| | |
|
|
|
| rello replied to Old Boozer on 07 Jun 2004 |
you could use knoppix 3.3 [linux based cd boot OS]...[free] to move
your data off your primary partition to another HD or usb
device....then format HD and reload winxp...once this sort of stuff
happens XP is a real pig to fix..usually easier to trash it and start
over
relloman
|
| Gregg Cattanach replied to rello on 07 Jun 2004 |
http://support.microsoft.com/default.aspx?scid=kb;en-us;318018&Product=winxp
Actually it was far easier to fix it (by copying userinit.exe to
wsaupdater.exe from the recovery console) than to trash XP. It worked just
fine as that was the only thing wrong with the system. After that, I could
get booted up and fix the registry entry manually.
No need to burn the house down just because there are some cobwebs in the
corner.
Gregg C .
|
| Locke Nash Cole replied to Gregg Cattanach on 07 Jun 2004 |
Gregg,
Congrats on getting it up and going again... Interesting that one of the
spyware tools probably did this to your system, it probably saw that a piece
of spyware attached itself to winlogon or something simular and tried to
remove it but broke your system in the process... If you used Spybot or
Ad-Aware it'd be nice if you could look at the log and notify them if this
did infact happen.
-L
"Gregg Cattanach" <gcattanach-SKIP-@prodigy.net> wrote in message
news:7BZwc.2155$EY3.1649@newssvr15.news.prodigy.com...
http://support.microsoft.com/default.aspx?scid=kb;en-us;318018&Product=winxp
|
| Gregg Cattanach replied to Locke Nash Cole on 08 Jun 2004 |
It's pretty clear to me that Ad-Aware sees the file wsaupdater.exe as an
element of the blazefind spyware and deletes it (which is the correct
process 99.9% of the time). It just doesn't recognize that blazefind has
also modified the registry to point my Winlogon entry to this wsaupdater.exe
instead of userinit.exe. Thus it can't log on.
It really is irritating to me that just by visiting a website my regsitry
can be modified at this 'deep' level without Windows even notifying me that
something is trying to do this.
Gregg C.
|
| Bart Bailey replied to Gregg Cattanach on 08 Jun 2004 |
You could remove the culprit subroutine [mshtml.dll] but then your IE
wouldn't work and you would have to get a safe alternative browser.
|
| Gregg Cattanach replied to Bart Bailey on 08 Jun 2004 |
But how many legitimate processes (as far as viewing web pages goes) need to
make entries or changes to the registry at all?
Gregg C.
|
| Bart Bailey replied to Gregg Cattanach on 08 Jun 2004 |
on Tue, 08 Jun 2004 17:15:33 GMT, Gregg Cattanach wrote:
AFAIK none, at least not with my browser (Opera).
The microsoft html rendering engine I referred to has some exploitable
features that can wreak all sorts of "entertainment" on your machine.
|
| Jim Berwick replied to Gregg Cattanach on 08 Jun 2004 |
NONE!
|
| roger replied to Gregg Cattanach on 08 Jun 2004 |
Hi,
You could use Ad watch, from lavasoft, which locks the registry.
HTH
|
| Jay replied to Gregg Cattanach on 8 Jun 2004 |
Gregg,
This look similair to the problem I have when I installed Ad-Aware on
my fiends PC. Can you tell me how you have corrected the problem. I
really do not know XP that well. I would appreciate it because I have
the same log off thing going on with her E-machine.
Thanks.
|
| Locke Nash Cole replied to Jay on 09 Jun 2004 |
You should not fix it this way however, you could correct the registry entry
to simply point to the REAL windows executable, and delete the fake one.
-L
"Gregg Cattanach" <gcattanach-SKIP-@prodigy.net> wrote in message
news:yyFxc.289$Pt.184@newssvr19.news.prodigy.com...
|
| Gregg Cattanach replied to Locke Nash Cole on 10 Jun 2004 |
You must do the fix I listed FIRST, in order to get your system to boot up.
You can't fix the registry if you can't boot up. THEN you can manually
correct your registry to point to userinit.exe and delete wsaupdate.exe.
Gregg C.
|
| roger replied to Jay on 08 Jun 2004 |
Hi,
"Blazefind changes the following registry-key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon
"Userinit" = "C:\WINNT\system32\userinit.exe,"
in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon
"Userinit" = "C:\WINNT\system32\wsaupdater.exe,"
Used Lavasoft Adaware to get rid of the pest ----> removed blazefind
and
with it the wsaupdater.exe
==> next time i tried to logon my computer the system tries to run
wsaupdater.exe which it couldn't find ! FAILED LOGON -> LOGOFF
I first tried to find ways to change the registry from within the
recovery console but i did not succeed (ERD commander will probably
work, but since i wasn't sure that this was the problem i thought it a
little bit too expensive)...
Then i thought of this:
just copy userinit.exe as wsaupdater.exe !! It's as simple as that....
YES!! it works again... and blazefind is gone (it seems.... :-) )"
Using the recovery console employ the command
copy C:\Windows\System32\userinit.exe
C:\Windows\System32\wsaupdater.exe
(this is one line separated by a space, supposing the partition where
windows is installed is C, and supposing blazefind caused this)
Good luck
|
| Jay replied to roger on 9 Jun 2004 |
Thanks I will see what I can do when I go back over there.
|
| roger replied to Jay on 09 Jun 2004 |
You're welcome.
Hope it works, good luck.
|
|
Archived message: Re: Stuck in logoff loop (Microsoft Win XP)
