Logon Loop

[barrowhill]

Son's PC infected with virus. All removed except one ....Win32.Delf.uc....
Nothwithstanding this problem, now in perpetual logon loop whereby I can't
get to desktop. Tried everyone's favourite resolution via recovery console
COPY USERINIT.EXE WSAUPDATER.EXE but this failed to work. Any new ideas on
this and how ro renove last virus ????

 

[Elmo]

Son's PC infected with virus. All removed except one .....Win32.Delf.uc....
Nothwithstanding this problem, now in perpetual logon loop whereby I can't
get to Desktop. Tried everyone's favourite resolution via recovery console
COPY USERINIT.EXE WSAUPDATER.EXE but this failed to work. Any new ideas on
this and how to remove last virus?

Burn a couple of these to a CD (using a working machine) and test the
infected machine with them:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

BitDefender seems to work well..

 

[barrowhill]

Elmo,

Thanks. Decided to go with Bit Defender but despite downloading and burning
2008 and 2009 versions they don't create bootable CD's (?). Any specfic
instructions for creating this type of media ? Followed what was stated but
no go. I'll try one of the others

Not sure if I'd be able to log on even if cleaned. ??

 

[barrowhill]

Elmo,

Tried Kapasky with same result. Using Ashamppo Burning Studio 2008 as
CD/DCD burning software. Whatever .ISO I'm downloading doesn't have any Boot
files associated with it nor does it say they are needed or where I can get
them. Don't think 'll waste any more CD's

 

[Jose]

Son's PC infected with virus.  All removed except one  ....Win32.Delf..uc....
Nothwithstanding this problem, now in perpetual logon loop whereby I can't
get to desktop.  Tried everyone's favourite resolution via recovery console
COPY USERINIT.EXE WSAUPDATER.EXE but this failed to work.   Any new ideas on
this and how ro renove last virus   ????

Copying the userinit.exe to wsaupdater.exe is a method to allow
booting if you are afflicted with a certain malware and (even if that
allowed you to boot) is not a solution to that problem. It fixes the
symptom of the problem, which is not being able to login, but the
infestation remains. The point is - even if it "worked", you would
not be done.

How did you boot to get far enough to copy the file?

How did you determine the actual name of the malware?

Here are some reputable scanning programs to start with if you can
still get that machine on the Internet:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

 

[barrowhill]

Jose,

I'd identified virus before issue with logon loop. Was using some
malware/spyware/virus cleaner to try and remove (having researched net
solutions) when came to reboot and lo and behold loop begins. Assume program
used to clean, can't remember which, caused problem.

Your info on malware software useful but obviously can't use as can't get to
desktop to install - logon loop

Having saved son's files, he's decided he like a clean install. Perhaps
that's for the best.

Thanks for

 

[ERA Guy]

Elmo,

Tried Kapasky with same result. Using Ashamppo Burning Studio 2008 as
CD/DCD burning software. Whatever .ISO I'm downloading doesn't have any Boot
files associated with it nor does it say they are needed or where I can get
them. Don't think 'll waste any more CD's

"Elmo" wrote:

I just downloaded the Kaparsky/Trinity Rescue Kit 3.3 image
and it booted fine. You're burning the iso as an image, not
copying the raw file to the CD, right?

 

[barrowhill]

Yes. In both cases I downloaed and saved the .ISO image then burnt the image
to CD. Didn't boot ??

 

[Pegasus [MVP]]

Jose,

I'd identified virus before issue with logon loop. Was using some
malware/spyware/virus cleaner to try and remove (having researched net
solutions) when came to reboot and lo and behold loop begins. Assume
program
used to clean, can't remember which, caused problem.

Your info on malware software useful but obviously can't use as can't get
to
desktop to install - logon loop

Having saved son's files, he's decided he like a clean install. Perhaps
that's for the best.

Thanks for

This is probably your best course of action. Remember also that virus
scanners are here to *prevent* virus infections. They can repair some of the
damage done by viruses but not everything. Trying to fix an infected machine
with a virus scanner is often a waste of time and effort and is likely to
leave you with a compromised machine.

