Sly Bald Guys Forum
Various Non-Bald Discussions => General Discussion => Topic started by: Mikekoz13 on December 31, 2009, 02:22:28 AM
-
I apparently got a virus on my desktop yesterday. I ran Malwarebytes and it found all the infections and removed them. But I'm left with an issue.
When I get to the WELCOME screen where all the user names are I'm OK... but no matter which user name I select it looks like it's going to log me in but then immediately sends me back to the log in screen.
I looked into this on the internet (on my laptop) and tried a feew things with no luck.
Anyone have any ideas? I'm desperate.
-
Have you tried running in safe mode?
What OS do you have?
-
Mike,
I'm going to work on the assumption that you're running a Windows machine (most are,) and suggest a few things. First, do a google search for "AVG Anti-Rootkit download" and download and run it (You may need to go into safe mode to do this.) The nefarious thing about rootkits is that they re-install every time you reboot. Once you're rootkit free, then run your Malwarebytes again (Pretty good program!) and perhaps Lavasoft's ad-aware. Lastly, I'd suggest downloading and running Zone Alarm's free version of their anti-virus. I'm a big fan of Zone Alarm. I ran their Security Suite on my system, when I ran Windows.
Hope I was able to help a little,
Scott
-
Guys-
It's a desktop with Microsoft XP. The problem with Scott's suggestion is that I can't get past the login screen to do anything. When I click on my or any other user name it looks like it's going to log me in. My wallpaper flashes up for literally a second and then it logs me out immediately.
-
Mike,
Try pressing...oh crud, I think it's F11, (and if that doesn't work, reboot repeatedly and press F-buttons until the option comes up) during bootup and selecting "boot up in safe mode." and go from there.
-
Mike,
Try pressing...oh crud, I think it's F11, (and if that doesn't work, reboot repeatedly and press F-buttons until the option comes up) during bootup and selecting "boot up in safe mode." and go from there.
Yeah I did that.... still couldn't get past that welcome screen.
-
well, crud. The only other option I can think of at this point would be a wipe and reinstall of XP. Sorry, bro. :-[
-
If I do that will I lose any of my personal data on the computer?
-
If they aren't backed up somewhere, yeah. All documents, photos, videos, music files....everything... Kapoof. Gone :-[
-
You can try a repair installation of XP. That way the personal data would not be lost.
-
You can try a repair installation of XP. That way the personal data would not be lost.
Yeah, what he said. You have nothing to lose by trying this first. Be aware though that viruses will still be there, so take all appropriate steps to eradicate them before you reboot, should the repair work.
-
Yes, a repair installation may help. It sounds like userinit.exe has been deleted or corrupted (it's needed to initialise user accounts, hence userinit; hence you being logged out immediately). To do a repair installation, boot from the Windows CD and follow the setup process normally until you see an option to repair a detected Windows installation (this is not "R" for Recovery Console). If you reach the disk partitioner, you've gone too far. If you get no option for a repair installation, report back and we'll try using the recovery console to restore userinit.
Also, try entering the Advanced Boot Options menu with F8 (as you've already done) and select Last Known Good Configuration. This may allow you to log in.
In any case, if we can get you to the desktop, I'll connect to your computer with remote assistance software and make sure it's clean if you like.
-
According to everything I've read on line it's definetly a problem with the userinit file. I tried several of the solutions that I found but with no luck. I'm really trying to avoid taking the computer to the guy in town to fix because I don't want to drop the cash.... I think he is $65 to fix this type of thing. He is EXCELLENT though.........
-
I tried last known good config earlier with no success.
-
Reporting back.......... No selection for a Repair Installation..............
-
So the current installation on the disk is displayed but after you select it there is no "Repair" option?
You might have a Setup CD that is modified by the PC manufacturer which removed this option. Perhaps you could ask a friend for a original Microsoft Setup CD.
Have you tried to reset the system with the System Restore utility? There is a way to do this without logging into the desktop but only if you can get the "Safe Mode With Command Prompt" to work. See http://pcsupport.about.com/od/fixtheproblem/ht/systemrestorecp.htm (http://pcsupport.about.com/od/fixtheproblem/ht/systemrestorecp.htm)
-
I tried last known good config earlier with no success.
