winxp directly logs off ??

  • Thread starter Thread starter Jeroen
  • Start date Start date
J

Jeroen

Hello,

Just ran Lavasoft adaware to get rid of a blazefind-pest. It noticed it
couldn't delete a omniscent.dll ? file (don't remeber quite) and asked if it
could be run at startup.... I agreed...
When rebooted i get my Welcome screen with the two icons for my two
accounts... But when i choose either account it says loading your
preferences (i have it in dutch, so i don't know the exact translation) and
IMMEDIATLY logs off again !!
I can see my wallpaper for two seconds and then it's gone ! Back to the
welcome screen again.

I tried going into safe mode wich gives me the welcome screen again, now
with an extra adminstrator icon but here the systems tries to logon and
logoffs directly ??

What can i do ?

How can i get this adaware out of my startup ? I suppose it cannot start
because it has problems starting adaware....

thanx for your help !!!

Olivier
 
hi

the following registry key maybe corrupt, you may need to use windows pe or go in through recovery console and then edit the following valu

key_local_machine\software\microsoft\windows nt\currentversion\winlogo
need to make sure the userinit key has the following valu

"C:\WINDOWS\system32\userinit.exe,

if it doesn't need to remove what's in there and enter the above without the speech marks

lava
 
I have exactly the same problem, ran adaware to remove blazefind, it couldn't remove the .dll file, and causes me to log off after about a second. Please can someone post a step by step guide to solving the problem, i.e How do i get to windows PE or the recovery console?

Thanks Oli
 
you can edit the registry using windows pe, you need to go to the following location download windows pe builder, get onto a working xp system with original cd, run pe builder, this will give you a bootable cd, whack it in the cd, go to run and regedit, this will give you the editor, you should be able to import registry from local machine

www.nu2.nu/pebuilder

if you can get a hold of a copy of erd commander it would make life a lot easier as it can directly edit the registry

sorry for not giving much info, i'll try and figure out pe and let you know.
 
thanx for your quick answer... will try it...

i found this post on usenet that exactly describes my problem....

http://groups.google.com/groups?hl=...logs+off+group%3Amicrosoft.public.windowsxp.*

halas, no answers or solution to his problem :-(
This should be easy, but what ? I hate to be forced to format my system just
because of one startup file !

anyone else has possible solutions?


============================================================================
=======

| you can edit the registry using windows pe, you need to go to the
following location download windows pe builder, get onto a working xp system
with original cd, run pe builder, this will give you a bootable cd, whack it
in the cd, go to run and regedit, this will give you the editor, you should
be able to import registry from local machine.
|
| www.nu2.nu/pebuilder/
|
| if you can get a hold of a copy of erd commander it would make life a lot
easier as it can directly edit the registry,
|
| sorry for not giving much info, i'll try and figure out pe and let you
know.
 
Some other threads of people who have the same problem, unfortunately
without answer:

http://groups.google.com/[email protected]&rnum=10

http://groups.google.com/groups?hl=...q=logs+off+group%3Amicrosoft.public.windowsxp

help!!




| Hello,
|
| Just ran Lavasoft adaware to get rid of a blazefind-pest. It noticed it
| couldn't delete a omniscent.dll ? file (don't remeber quite) and asked if
it
| could be run at startup.... I agreed...
| When rebooted i get my Welcome screen with the two icons for my two
| accounts... But when i choose either account it says loading your
| preferences (i have it in dutch, so i don't know the exact translation)
and
| IMMEDIATLY logs off again !!
| I can see my wallpaper for two seconds and then it's gone ! Back to the
| welcome screen again.
|
| I tried going into safe mode wich gives me the welcome screen again, now
| with an extra adminstrator icon but here the systems tries to logon and
| logoffs directly ??
|
| What can i do ?
|
| How can i get this adaware out of my startup ? I suppose it cannot start
| because it has problems starting adaware....
|
| thanx for your help !!!
|
| Olivier
|
|
 
