|
|
|
winxp directly logs off ?? |
|---|
| message from Jeroen on 3 Jun 2004 |
Hello,
Just ran Lavasoft adaware to get rid of a blazefind-pest. It noticed it
When rebooted i get my Welcome screen with the two icons for my two
accounts... But when i choose either account it says loading your
preferences (i have it in dutch, so i don't know the exact translation) and
IMMEDIATLY logs off again !!
I can see my wallpaper for two seconds and then it's gone ! Back to the
welcome screen again.
I tried going into safe mode wich gives me the welcome screen again, now
with an extra adminstrator icon but here the systems tries to logon and
logoffs directly ??
What can i do ?
How can i get this adaware out of my startup ? I suppose it cannot start
because it has problems starting adaware....
thanx for your help !!!
Olivier
|
| =?Utf-8?B?bGF2YW4=?= replied to Jeroen on 3 Jun 2004 |
hi,
the following registry key maybe corrupt, you may need to use windows pe or go in through recovery console and then edit the following value
key_local_machine\software\microsoft\windows nt\currentversion\winlogon
need to make sure the userinit key has the following value
"C:\WINDOWS\system32\userinit.exe,"
if it doesn't need to remove what's in there and enter the above without the speech marks.
lavan
|
| =?Utf-8?B?T2xp?= replied to =?Utf-8?B?bGF2YW4=?= on 3 Jun 2004 |
I have exactly the same problem, ran adaware to remove blazefind, it couldn't remove the .dll file, and causes me to log off after about a second. Please can someone post a step by step guide to solving the problem, i.e How do i get to windows PE or the recovery console?
Thanks Oli
|
| =?Utf-8?B?aGk=?= replied to =?Utf-8?B?T2xp?= on 3 Jun 2004 |
you can edit the registry using windows pe, you need to go to the following location download windows pe builder, get onto a working xp system with original cd, run pe builder, this will give you a bootable cd, whack it in the cd, go to run and regedit, this will give you the editor, you should be able to import registry from local machine.
www.nu2.nu/pebuilder/
if you can get a hold of a copy of erd commander it would make life a lot easier as it can directly edit the registry,
sorry for not giving much info, i'll try and figure out pe and let you know.
|
| Jeroen replied to =?Utf-8?B?aGk=?= on 3 Jun 2004 |
i found this post on usenet that exactly describes my problem....
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&safe=off&threadm=12bcf01c411c7%2442432fc0%24a401280a%40phx.gbl&rnum=5&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26safe%3Doff%26q%3Dlogs%2Boff%2Bgroup%253Amicrosoft.public.windowsxp.*
halas, no answers or solution to his problem :-(
This should be easy, but what ? I hate to be forced to format my system just
because of one startup file !
anyone else has possible solutions?
"hi" <anonymous@discussions.microsoft.com> wrote in message
news:DB8E1C63-94BE-4768-9957-C2C40DFBF18D@microsoft.com...
| you can edit the registry using windows pe, you need to go to the
following location download windows pe builder, get onto a working xp system
with original cd, run pe builder, this will give you a bootable cd, whack it
in the cd, go to run and regedit, this will give you the editor, you should
be able to import registry from local machine.
|
| www.nu2.nu/pebuilder/
|
| if you can get a hold of a copy of erd commander it would make life a lot
easier as it can directly edit the registry,
|
| sorry for not giving much info, i'll try and figure out pe and let you
know.
|
| Jeroen replied to Jeroen on 3 Jun 2004 |
A User Logon Request Is Rejected Without Any Messages
http://support.microsoft.com/default.aspx?scid=kb;en-us;313322
BUT: Nooooo..... nothing... :-(((
No it waits about 15 seconds with my wallpaper showing but then logs off
again...
grrrrrrrr....