Well that was my only idea. Going back to the last AOK Restore Point. Sorry Mike.
-
See if any of this helps
http://support.microsoft.com/kb/315341 (http://support.microsoft.com/kb/315341)
-
See if any of this helps
http://support.microsoft.com/kb/315341 (http://support.microsoft.com/kb/315341)
Thanks for the link Dave. I'm worried about losing what's on my hard drive. I read this over and I may be in a bit over my head with all that. I'll PM you in the next day or so.
-
If you think it's a virus, since you have another computer
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/ (http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/)
Start with the BitDefender, have had the best results with it.
-
If you think it's a virus, since you have another computer
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/ (http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/)
Start with the BitDefender, have had the best results with it.
I managed to cleanse the virus from all files using MalWareBytes before this problem started. The problem started when I rebooted after running MWB and cleansing the files. The reboot was required by MWB to finish the cleanse. After rebooting I couldn't, and can't, get past that welcome screen because the virus bastardized the userinit file. I tried reloading that file but it didin't work.... and that solution seems to work for some but not others according to all I read.
-
I've fixed this at least a hundred times.
Insert the original Windows XP CD (Windows XP with Service Pack 2 is preferred, but not required) and reboot the computer. You may need to configure your computer to boot from the CD-ROM drive.
When the Windows XP Setup has started, press "R" to "repair the Windows XP installation using Recovery Console".
Select the Windows installation to repair (generally this is C:\Windows) by typing its number and then pressing ENTER.
Type the Administrator password and press ENTER.
Type the following commands:
D: [ENTER]
CD I386 [ENTER]
EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32 [ENTER]
NOTE: If your CD-ROM drive has a different letter assigned to it, enter "X:" instead, where X is the appropriate drive letter.
After entering "EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32" you should see the text "1 file(s) copied", in which case all went well.
Remove the Windows XP CD, type "EXIT" and press ENTER to restart your computer. You should now be able to log on as normally.
# Update your virus signature files using the Updater component.
# Replace the original USERINIT.EXE (acquired from the Windows XP CD) with the latest version included in Service Pack 2.
If this does not fix it, let me know there are other ways to fix it. As well there is a way to create a temporary partition to protect your data while you move it to something else.
-
I've fixed this at least a hundred times.
Insert the original Windows XP CD (Windows XP with Service Pack 2 is preferred, but not required) and reboot the computer. You may need to configure your computer to boot from the CD-ROM drive.
When the Windows XP Setup has started, press "R" to "repair the Windows XP installation using Recovery Console".
Select the Windows installation to repair (generally this is C:\Windows) by typing its number and then pressing ENTER.
Type the Administrator password and press ENTER.
Type the following commands:
D: [ENTER]
CD I386 [ENTER]
EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32 [ENTER]
NOTE: If your CD-ROM drive has a different letter assigned to it, enter "X:" instead, where X is the appropriate drive letter.
After entering "EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32" you should see the text "1 file(s) copied", in which case all went well.
Remove the Windows XP CD, type "EXIT" and press ENTER to restart your computer. You should now be able to log on as normally.
# Update your virus signature files using the Updater component.
# Replace the original USERINIT.EXE (acquired from the Windows XP CD) with the latest version included in Service Pack 2.
If this does not fix it, let me know there are other ways to fix it. As well there is a way to create a temporary partition to protect your data while you move it to something else.
Shdwlk-
This is the same solution that I had found on line but I went ahead and tried it again anyway per your exact instructions. The only thing I saw slightly different when I did this was that when I used the "EXPAND" command the text came back "One filr Expanded"instead of one file copied.
However.... is still didn;t work. When I rebooted and then selected my user at the welcome screen, I actually saw my wallpaper for about ten seconds or so and then it logged me right back out.
Thanks for you r help though and any additional help to fix it is greatly appreciated!
-
We can take a different approach if you want to save your data, then reinstall the operating system. download a copy of PClinuxos and burn the .iso file to disk (google how to do that) then boot the disk log in and then you can go into a folder I think is called places and then copy all the data to an external drive. Sorry for not having exact instructions but it has been a while since I've used that distro.
-
I've fixed this at least a hundred times.