I have already tried to replace msgina.dll by the one provided on the
windows xp cd-rom like explained in the following article:

A User Logon Request Is Rejected Without Any Messages
http://support.microsoft.com/default.aspx?scid=kb;en-us;313322


BUT: Nooooo..... nothing... :-(((

No it waits about 15 seconds with my wallpaper showing but then logs off
again...

grrrrrrrr....





| Hello,
|
| Just ran Lavasoft adaware to get rid of a blazefind-pest. It noticed it
| couldn't delete a omniscent.dll ? file (don't remeber quite) and asked if
it
| could be run at startup.... I agreed...
| When rebooted i get my Welcome screen with the two icons for my two
| accounts... But when i choose either account it says loading your
| preferences (i have it in dutch, so i don't know the exact translation)
and
| IMMEDIATLY logs off again !!
| I can see my wallpaper for two seconds and then it's gone ! Back to the
| welcome screen again.
|
| I tried going into safe mode wich gives me the welcome screen again, now
| with an extra adminstrator icon but here the systems tries to logon and
| logoffs directly ??
|
| What can i do ?
|
| How can i get this adaware out of my startup ? I suppose it cannot start
| because it has problems starting adaware....
|
| thanx for your help !!!
|
| Olivier
|
|
 
found this:

I have found that viruses sometimes modify the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon

"Userinit" = "C:\WINNT\system32\userinit.exe,"

and change it to

"Userinit" = "C:\WINNT\system32\<some other virus exe>.exe,"

This will cause the issue that you are having. To fix it, simply
change it back. Of course you will not be able to do this by logging
on. You can use another machine (computer A) on the same network (or
borrow a friends computer to network with A) and use regedit.exe to
remote connect to the machine with the problem (computer B) and make
the change that way. Just make sure that the Remote Registry service
on machine A is running. That same service may have to be running on
computer B (can't remember) but you can start it using Computer
Management and remoting from A to B as well. Anyway, that is a bit of
a different subject and there are many messages regarding that.

I feel sorry for those that have re-built machines because of this
simple issue .

Hope this helps,

Jeff




| Hello,
|
| Just ran Lavasoft adaware to get rid of a blazefind-pest. It noticed it
| couldn't delete a omniscent.dll ? file (don't remeber quite) and asked if
it
| could be run at startup.... I agreed...
| When rebooted i get my Welcome screen with the two icons for my two
| accounts... But when i choose either account it says loading your
| preferences (i have it in dutch, so i don't know the exact translation)
and
| IMMEDIATLY logs off again !!
| I can see my wallpaper for two seconds and then it's gone ! Back to the
| welcome screen again.
|
| I tried going into safe mode wich gives me the welcome screen again, now
| with an extra adminstrator icon but here the systems tries to logon and
| logoffs directly ??
|
| What can i do ?
|
| How can i get this adaware out of my startup ? I suppose it cannot start
| because it has problems starting adaware....
|
| thanx for your help !!!
|
| Olivier
|
|
 
O K A Y ! ! ! ! ! Found the solution !

Yes, i found it myself.. Here's what's happening:

My xp "infected" with Blazefind malware -----> "Search Assistant" toolbar
in taskbar appears.


can be disabled but re-appears when windows starts

sorts the quick launch icons alphabetically

changes the view in windows explorer ?

Blazefind changes the following registry-key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon
"Userinit" = "C:\WINNT\system32\userinit.exe,"

in

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon
"Userinit" = "C:\WINNT\system32\wsaupdater.exe,"



Used Lavasoft Adaware to get rid of the pest ----> removed blazefind and
with it the wsaupdater.exe

==> next time i tried to logon my computer the system tries to run
wsaupdater.exe which it couldn't find ! FAILED LOGON -> LOGOFF

I first tried to find ways to change the registry from within the recovery
console but i did not succeed (ERD commander will probably work, but since i
wasn't sure that this was the problem i thought it a little bit too
expensive)...
Then i thought of this:

just copy userinit.exe as wsaupdater.exe !! It's as simple as that....

