• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

Virus causing logon - logoff loop

I

ihasvirus

New member
PC boots fine but at log in screen after entering password and beginning to load for about a second, it logs back out and returns to the log in screen. Hence I'm unable to get into windows and run any programs. Same thing also happens if I try to log in as admin or my normal user area in safe mode.

I've tried repairing Windows XP (MCE) from the CD but it didn't change anything.

I was considering re-formatting anyway so I will probably do that, however there's a lot of files on my hard drive that I'd like to keep, so advice on how to get files off the infected drive without infecting anything else would be appreciated. Also, an external drive was plugged in when I got the virus is there any chance that that will be infected?

Someone on another forum posted this link http://www.winxptutor.com/wsaremove.htm and this bit sounded like what was happening to me:

Logon - Logoff loop, also caused by BlazeFind

Another critical symptom caused by this malware: This malware modifies the Userinit area in the registry (replacing the userinit.exe with wsaupdater.exe) and Ad-Aware (with a particular definition update) removes the wsaupdater.exe file from the system, thus causing the Logon - Logoff loop. That is, when you login to Windows, the 'loading personal settings" verbose will appear, but suddenly it will logoff. This issue was documented clearly by Lavasoftusa in it's Lavahelp Knowledgebase.

Here is the solution to the logon - logoff issue in Windows XP.

Enter the Recovery Console

Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)

Type the following command and press Enter.

CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)

COPY USERINIT.EXE WSAUPDATER.EXE

Quit Recovery Console by typing EXIT and restart Windows.

You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.
Click to expand...

Unfortunately after entering the COPY line I got "The system cannot find the file specified."

Any help?
 
You must log in or register to reply here.
Back
Top