 

[Jose]

Jose,

I'd identified virus before issue with logon loop.  Was using some
malware/spyware/virus cleaner to try and remove (having researched net
solutions) when came to reboot and lo and behold loop begins.  Assume program
used to clean, can't remember which, caused problem.

Your info on malware software useful but obviously can't use as can't getto
desktop to install - logon loop

Having saved son's files, he's decided he like a clean install.  Perhaps
that's for the best.

Thanks for

Perhaps this is the familiar problem on a new computer.

No matter what, you somehow need to be able to boot something like the
XP Recovery Console to get started. Could be the old copy
userinit.exe trick to get you going, then a thorough scan to remove
the malware.

A bootable XP installation CD is the first choice and you would need
that to reformat anyway. Do you have that?

Here is the "official" MS article about that problem and the correct
way to fix it:

http://support.microsoft.com/kb/892893


You can create a bootable CD with just Recovery Console downloading
this:

xp_rec_con.iso

from here: http://www.mediafire.com/?ueyyzfymmig

Then use this free and easy tool to create a bootable CD. Works first
time if you follow the directions:

http://www.imgburn.com/

What to do next depends on which you have that is bootable.

 

[Jose]

Download my userinit fix from herehttp://www.ms-mvp.org/this file works
for SP2 and SP3 only. READ the enclosed instructions. If you have SP1 do not
use this file. If you need any other version then email me using the linkat
the bottom of my webpage. Your issue is caused by a malware infestation.
Once fixed you will need to use my Remove-it software, it will remove that
malware from your system. Choose yes for all options when prompted. Download
it herehttp://www.ms-mvp.org/

--
The Real Truthhttp://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

Oh crap - I forgot about that.

What exactly does it do again? I forget how it works and could not
find the directions.

I also forgot how to use it when the user is unable to login.

 

[Barry Schwarz]

Download my userinit fix from here http://www.ms-mvp.org/ this file works
for SP2 and SP3 only. READ the enclosed instructions. If you have SP1 do not
use this file. If you need any other version then email me using the link at
the bottom of my webpage. Your issue is caused by a malware infestation.
Once fixed you will need to use my Remove-it software, it will remove that
malware from your system. Choose yes for all options when prompted. Download
it here http://www.ms-mvp.org/

This is not the MVP site despite its fake logos.

The correct MVP site is http://www.mvps.org/.

 

[PA Bear [MS MVP]]

What's the "real truth" about pcbutts1? Read on...

.. Is he an MS MVP? No!
cf. http://mvp.support.microsoft.com/communities/mvp.aspx

.. If xxx.ms-mvp.org redirects to xxx.pcbutts1.com, why didn't he post that
link to begin with?

.. Is he a proven thief? Yes!
cf.
http://groups.google.com/group/microsoft.public.security.virus/browse_frm/thread/58e6c02dbc6279ad
cf.
http://msmvps.com/blogs/hostsnews/a..._.-the-saga-continues-_2E00__2E00__2E00_.aspx
cf.
http://groups.google.com/group/microsoft.public.security.homeusers/msg/213247814fb4d61e
cf.
http://groups.google.com/group/microsoft.public.security.homeusers/msg/e19fce884897662f

.. What do real experts have to say about him? It ain't pretty.

http://www.siteadvisor.com/sites/pcbutts1.com (Reviews)

http://www.digg.com/security/PCButts1_Under_Attack

http://www.siteadvisor.com/sites/pcbutts1.com

http://bughunter.it-mate.co.uk/PCBUTTS.TXT

http://www.mywot.com/en/scorecard/pcbutts1.com

http://www.mywot.com/en/scorecard/www.ms-mvp.org

.. Does he have all his marbles?
cf. http://en.wikinews.org/wiki/NASA_van_rolls_off_California_mountain

Ignore this MVP imposter!
--
~Robear Dyer
MS MVP-IE, Mail, Security, Windows Client
https://mvp.support.microsoft.com/default.aspx/profile/robear.dyer

The instructions are included in the zip, had you bothered to download it
you would know that.