Insert the original Windows XP CD (Windows XP with Service Pack 2 is preferred, but not required) and reboot the computer. You may need to configure your computer to boot from the CD-ROM drive.
When the Windows XP Setup has started, press "R" to "repair the Windows XP installation using Recovery Console".
Select the Windows installation to repair (generally this is C:\Windows) by typing its number and then pressing ENTER.
Type the Administrator password and press ENTER.
Type the following commands:
D: [ENTER]
CD I386 [ENTER]
EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32 [ENTER]
NOTE: If your CD-ROM drive has a different letter assigned to it, enter "X:" instead, where X is the appropriate drive letter.
After entering "EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32" you should see the text "1 file(s) copied", in which case all went well.
Remove the Windows XP CD, type "EXIT" and press ENTER to restart your computer. You should now be able to log on as normally.
# Update your virus signature files using the Updater component.
# Replace the original USERINIT.EXE (acquired from the Windows XP CD) with the latest version included in Service Pack 2.
If this does not fix it, let me know there are other ways to fix it. As well there is a way to create a temporary partition to protect your data while you move it to something else.
Shdwlk-
This is the same solution that I had found on line but I went ahead and tried it again anyway per your exact instructions. The only thing I saw slightly different when I did this was that when I used the "EXPAND" command the text came back "One filr Expanded"instead of one file copied.
However.... is still didn;t work. When I rebooted and then selected my user at the welcome screen, I actually saw my wallpaper for about ten seconds or so and then it logged me right back out.
Thanks for you r help though and any additional help to fix it is greatly appreciated!
I figured cutting and pasting a common solution would be easier to read than my shorthand O0
-
You can use Ultimate Boot CD to access your registry and update it. Here's a link to UBCD -http://www.ubcd4win.com/ and here's a link to instructions on how to do it - http://www.raymond.cc/blog/archives/2008/07/02/how-to-edit-windows-registry-key-values-without-booting-in-windows/
If that doesn't work, you can use Knoppix to boot a linux distribution and copy all of your files to an external hard drive or network drive.
-
Tyler beat me to the punch, by suggesting D/Ling a linux distro and moving the desired files manually to a removable media (CD, USB or whatever.) BTW, Puppy Linux is small enough to run resident in RAM, thereby freeing up your CD drive, if you only have one CD drive.
-
I want to thank every one of you guys for your suggestions and help. I'm not a computer guru by any stretch and some of the suggestions may be outside of what I fell comfortable doing myself.
I am going, however, to try Tyler's suggestion one eveving later this week.
-
I got a Sony Vaio with Win 7 about two weeks ago. I went to log on, and I was hearing this "clicking" sound. Then, I got this message, "Operating System Not Found". Drat! Of course, I didn't make backup disks, but my personal files have been backed up. So, it'll be going into the shop in the morning. What a drag! (And I do run AVG, Adaware (Malware bytes), and use ccleaner every day, so I don't know what happened. :-(
-
I got a Sony Vaio with Win 7 about two weeks ago. I went to log on, and I was hearing this "clicking" sound. Then, I got this message, "Operating System Not Found". Drat! Of course, I didn't make backup disks, but my personal files have been backed up. So, it'll be going into the shop in the morning. What a drag! (And I do run AVG, Adaware (Malware bytes), and use ccleaner every day, so I don't know what happened. :-(
Sounds like a lemon hard drive. My buddy bought a Toshiba from Best Buy and 3 months later the motherboard went out. I diagnosed it over the phone and had to argue with the Dumb Squad for 30 minutes before they'd believe it was the motherboard. Though, once they did see I was right they gave him a new computer and backed up his files off of the old one.
-
One thing that I failed to mention is that I went to use Yahoo messenger earlier that morning, and got a strange message from someone that I didn't know. The message contained this weird URL. Before I could even think about what I was doing, I clicked on the link, and it was to porn. So, I'm thinking that the system picked up something from that site that wiped out my hard drive. Once a hard drive is wiped out like that, can it be restored or is the only choice to replace it? I got my laptop from Best Buy in Dec., and didn't buy the Geek Squad protection plan.
