before using this. If you can't, then you can move the hard drive to
another machine to copy needed files. You can do that before, or after
this scan.

http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html

Then run these:

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html

You can try of the CD's mentioned at the following site. BitDefender
was my favorite, but if the infected machine can't connect to the
internet to get updates, Avira comes with current virus definitions.
Also, some of these just won't run on some systems, perhaps because
there's no drivers available for some system devices, motherboard,
graphics card, etc. So try a few of these till you find one that works:

Burn BitDefender, or another program listed at the link below, to a CD
(using a working machine) and test the infected machine with it.
BitDefender also has a Rootkit checker on the Linux Desktop; run it if
you think that's the problem:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Download the executable rather than the .iso image, if one is available,
(though no .exe is available for BitDefender).

After the scan is run, if you elect to quarantine files, they're
quarantined to RAM and lost after you reboot. You'll need to copy any
quarantined files to the hard drive, a thumb drive or elsewhere before
exiting.

 

[worldc8804]

I appreciate the response. I have tried to get in safe mode. When I am in I
am still unable to log into my Admin account and my personal one.

 

[Daave]

I read some
things online that said to boot from the Windows xp CD. I tried this
and got a message on the blue screen saying my computer is infected
and it must shut down to prevent further damage.

You must have done this incorrectly.

Whether you want to boot off the Windows CD or perhaps one of the
bootable CDs Elmo mentioned, you need to first make sure your BIOS is
configured so that the PC will boot off the CD first. Then again, some
PCs (like Dells) allow you to press a key (e.g., F12) immediately after
you power up to access a boot options menu. What is the make and model
of your PC?

Helpful links:

http://michaelstevenstech.com/bios_manufacturer.htm

http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010

http://www.elephantboycomputers.com/page2.html#Removing_Malware

 

[Rob]

I had a virus on my computer called 'Internet Security 2010' which i tried to
remove with 'AVG Free 9.0'. My anti-virus software required a restart in
order to remove all of the virus's. I restarted and now when i try to log
into my profile it logs in for 3 seconds and logs out before I can do
anything. I tried logging into every advanced login option, IE safemode /w
command prompt and all of the other options. I can not log in with
administrator either. I read some things online that said to boot from the
Windows xp CD. I tried this and got a message on the blue screen saying my
computer is infected and it must shut down to prevent further damage. Is
there anyway to bypass the login screen or get to a command prompt to
reformat? PLEASE HELP!@@!!@

-Chris

I solved this problem in two steps:

THIS PART MIGHT NOT EVEN BE NECESSARY: The first thing I did was replace the
userinit.exe in c:/windows/system32 with the one off of one of my winxp pro
cds (I used one with service pack 3). To do this, I went on another computer
and attached the bad system drive to it using an external enclosure and did
stat, run : expand d:/i386/userinit.ex_ e:/windows/system32 where d: is your
cdrom drive and e: is the name of the bad system drive attached as an
external. IThen I renamed the original userinit.exe to userinitold.exe and
named userinit.ex_ to userinit.exe. This process might not be necessary but I
had assumed from the beginning that userinit.exe has been compromised.


This probably was all that actually needed to be done: The problem in my
case is that the a registry entry had been changed by the virus. I used the
Ultimate boot cd for windows to boot into a windows environment and then ran
the remote registry program to edit the registry of the infected file system.
(because you can't login normally, right?)


Under HKLM:
\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
I changed this key to
Userinit=C:\WINDOWS\system32\userinit.exe
it had been changed by the virus to winlogon32.exe or something like that.

Of course there are probably other ways to edit the registry on a system
hard drive without using ultimate boot cd for windows. You could probably
attach the hard drive to another machine with an external enclosure and then
run a program that lets you remotely access the registry to change the
necessary key.

 

[John John - MVP]

I solved this problem in two steps:

THIS PART MIGHT NOT EVEN BE NECESSARY: The first thing I did was replace the
userinit.exe in c:/windows/system32 with the one off of one of my winxp pro
cds (I used one with service pack 3). To do this, I went on another computer
and attached the bad system drive to it using an external enclosure and did
stat, run : expand d:/i386/userinit.ex_ e:/windows/system32 where d: is your
cdrom drive and e: is the name of the bad system drive attached as an
external. IThen I renamed the original userinit.exe to userinitold.exe and
named userinit.ex_ to userinit.exe. This process might not be necessary but I
had assumed from the beginning that userinit.exe has been compromised.


This probably was all that actually needed to be done: The problem in my
case is that the a registry entry had been changed by the virus.

It can be caused by a missing Userinit file but more often than not the
problem with the login loop is caused by an incorrect Winlogon Userinit
registry entry rather than a missing Userinit.exe file.

I used the
Ultimate boot cd for windows to boot into a windows environment and then ran
the remote registry program to edit the registry of the infected file system.
(because you can't login normally, right?)


Under HKLM:
\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
I changed this key to
Userinit=C:\WINDOWS\system32\userinit.exe

Don't forget the comma at the end! The correct Userinit value data
should read:

C:\WINDOWS\system32\userinit.exe,

Of course there are probably other ways to edit the registry on a system
hard drive without using ultimate boot cd for windows. You could probably
attach the hard drive to another machine with an external enclosure and then
run a program that lets you remotely access the registry to change the
necessary key.

