CAMERA HOUSE Posted January 13, 2011 Report Share Posted January 13, 2011 I have a pc with Windows Xp professional. One day morning when I started it gone up to users screen when I click on user it says 'loading your personal setting' and next second it goes to 'logging off' next 'saving settings' and gone back to log in screen. After that I click any user it does the same. has anybody got any solution???? Quote Link to comment Share on other sites More sharing options...
drconservative Posted January 13, 2011 Report Share Posted January 13, 2011 Camera House It sounds like you have a Trojan Hourse Virus and it may have changed the setting in your registry. If you can get into safe mode and run Regedit you will be able to see if the virus has changed the file I have below. Let me know if you need any asistance in getting to safe mode. Once you get to the registry follow the format below HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Check to make sure that the file does not read "wsaupdater.exe" the file should read "userinit.exe". If this does not help you will need to remove the Virus. Quote Link to comment Share on other sites More sharing options...
CAMERA HOUSE Posted January 14, 2011 Author Report Share Posted January 14, 2011 I started in safe mode but even there it ask to log on in admin before I do anything. When I clicked on admin it does the same in safe mode. Quote Link to comment Share on other sites More sharing options...
CAMERA HOUSE Posted January 14, 2011 Author Report Share Posted January 14, 2011 Is there any other way to reach registry? I took out hard drive and connected to other computer in USB but can not find registry files. System folder has no access. Quote Link to comment Share on other sites More sharing options...
Big Dave Posted January 14, 2011 Report Share Posted January 14, 2011 If you have the original Windows XP Pro installation cds, you could boot from the CD, and get to "command prompt", but editing the registry from there is probably impossible. BUT, you could see if you're infected with the "wsaupdater.exe" virus by just typing "dir "wsaupdater.exe" /s" and that'll scan your hard drive for that file. If it's there, you're infected. If not, you've got another problem. You could then find / copy the userinit.exe into the same location as the wsaupdater.exe and rename it so that when the OS re-starts, you'll have the standard userinit.exe running. Just a thought.... Quote Link to comment Share on other sites More sharing options...
CAMERA HOUSE Posted January 15, 2011 Author Report Share Posted January 15, 2011 HI BIG DAVE To do any thing it needs to LOG ON first. But it does not let me in any any mode. I tried thru network, but it does not allow to go into system files. I took out HDD now from there where shall I find the infected files? Quote Link to comment Share on other sites More sharing options...
CAMERA HOUSE Posted January 15, 2011 Author Report Share Posted January 15, 2011 THANKS TO ALL FOR HELP. I could not do it. So copied some files I wanted, and formated that HDD while it was connected to other computer. Quote Link to comment Share on other sites More sharing options...
nobids Posted February 21, 2011 Report Share Posted February 21, 2011 ****WARNING WARNING READ THE BOTTOM FIRST. If you slave the hard drive you took out on a XP machine you can do this. Click Run on the start menu and type regedit Once in the registry click on the HKEY_LOCAL_MACHINE. Then from the FILE menu choose LOAD HIVE. From the open file windows that pops up. Navigate on your slaved drive to WINDOWS\system32\config and select and open the SYSTEM file (this is the registry/hive file). There will be another box asking your to name the file you just opened, give it the name SLAVEREG. The registry from the slaved drive will now be loaded under HKEY_LOCAL_MACHINE > SLAVEREG and you are free to browse and edit. I would however take this method first. Slave the drive on a computer with a good maleware cleaner and scan the slave drive for virus, if it gets some of the nasties try and boot the drive back in your computer if it boots run install the maleware scanner and run virus scanners really should be run on a primary hard drive. ***** READ FIRST - Under no circumstances modify the registry until you have made a backup copy of the SYSTEM file you are going to edit. Now read the post and you will understand which file I am talking about. If you end up corrupting the SYSTEM (registry) you can copy and paste the backup file over top and start again. If you don't have backup you are lost for ever. Quote Link to comment Share on other sites More sharing options...
manager Posted May 13, 2011 Report Share Posted May 13, 2011 cool post, nobids, thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.