<blithersnippage>

 

[Jose]

The instructions are included in the zip, had you bothered to download it
you would know that.

1. Burn the iso file to a cd using the enclosed burncdcc.exe to create a
bootable disk.

2. Boot the computer using the new bootdisk.

3. This bootdisk uses NTFS4Dos follow the prompt and agree to its use.

4. At the A: prompt type R: then press enter.

5. To replace your userinit.exe file type "Replace" (without the quotes) at
the R: prompt and follow the onscreen instructions.

--
The Real Truthhttp://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.






Oh crap - I forgot about that.

What exactly does it do again?  I forget how it works and could not
find the directions.

I also forgot how to use it when the user is unable to login.

My bad - I downloaded the wrong one.

 

[Leythos]

Download my userinit fix from here

You've exposed yourself as the PIRATE/THIEF we all have said you are.

The file you claim to have known about, claim to have submitted to anti-
virus sites, the file named "obatssrsghde.exe" was a marker inserted
into Stuarts batch file you stole from him, it was is a KEY that proves
you're a thief:

For those that don't know, Stuart inserted the obatssrsghde.exe marker
into his batch file to prove, to the community, that PCBUTTS1 / The Real
Truth MVP is actually a lying thief, and PCBUTTS admitted in his own
post that he created the marker and claimed to know what it was - even
claimed to have submitted the malware to anti-virus vendors, but the
joke was on him, Stuart told everyone in the community about it BEFORE
it appeared in PCBUTTS1 download.... There is no actual file named
obatssrsghde.exe in the malware community, it was a ruse.

The key is in the spelling:

obatssrsghde.exe
pcbuttsthief

If you change (add) 1 character to each letter you will see that
"obatssrsghde" is actually the marker "pcbuttsthief" - proving that
PCBUTTS1 is a thief.

Are there other markers - YES, does PCBUTTS1 know about them - know,
they've been there for a long time, but this is the most obvious one.

Face it Chris/PCBUTTS1/TRT, you've exposed yourself in public.

 

[barrowhill]

Jose,

Thanks for additional info; useful for the future. I have, or rather son
has ,original XP CD. HDD reformatted and reloaded. All OK now. Think he
needed this doing just to remove a load of rubbish. Pity it took a virus
for it to be done. Thanks for help

 

[barrowhill]

Gentleman PLEASE.....................

Don't use my post as a means to slag each other off. I had a genuine
problem and seeking help and it's resulted in tirade of abuse. Despite
truth's or otherwise you've all let yourselves down.

 

[Jose]

Jose,

Thanks for additional info; useful for the future.  I have, or rather son
has ,original XP CD.  HDD reformatted and reloaded. All OK now.  Think he
needed  this doing just to remove a load of rubbish.  Pity it took a virus
for it to be done.  Thanks for help

No problemo.

The almost daily and redundant exercise has inspired me to funnel the
process into a single copy/paste (you are lucky I didn't try it on
YOU!). I think we would have gotten it properly in short order
though...

This was most likely malware, so keep up the scanning - those free
ones I recommended are very respectable and I run them alternately a
couple times a week just for the halibut.

Now that you are up and running, what a good opportunity to create a
new and improved bootable XP installation CD with SP3 already slip
streamed in (for safety of course) and/or add RC to your hard disk as
a boot option.

 

[Leythos]

Gentleman PLEASE.....................

Don't use my post as a means to slag each other off. I had a genuine
problem and seeking help and it's resulted in tirade of abuse. Despite
truth's or otherwise you've all let yourselves down.

You can ignore the warning, but, as long as he continues to stalk me in
his posts I will reply as I see fit.

 

[PA Bear [MS MVP]]

The only poster in this thread who is not a gentleman is none other than
pcbutts1 (AKA The Real Truth MVP).

We see it as our duty to protect you and others from his dangerous website
and stolen utilities.