Jump to content

XP Login loop after MBAM scan


Recommended Posts

First time user of MBAM software, appears to be great product.

One problem: I have an XP laptop that had the userinit.exe file hijacked by what Mcafee called new malware.j but it was unable to clean it. I loaded MBAM and it detected but said it would have to delete it during the next reboot. When I rebooted the computer the I get the XP login screen after clicking Ctrl-Alt-Del, put in the password and Windows starts to load for about 1 second then immediate logs off and goes back to the Press Ctrl-Alt-Del to login screen. If needed I'm able to pull the hard drive out and hook it up to another computer via a USB connector.

Thanks for any and all assistance

Link to post
Share on other sites

It is likely that the key that points to this is not correct .

Do you have the skills to slave the problem drive to a working XP system ?

If you do follow these instructions .

With the problem drive slaved to the working system boot up as you would normally would .

The install of the drive will be automatic but might ask for a reboot .

Open my computer and note the letter the problem drive was assigned . In these instructions Z: refers to this drive .

Click start , run , type regedit .

If the reg keys in the left pane are expanded use the "-" to contract them .

Hightlight HKEY_LOCAL_MACHINE .

Click file , load hive .

Navigate to Z:\WINDOWS\system32\config\software and open it .

Give this hive the name TEMP_HIVE and click OK .

Expand the following key tree :

HKEY_LOCAL_MACHINE

TEMP_HIVE

Microsoft

Windows NT

CurrentVersion

Winlogon

With Winlogon highlifgted in the left pane find Userinit in the right pane and double click it .

Erase what is in the box and replace it with :

C:\WINDOWS\System32\userinit.exe

and click OK .

Navigate to and highlight TEMP_HIVE .

Click file , unload hive , yes and then shut down the system .

Return the problem drive to the problem system and try to log in .

Link to post
Share on other sites

It is likely that the key that points to this is not correct .

Do you have the skills to slave the problem drive to a working XP system ?

If you do follow these instructions .

With the problem drive slaved to the working system boot up as you would normally would .

The install of the drive will be automatic but might ask for a reboot .

Open my computer and note the letter the problem drive was assigned . In these instructions Z: refers to this drive .

Click start , run , type regedit .

If the reg keys in the left pane are expanded use the "-" to contract them .

Hightlight HKEY_LOCAL_MACHINE .

Click file , load hive .

Navigate to Z:\WINDOWS\system32\config\software and open it .

Give this hive the name TEMP_HIVE and click OK .

Expand the following key tree :

HKEY_LOCAL_MACHINE

TEMP_HIVE

Microsoft

Windows NT

CurrentVersion

Winlogon

With Winlogon highlifgted in the left pane find Userinit in the right pane and double click it .

Erase what is in the box and replace it with :

C:\WINDOWS\System32\userinit.exe

and click OK .

Navigate to and highlight TEMP_HIVE .

Click file , unload hive , yess and then shut down the system .

Return the problem drive to the working system and try to log in .

I knew there was a reason I liked you. Good techie skills. :)

Link to post
Share on other sites

I knew there was a reason I liked you. Good techie skills
:)

There is a second and likely easier option , put a clean copy of userinit into both windows and system32 .

While this wont "fix" the problem , it might let us work around it and make the fix easier to implement .

Looking into this further you might have a hijacked variable order and this trick will let us work around it .

Link to post
Share on other sites

:)

There is a second and likely easier option , put a clean copy of userinit into both windows and system32 .

While this wont "fix" the problem , it might let us work around it and make the fix easier to implement .

Looking into this further you might have a hijacked variable order and this trick will let us work around it .

Loading the registry hive from the drive did the trick. I also copied the file to the C:\windows folder just in case.

THANKS

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.