YES!! it works again... and blazefind is gone (it seems.... :-) )


Hope i can help anyone with this because i found a lot of threads
complaining about the same problem...

cheers,

Olivier



============================================================================
======
| found this:
|
| I have found that viruses sometimes modify the following key:
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
| NT\CurrentVersion\Winlogon
|
| "Userinit" = "C:\WINNT\system32\userinit.exe,"
|
| and change it to
|
| "Userinit" = "C:\WINNT\system32\<some other virus exe>.exe,"
|
| This will cause the issue that you are having. To fix it, simply
| change it back. Of course you will not be able to do this by logging
| on. You can use another machine (computer A) on the same network (or
| borrow a friends computer to network with A) and use regedit.exe to
| remote connect to the machine with the problem (computer B) and make
| the change that way. Just make sure that the Remote Registry service
| on machine A is running. That same service may have to be running on
| computer B (can't remember) but you can start it using Computer
| Management and remoting from A to B as well. Anyway, that is a bit of
| a different subject and there are many messages regarding that.
|
| I feel sorry for those that have re-built machines because of this
| simple issue .
|
| Hope this helps,
|
| Jeff
|
|
|
|
| | | Hello,
| |
| | Just ran Lavasoft adaware to get rid of a blazefind-pest. It noticed it
| | couldn't delete a omniscent.dll ? file (don't remeber quite) and asked
if
| it
| | could be run at startup.... I agreed...
| | When rebooted i get my Welcome screen with the two icons for my two
| | accounts... But when i choose either account it says loading your
| | preferences (i have it in dutch, so i don't know the exact translation)
| and
| | IMMEDIATLY logs off again !!
| | I can see my wallpaper for two seconds and then it's gone ! Back to the
| | welcome screen again.
| |
| | I tried going into safe mode wich gives me the welcome screen again, now
| | with an extra adminstrator icon but here the systems tries to logon and
| | logoffs directly ??
| |
| | What can i do ?
| |
| | How can i get this adaware out of my startup ? I suppose it cannot start
| | because it has problems starting adaware....
| |
| | thanx for your help !!!
| |
| | Olivier
| |
| |
|
|
|
 
This is what adaware reported in its logfile:

BLAZEFIND
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : windowssaband.winsaband.1
obj[1]=RegKey : windowssaband.winsaband
obj[2]=RegKey : CLSID\{14d2cffe-6656-4bec-8d9e-dde6f2d4eae5}
obj[3]=RegKey : TYPELIB\{0b3569d7-1ea4-4cba-ac13-225902619789}
obj[9]=File : c:\windows\system32\omniband.dll
obj[10]=File : c:\windows\system32\wsaupdater.exe


============================================================================
===
| found this:
|
| I have found that viruses sometimes modify the following key:
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
| NT\CurrentVersion\Winlogon
|
| "Userinit" = "C:\WINNT\system32\userinit.exe,"
|
| and change it to
|
| "Userinit" = "C:\WINNT\system32\<some other virus exe>.exe,"
|
| This will cause the issue that you are having. To fix it, simply
| change it back. Of course you will not be able to do this by logging
| on. You can use another machine (computer A) on the same network (or
| borrow a friends computer to network with A) and use regedit.exe to
| remote connect to the machine with the problem (computer B) and make
| the change that way. Just make sure that the Remote Registry service
| on machine A is running. That same service may have to be running on
| computer B (can't remember) but you can start it using Computer
| Management and remoting from A to B as well. Anyway, that is a bit of
| a different subject and there are many messages regarding that.
|
| I feel sorry for those that have re-built machines because of this
| simple issue .
|
| Hope this helps,
|
| Jeff
|
|
|
|
| | | Hello,
| |
| | Just ran Lavasoft adaware to get rid of a blazefind-pest. It noticed it
| | couldn't delete a omniscent.dll ? file (don't remeber quite) and asked
if
| it
| | could be run at startup.... I agreed...
| | When rebooted i get my Welcome screen with the two icons for my two
| | accounts... But when i choose either account it says loading your
| | preferences (i have it in dutch, so i don't know the exact translation)
| and
| | IMMEDIATLY logs off again !!
| | I can see my wallpaper for two seconds and then it's gone ! Back to the
| | welcome screen again.
| |
| | I tried going into safe mode wich gives me the welcome screen again, now
| | with an extra adminstrator icon but here the systems tries to logon and
| | logoffs directly ??
| |
| | What can i do ?
| |
| | How can i get this adaware out of my startup ? I suppose it cannot start
| | because it has problems starting adaware....
| |
| | thanx for your help !!!
| |
| | Olivier
| |
| |
|
|
|
 
