Logon - logoff loop

[Guest]

Logon - Log off loop. when you login to Windows, the 'loading personal
settings" verbose will appear, but suddenly it will logoff

After reload ( repair ) XP, I could access once but the problem went back
I reload software again
find out wrong value in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
Name: Userinit
found: C:\WINNT\system32\userinit.exe, %SystemRoot%\iProtect.exe
change to Correct: C:\WINDOWS\system32\userinit.exe
System seens to be working fine

After login and log off the problem went back
Find out that the file c:\winsecure.exe was changing the registry,
Some kind of malware, I think...
deleted file and found in the registry the following line:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: Windows Security Manager value: c:\winsecure.exe


Question: can I delete this "Windows Security Manager" from regitry?

regards

 

[Doug Knox MS-MVP]

I would certainly consider it. You may also want to update your AV Software as well as run AdAware, www.lavasoftusa.com and SpyBot Search and Destroy, www.safer-networking.org.

 

[gupr]

got exactly the same problem as mentioned in the firt paragraf. pleas
help resolve the problem

thanks

*Logon - Log off loop. when you login to Windows, the 'loadin
personal
settings" verbose will appear, but suddenly it will logoff

After reload ( repair ) XP, I could access once but the problem wen
back
I reload software again
find out wrong value in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
Name: Userinit
found: C:\WINNT\system32\userinit.exe, %SystemRoot%\iProtect.exe
change to Correct: C:\WINDOWS\system32\userinit.exe
System seens to be working fine

After login and log off the problem went back
Find out that the file c:\winsecure.exe was changing the registry,
Some kind of malware, I think...
deleted file and found in the registry the following line:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: Windows Security Manager value: c:\winsecure.exe


Question: can I delete this "Windows Security Manager" from regitry?

regards

-
gup

 

[Malke]

got exactly the same problem as mentioned in the firt paragraf. please
help resolve the problem

thanks

Please do not hijack other people's threads, even if you think the
problem is similar. It makes it difficult to give both posters good
advice. In this case, you should follow the advice I'm going to give
Mr. Silva:

Mr. Silva - Not only should you delete the winsecure, which is malware,
you should run through these malware removal steps to make sure your
computer is completely clean. It is crucial to do all steps with
updated tools in Safe Mode.

1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

HijackThis is an excellent tool to discover and disable hijackers, but
it requires expert skill. See below for HijackThis links. A combination
of HijackThis and About:Buster works well in removing the About:Blank
homepage hijacker. Again, this is an expert tool and novices should get
help with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Links to help with malware:

Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners

HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/

General:
http://forum.aumha.org/ - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Malke

 

[splashy]

Well it looks nice, but there is NO WAY I can change anything on the
harddrive because after logon is a logoff,
also in savemode you cannot intercept, it just keeps on going to logon.

The computer has a up to date (16 dec) virusscanner and firewall, ad-aware
and hyjack this.

Help is badly needed Rolphe