|
|
 |
Windows XP or Server 2003 Logon and Logoff Immediately Loop
|
| by Jason Fortner |
|
|
It appears that some spyware and/or malware, BlazeFind is one of them, modify the Userinit area in the registry.
Specifically the userinit.exe is replaced with wsaupdater.exe. If you run Ad-Aware, you will definitely see
this issue with a specific update definition, or a similar program the application will remove the
wsaupdater.exe file from the operating system files. The removal of this file causes the logon and
logoff immediately loop. This problem appears when you login to Windows, the "loading personal settings"
verbose appears but suddenly you will see the logging off message and are returned to login screen.
This issue has been document by Lavasoft in the Lavahelp Knowledgebase.
|
|
|
|
|
The solution for the logon and logoff immediately loop is as follows:
|
|
|
Recovery Console
|
|
|
Enter the Recovery Console from the Windows CD-ROM you used to install the operating system you are
seeing the logon logoff immediately issue on.
|
|
|
Boot the system with the CD-ROM so the blue screen similar to what you see when you initially
install windows appears. In the first screen of the Setup screens press “R” to enter the Recovery
Console. You will need to enter the password of the built-in Administrator account to enter the
console. Once in the console you will see the command prompt that reads C:\Windows (the drive letter
may vary depending on what drive you have installed the operating system on).
|
|
|
Type the following command into the prompt and then press enter.
|
|
|
CD System32 (If this command doesn’t work you can try CHDIR System32)
|
|
|
After you have changed the directory to the System32 directory under the windows directory
type the following command into the prompt and hit enter.
|
|
|
COPY USERINIT.EXE WSAUPDATER.EXE
|
|
|
This will copy the USERINIT.EXE file to the WSAUPDATER.EXE file which is the file that the
Windows registry is currently looking for during the startup process.
|
|
|
You can now quit the Recovery Console by typing EXIT and then restart Windows.
|
|
|
You will be able to login to the machine now without being logged off immediately.
|
|
|
If you are having problems or can’t get to the Recovery Console on the machine you use the
steps described below. If you did not have problems with the above steps please continue
to the "Changing Registry Values" section below.
|
|
|
For those of you that had problems with the above steps you can manually create the copy of
the WSAUPDATER.EXE file in the Windows\System32 directory. First you will need to be able
to connect to the computer that is having problems from another machine. You can do this
through a network or with a cross over cable. Preferably the machine you connect from would
be running the version of windows that is corrupted so you can copy the file from that machine
to the corrupted machine. If the operating system is not the same you will need a copy of the
USERINIT.EXE file to proceed with the following steps.
|
|
|
Make sure the corrupted machine is turned on and at the login screen. Even though you
can’t login the network adapters have still loaded and you will be able to connect to
the hard drives of the corrupted machine. You can connect to the machine using the IP
address or the machine name of the corrupted machine. Simply enter \\<IP Address>\c$
or \\<Computer Name>\c$ into the address bar of the machine you accessing the corrupted
machine from. Again the c$ may vary depending on what hard drive you installed the
Windows operating system on.
|
|
|
Next, we will need to change the USERINIT value in the registry.
|
|
|
Changing Registry Values
|
|
|
Click Start->Run and then type REGEDIT and hit Enter. In the Registry Editor window that appears navigate to:
|
|
|
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ WindowsNT \ CurrentVersion \ Winlogon
|
|
|
In the right-pane, change the value of Userinit to "C:\WINDOWS\System32\userinit.exe,"
|
|
|
Type the above value exactly as it is above including the comma but excluding the quotes.
Also, adjust the path to the userinit.exe file appropriately for how your system is setup.
|
|
|
Close the Registry Editor and restart Windows. Now all of the settings will be back to normal
in the operating system and the problem should be eliminated.
|
|
|
If you are currently not running and spyware or malware remover here is a list of a few good
ones and some other tools that are useful:
|
|
|
http://www.winxptutor.com/antispy.htm
|
|
|
I personally use Lavasoft Ad-Aware and it seems to do a good job.
|