No need for special programs, you can edit the remote registry with
Regedit, see here for easy to follow instructions:
http://www.rwin.ch/xp-live/regedit.htm

John

 

[Rob]

Thanks John I added the common too>

Also thanks for the info on the registry. I had complete forgot that it was
indeed stored as files. So in this case Software should be loaded, modified,
and then unloaded

 

[worldc8804]

Thanks for the responses. Elmo I tried using the avira_rescue and it froze at
"Mounting Devices" /dev /fd0 in the very beginning. I think its only for
linux? I looked at a few other posts from Rob and John John and I think i'm
out of my league looking at their posts. Is there a simple way to fix this or
should I concede and pay $150 for a repair shop to fix it. Any suggestions
would be greatly appreciated. Thank you ladies and gents who have posted so
far.

 

[Anna]

I had a virus on my computer called 'Internet Security 2010' which i tried
to
remove with 'AVG Free 9.0'. My anti-virus software required a restart in
order to remove all of the virus's. I restarted and now when i try to log
into my profile it logs in for 3 seconds and logs out before I can do
anything. I tried logging into every advanced login option, IE safemode /w
command prompt and all of the other options. I can not log in with
administrator either. I read some things online that said to boot from the
Windows xp CD. I tried this and got a message on the blue screen saying my
computer is infected and it must shut down to prevent further damage. Is
there anyway to bypass the login screen or get to a command prompt to
reformat? PLEASE HELP!@@!!@

-Chris

(Chris later adds...)

Thanks for the responses. Elmo I tried using the avira_rescue and it froze
at
"Mounting Devices" /dev /fd0 in the very beginning. I think its only for
linux? I looked at a few other posts from Rob and John John and I think
i'm
out of my league looking at their posts. Is there a simple way to fix this
or
should I concede and pay $150 for a repair shop to fix it. Any suggestions
would be greatly appreciated. Thank you ladies and gents who have posted
so
far.

Chris:
Before getting into the more substantive part of my post...a suggestion or
two...
1. It's really helpful to potential responders to know something about the
system involved, e.g., is this an OEM machine? If so, what's the make &
model? If not, is it a desktop machine? Is the XP OS installation CD you're
using a non-branded OEM version or a retail version? Or is it a
recovery/restore type of CD possibly provided by the maker of your machine?
2. It's best not to treat this (or any similar) newsgroup as some sort of
"chatline". Except in the most trivial instances, when you post a message
(as you did in your last message above) it should *not* merely be a
continuation of the problem/issue you've raised without providing pertinent
background info concerning the problem/issue you've originally raised. In
other words it should not be an "orphan" or isolated post responding *only*
to one or another poster who previously responded to your plea for help. As
you will note I've included your original post in this message.

Now to your problem...
1. First of all, in the final line of your original post you raise the
question "or get to a command prompt to reformat?" Are you indicating that
when all is said & done at this point all you're interested in is returning
the system to a bootable, functional state involving a fresh install of the
XP OS? So that at this point-in-time you're not particularly interested in
the possibility of repairing the OS in order to salvage the latter together
with your programs & personal data? Or, on the other hand, you really didn't
mean to use the term "reformat" in that sense? So that your interest
actually *is* in "repairing" the system and salvaging all the data?

2. Have you used the HDD diagnostic utility from the hard drive's
manufacturer to check out the disk? If you haven't done so it would be wise
to do so ASAP.

3. I'll assume the XP OS installation CD you're using is either a
non-branded or retail version. When you boot to that CD can we assume the
"Press any key to boot from CD" or similar message comes up at the beginning
of the boot process? And that the display indicates the string of setup
files are being loaded? So that the "blue screen" you mention displays
*after* those setup files have been apparently loaded?

What we're trying to get at is that are you absolutely sure you are booting
to the XP OS installation CD and not to your problem HDD?

If you see fit, respond to the above and we can go on from here should you
want to.
Anna

 

[Elmo]

Thanks for the responses. Elmo I tried using the avira_rescue and it froze at
"Mounting Devices" /dev /fd0 in the very beginning. I think it's only for
Linux? I looked at a few other posts from Rob and John John and I think I'm
out of my league looking at their posts. Is there a simple way to fix this or
should I concede and pay $150 for a repair shop to fix it? Any suggestions
would be greatly appreciated. Thank you ladies and gents who have posted so
far.

The Knoppix CD runs independent of the hard drive, but should run on
most systems. There can be some pauses at times, but it should
eventually run.

 

[Rob]

What I suggested should not be that difficult to perform so long as you can
find the parts:

You simply need:
1. Another computer such as a friend's
2. Open up your computer and see what type of hard drive you have (either
IDE and SATA) look at pictures on google to tell the difference. There a also
two sizes of hard drives desktop (3.5") and laptop (2.5")
3. Then get an external hard drive enclosure (you can buy this at best buy
for like $20 or fry's electronics). For example tell the guy at the store
that you need a IDE hard drive enclosure for a desktop hard drive.
3. Then remove the hard drive from your computer and attach it to the
enclosure. Then plug it in to the extra computer and then follow the
instructions here http://www.rwin.ch/xp-live/regedit.htm, open the SOFTWARE
file, and replace the key with what I showed you.

Then installl your hard drive and boot up. I doubt a virus removal program
is going to fix this for your. This is a registry issue caused by a virus. Do
what i said, I'm fairly sure that this is the solution