"Jeroen" <jeroen62@yahoo.com> wrote in message
news:40bf075e$0$28034$a0ced6e1@news.skynet.be...
| Hello,
|
| Just ran Lavasoft adaware to get rid of a blazefind-pest. It noticed it
| couldn't delete a omniscent.dll ? file (don't remeber quite) and asked if
it
| could be run at startup.... I agreed...
| When rebooted i get my Welcome screen with the two icons for my two
| accounts... But when i choose either account it says loading your
| preferences (i have it in dutch, so i don't know the exact translation)
and
| IMMEDIATLY logs off again !!
| I can see my wallpaper for two seconds and then it's gone ! Back to the
| welcome screen again.
|
| I tried going into safe mode wich gives me the welcome screen again, now
| with an extra adminstrator icon but here the systems tries to logon and
| logoffs directly ??
|
| What can i do ?
|
| How can i get this adaware out of my startup ? I suppose it cannot start
| because it has problems starting adaware....
|
| thanx for your help !!!
|
| Olivier
|
| Tim_W replied to Jeroen on 4 Jun 2004 |
I had already tried the repair install with no luck, and could not get
anything to work in the recovery consol, so in a last desperate act I
tried one more search and found your post. I tried the above but I
could not connect to the registry remotly, so I used The Ultimate Boot
CD and it's registry editor and when I went to find the key found that
it already has the correct information. I also tired replacing the
userinit.exe with a known good copy. Still no luck.
|
| =?Utf-8?B?RFRreg==?= replied to Tim_W on 7 Jun 2004 |
I've tried everything....nothing worked. So....I finally borrowed someones Windows XP Pro CD.....installed XP like it was brand new. It found the existing operating system and asked if I wanted to repair or install.....I chose install. Yep....I was desparate at that time....I didn't care if I lost anything or not.
Luckily for me.... I didn't lose anything. I put in the proper CD Product Key - it is on a sticker on the side of my computer..... and after about 40 minutes of "copying files"..... the computer booted up.......JUST LIKE BEFORE!
FINALLY!
"Jeroen" <jeroen62@yahoo.com> wrote in message news:<40bf6ff0$0$8399$a0ced6e1@news.skynet.be>...
I had already tried the repair install with no luck, and could not get
anything to work in the recovery consol, so in a last desperate act I
tried one more search and found your post. I tried the above but I
could not connect to the registry remotly, so I used The Ultimate Boot
CD and it's registry editor and when I went to find the key found that
it already has the correct information. I also tired replacing the
userinit.exe with a known good copy. Still no luck.
|
| Jeroen replied to Jeroen on 4 Jun 2004 |
BLAZEFIND
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[0]=RegKey : windowssaband.winsaband.1
obj[1]=RegKey : windowssaband.winsaband
obj[2]=RegKey : CLSID\{14d2cffe-6656-4bec-8d9e-dde6f2d4eae5}
obj[3]=RegKey : TYPELIB\{0b3569d7-1ea4-4cba-ac13-225902619789}
obj[9]=File : c:\windows\system32\omniband.dll
obj[10]=File : c:\windows\system32\wsaupdater.exe
"Jeroen" <jeroen62@yahoo.com> wrote in message
news:40bf6ff0$0$8399$a0ced6e1@news.skynet.be...
| found this:
|
| I have found that viruses sometimes modify the following key:
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
| NT\CurrentVersion\Winlogon
|
| "Userinit" = "C:\WINNT\system32\userinit.exe,"
|
| and change it to
|
| "Userinit" = "C:\WINNT\system32\<some other virus exe>.exe,"
|
| This will cause the issue that you are having. To fix it, simply
| change it back. Of course you will not be able to do this by logging
| on. You can use another machine (computer A) on the same network (or
| borrow a friends computer to network with A) and use regedit.exe to
| remote connect to the machine with the problem (computer B) and make
| the change that way. Just make sure that the Remote Registry service
| on machine A is running. That same service may have to be running on
| computer B (can't remember) but you can start it using Computer
| Management and remoting from A to B as well. Anyway, that is a bit of
| a different subject and there are many messages regarding that.
|
| I feel sorry for those that have re-built machines because of this
| simple issue .
|
| Hope this helps,
|
| Jeff
|
| "Jeroen" <jeroen62@yahoo.com> wrote in message
| news:40bf075e$0$28034$a0ced6e1@news.skynet.be...
| | Hello,
| |
| | Just ran Lavasoft adaware to get rid of a blazefind-pest. It noticed it
| | couldn't delete a omniscent.dll ? file (don't remeber quite) and asked
if
| it
| | could be run at startup.... I agreed...
