problems with my session | can't get in

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

hi over there, I've deleted some viruses from my pc, but after rebooting it
won't let me log into my session. I have no password set, I hear the "log in"
music as soon as i click on my session, and immediately it plays the "log
out" one, and it keeps displaing the "blue page" with my icon session.
HEEEELP! If there's nothing I can really do, please let me know: if I
reinstall the whole Windows XP, I will loose all my files and work? hope not.
let me know, thanx.

sorry for the bad bad english :)
 
This sounds like it might be caused by the removal of the wsaupdater.exe.
A piece of spyware replaces the C:\Windows\system32\userinit.exe file with
a file called wsaupdater.exe. It then modifies the registry so that when
you logon the wsaupdater.exe file is executed. After removing the spyware,
(via Adaware, SpyBot S&D, or another spyware detection tool), the
wsaupdater.exe is removed, but the registry still points to it and tries to
execute it during login.

The best procedure to correct this is:

1. Boot into recovery console. More info can be found at
http://support.microsoft.com/default.aspx?scid=KB;EN-US;307654

2. Navigate to the c:\windows\system32 folder and type (without the
quotes) "copy userinit.exe wsaupdater.exe". This will trick the system
into booting by copying the legitimate XP userinit.exe file to the
wsaupdater.exe file and allow the system to boot.

3. Reboot the system and logon.

4. Open regedit (from start->run type regedit)

5. Navigate to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon and modify the value of Userinit to
C:\WINDOWS\system32\userinit.exe

6. Next in Windows Explorer delete the c:\windows\system32\wsaupdater.exe
file.

At this point your system will be stable and allow you to logon
consistently. However, I would recommend following the guidlines in this
article
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BLAZEFI
ND.A to ensure the system is completely cleaned up.

Best regards,
Blane Clark


This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
(C) 2003 Microsoft Corporation. All rights reserved
 
Reboot the system into safe mode, go into the control
panel, then set up your accounts ( you should set up an
administrator and user account).
 
Blane,
thank you very much, everything worked out great, thank you so much! keep on
the good work, you saved my life.

cheers*
alan :)
 
This is the right solution for this issues; however, the only thing I would
like to add ist that the new variation of the viruse actually delete the
regiestry file for Userinit.exe. As result, you might have to create a new
"string value" called "Userinit", and then point it to the
"C:\Windows\system32\userinit.exe" folder.
 
I am experiencing the same issues with my pc. I am hoping your solution will
be as successful for me as it was for macumbalove. Before I give it a try,
would you suggest anything different for the media center edition of XP or is
it the same as you described?
 
Blane,

I have the same issues as macumbalove. Before I take your suggested steps,
would you do anything different for XP Media Center Edition or is it the same
fix?

Many Thanks!
 
Lumpy, I wouldn't do anything different.

Lumpy said:
Blane,

I have the same issues as macumbalove. Before I take your suggested steps,
would you do anything different for XP Media Center Edition or is it the same
fix?

Many Thanks!
Click to expand...
 
Back
Top