I’ve just had a problem with an XP machine not letting users log in. It loaded to the user selection screen at which point you can log-in but it only flashed the screen and told you it was saving personal settings and returned to the user selection screen. Booting in safe mode gave the same result. It was impossible to actually get into windows to attempt to fix the problem.
A bit of research pointed towards a malware infection which was unusual in that malware normally wants something from you in the form of advertising revenue, money for dummy spyware removal or personal information. The days of the old Chernobyl viruses which would literally try to take your hardware out appear to be gone. However in this case it looked like malware at work. I found reference to some malware which changed the registry entry for userinit.exe, a key component of the windows startup procedure, pointing it to an alternative, infected process. I therefore needed a way to access the registry to change this entry back to the correct executable.
I needed to change the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Following my experience with the offline password reset in my previous post, I booted up the Ultimate Boot CD and took the following steps:
2. Select the correct partition for your windows installation. The default was correct for my purposes.
3. Type in the path to the registry or press enter for the default which again was correct for my purpose.
4. You will be prompted for the section of the registry you wish to access. The registry is presented as a filesystem through which you can navigate. I our case we need “SOFTWARE”.
5. Select ‘9′ for the Registry Editor.
6. Enter ‘?’ for help will give you a list of commands available. Note that the entries in the registry are case-sensitive.
7. Enter ‘cd Microsoft’.
8. Enter ‘cd Windows NT’.
9. Enter ‘cd CurrentVersion’.
10. Enter ‘cd Winlogon’.
10. Enter ‘dir’. You will see an entry in the output for ‘Userinit’.
11. Enter ‘cat Userinit’ to see what it is currently set to. If it is already set to userinit.exe then your executable is infected and you’ll need to copy over a clean copy from somewhere to fix it. If it is set to another executable then you can continue.
12. Enter ‘ed Userinit’.
13. Enter ‘c:\windows\system32\userinit.exe’.
14. Enter ‘q’ twice. It will ask you to write back any changes. Type ‘y’. Watch the output here because it is possible that it will report a failure because the filesystem is not clean. If it gives you this error you need to reboot from an XP installation disk, run the recovery console and do a ‘chkdsk c: /p’ to mark the drive as clean (it may ask you to reboot in order to run the chkdsk).
15. Restart.
Hopefully you can now get into windows to clean up and garbage which is resident.
0 Responses to “Windows XP Won’t Login, Logs Straight Back Out”
Leave a Reply