| | When rebooted i get my Welcome screen with the two icons for my two
| | accounts... But when i choose either account it says loading your
| | preferences (i have it in dutch, so i don't know the exact translation)
| and
| | IMMEDIATLY logs off again !!
| | I can see my wallpaper for two seconds and then it's gone ! Back to the
| | welcome screen again.
| |
| | I tried going into safe mode wich gives me the welcome screen again, now
| | with an extra adminstrator icon but here the systems tries to logon and
| | logoffs directly ??
| |
| | What can i do ?
| |
| | How can i get this adaware out of my startup ? I suppose it cannot start
| | because it has problems starting adaware....
| |
| | thanx for your help !!!
| |
| | Olivier
|
| Jeroen replied to Jeroen on 4 Jun 2004 |
O K A Y ! ! ! ! ! Found the solution !
My xp "infected" with Blazefind malware -----> "Search Assistant" toolbar
in taskbar appears.
can be disabled but re-appears when windows starts
sorts the quick launch icons alphabetically
changes the view in windows explorer ?
Blazefind changes the following registry-key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon
"Userinit" = "C:\WINNT\system32\userinit.exe,"
in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon
"Userinit" = "C:\WINNT\system32\wsaupdater.exe,"
Used Lavasoft Adaware to get rid of the pest ----> removed blazefind and
with it the wsaupdater.exe
==> next time i tried to logon my computer the system tries to run
wsaupdater.exe which it couldn't find ! FAILED LOGON -> LOGOFF
I first tried to find ways to change the registry from within the recovery
console but i did not succeed (ERD commander will probably work, but since i
wasn't sure that this was the problem i thought it a little bit too
expensive)...
Then i thought of this:
just copy userinit.exe as wsaupdater.exe !! It's as simple as that....
YES!! it works again... and blazefind is gone (it seems.... :-) )
Hope i can help anyone with this because i found a lot of threads
complaining about the same problem...
cheers,
Olivier
"Jeroen" <jeroen62@yahoo.com> wrote in message
news:40bf6ff0$0$8399$a0ced6e1@news.skynet.be...
| found this:
|
| I have found that viruses sometimes modify the following key:
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
| NT\CurrentVersion\Winlogon
|
| "Userinit" = "C:\WINNT\system32\userinit.exe,"
|
| and change it to
|
| "Userinit" = "C:\WINNT\system32\<some other virus exe>.exe,"
|
| This will cause the issue that you are having. To fix it, simply
| change it back. Of course you will not be able to do this by logging
| on. You can use another machine (computer A) on the same network (or
| borrow a friends computer to network with A) and use regedit.exe to
| remote connect to the machine with the problem (computer B) and make
| the change that way. Just make sure that the Remote Registry service
| on machine A is running. That same service may have to be running on
| computer B (can't remember) but you can start it using Computer
| Management and remoting from A to B as well. Anyway, that is a bit of
| a different subject and there are many messages regarding that.
|
| I feel sorry for those that have re-built machines because of this
| simple issue .
|
| Hope this helps,
|
| Jeff
|
| "Jeroen" <jeroen62@yahoo.com> wrote in message
| news:40bf075e$0$28034$a0ced6e1@news.skynet.be...
| | Hello,
| |
| | Just ran Lavasoft adaware to get rid of a blazefind-pest. It noticed it
| | couldn't delete a omniscent.dll ? file (don't remeber quite) and asked
if
| it
| | could be run at startup.... I agreed...
| | When rebooted i get my Welcome screen with the two icons for my two
| | accounts... But when i choose either account it says loading your
| | preferences (i have it in dutch, so i don't know the exact translation)
| and
| | IMMEDIATLY logs off again !!
| | I can see my wallpaper for two seconds and then it's gone ! Back to the
| | welcome screen again.
| |
| | I tried going into safe mode wich gives me the welcome screen again, now
| | with an extra adminstrator icon but here the systems tries to logon and
| | logoffs directly ??
| |
| | What can i do ?
| |
| | How can i get this adaware out of my startup ? I suppose it cannot start
| | because it has problems starting adaware....
| |
| | thanx for your help !!!
| |
| | Olivier
|
|