Jeroen said:
found this:

I have found that viruses sometimes modify the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon

"Userinit" = "C:\WINNT\system32\userinit.exe,"

and change it to

"Userinit" = "C:\WINNT\system32\<some other virus exe>.exe,"

This will cause the issue that you are having. To fix it, simply
change it back. Of course you will not be able to do this by logging
on. You can use another machine (computer A) on the same network (or
borrow a friends computer to network with A) and use regedit.exe to
remote connect to the machine with the problem (computer B) and make
the change that way. Just make sure that the Remote Registry service
on machine A is running. That same service may have to be running on
computer B (can't remember) but you can start it using Computer
Management and remoting from A to B as well. Anyway, that is a bit of
a different subject and there are many messages regarding that.

I feel sorry for those that have re-built machines because of this
simple issue .

Hope this helps,

Jeff
Click to expand...

I had already tried the repair install with no luck, and could not get
anything to work in the recovery consol, so in a last desperate act I
tried one more search and found your post. I tried the above but I
could not connect to the registry remotly, so I used The Ultimate Boot
CD and it's registry editor and when I went to find the key found that
it already has the correct information. I also tired replacing the
userinit.exe with a known good copy. Still no luck.
 
I've tried everything....nothing worked. So....I finally borrowed someones Windows XP Pro CD.....installed XP like it was brand new. It found the existing operating system and asked if I wanted to repair or install.....I chose install. Yep....I was desparate at that time....I didn't care if I lost anything or not.

Luckily for me.... I didn't lose anything. I put in the proper CD Product Key - it is on a sticker on the side of my computer..... and after about 40 minutes of "copying files"..... the computer booted up.......JUST LIKE BEFORE!

My icons were there! My data was there! After that....all I did was get on the internet....and had to reactivate my XP....

FINALLY



Jeroen said:
found this
change it back. Of course you will not be able to do this by loggin
on. You can use another machine (computer A) on the same network (o
borrow a friends computer to network with A) and use regedit.exe t
remote connect to the machine with the problem (computer B) and mak
the change that way. Just make sure that the Remote Registry servic
on machine A is running. That same service may have to be running o
computer B (can't remember) but you can start it using Compute
Management and remoting from A to B as well. Anyway, that is a bit o
a different subject and there are many messages regarding that
Click to expand...

I had already tried the repair install with no luck, and could not ge
anything to work in the recovery consol, so in a last desperate act
tried one more search and found your post. I tried the above but
could not connect to the registry remotly, so I used The Ultimate Boo
CD and it's registry editor and when I went to find the key found tha
it already has the correct information. I also tired replacing th
userinit.exe with a known good copy. Still no luck
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

looping to login screen 3
User immediatly logs off after entering username and password 7
XP boots but won't show desktop items then logs out 2
XP Immediately logs me off 2
Problem Logging in to XP 1
MSGina or Winlogon.exe {ie LOGON PHASE} Failure=( 1
Another startup problem 6
Windows XP startup just runs, does not progress... Please help? 3

Back
Top