-
One thing that I failed to mention is that I went to use Yahoo messenger earlier that morning, and got a strange message from someone that I didn't know. The message contained this weird URL. Before I could even think about what I was doing, I clicked on the link, and it was to porn. So, I'm thinking that the system picked up something from that site that wiped out my hard drive. Once a hard drive is wiped out like that, can it be restored or is the only choice to replace it? I got my laptop from Best Buy in Dec., and didn't buy the Geek Squad protection plan.
If the hard drive was knocking, then it has nothing to do with downloading a virus. It's probably just coincidence. Though, if the hard drive is knocking, then you still might be able to get the files off. Put the hard drive in a plastic ziplock bag and get as much air out as possible. Then put the bag and hard drive in the freezer for about 2 to 4 hours. Take the hard drive out and place it immediately in the machine and turn it on or place the hard drive into an enclosure that allows you to access it through USB. Then transfer the files off as soon as you can.
-
One thing that I failed to mention is that I went to use Yahoo messenger earlier that morning, and got a strange message from someone that I didn't know. The message contained this weird URL. Before I could even think about what I was doing, I clicked on the link, and it was to porn. So, I'm thinking that the system picked up something from that site that wiped out my hard drive. Once a hard drive is wiped out like that, can it be restored or is the only choice to replace it? I got my laptop from Best Buy in Dec., and didn't buy the Geek Squad protection plan.
If the hard drive was knocking, then it has nothing to do with downloading a virus. It's probably just coincidence. Though, if the hard drive is knocking, then you still might be able to get the files off. Put the hard drive in a plastic ziplock bag and get as much air out as possible. Then put the bag and hard drive in the freezer for about 2 to 4 hours. Take the hard drive out and place it immediately in the machine and turn it on or place the hard drive into an enclosure that allows you to access it through USB. Then transfer the files off as soon as you can.
Seriously, dont go to geek squad. they will rape and pillage your wallet, and all they do half the time is use programs that are free to get online. try using a program called "Recuva" (the same people who made ccleaner made Recuva.) Hook the HD up to a functioning computer and boot off the working OS. It should recognize the bad HD as a removable device.
Also, regarding the freezer hard drive trick, if you happen to have one of those "freshness packs" that you see in packs of bacon (one thats not covered in grease, mind you) it would help to put that in there. That will suck up the condensation that forms. The condensation can kill the drive faster than anything that might have been wrong with it.
-
Well, you're ahead of the game by not buying the Geek Squad. What a $$ waste that one is. Almost (but not quite) as bad as buying from Best Buy in the first place.
If you just bought that laptop in December, it should be under warranty, so I'd start by just taking it back to Worst Buy -- Oops, sorry , Best Buy, and getting it replaced. Which, of course they aren't wanting to do, and will probably tell you you have a virus, and it isn't covered. Visiting Yahoo Messenger is pretty darn safe, I would be surprised if you picked something up there. Unless you linked through to some site, that is maliciously sending a virus, to anyone who clicks it. If that were so, You are not alone in that boat.
The cleaners and AVG are some really good first lines of defense, but the best defense is the operator. Firefox has quite a few extensions that can be added to your machine(s) that will help in treading lightly around places that we tend to go.
I've bought two laptops this Christmas Season, one for a grandson, but the other for little ol' me. Both on line, both un-seen by me in person, and both from companies that offer a no questions asked return policy. Even if you don't like the color it can be returned. Try that from Worse Buy.
-
Thankfully, Best Buy didn't give me a hard time at all. They didn't have any other Sony Vaio's, so I asked some friends of mine who own a computer shop in town which brand of laptop that they'd recommend. They told me to buy an "Asus". It was somewhat more expensive than the Vaio, but it didn't have any where near the amount of junk on it AND it had a bigger hard drive. (I later found out that Asus makes the motherboards or hard drives that a lot of other laptop makers use). So far, so good.
-
I've got something better than the Geek Squad ... The college kid down the road !
-
I've got something better than the Geek Squad ... The college kid down the road !
I hear ya on that one. There was no way that I'd pay for the Geek Squad services. In fact, when I picked out the laptop, I told the sales person that I wanted on that the Geek Squad hadn't gotten its hand on. There's this local company that I've gone to for years now. They're reasonably priced, and I can pick up the phone and ask them questions about things and they won't charge the daylights out of me for their help.