Logged out on Log in, even in Safe Mode!

Dempsey

Friend has a virus, it blocked taskmanager and changed the desktop background. I ran AVG and it detected a virus and I removed the file. Now, the PC logs out immediately when I click to log into any of the accounts. This also happened in safe mode.

Anyone help me get to a point where I can actually being to fix this problem

Thanks in advance!

ActorSeeksJob

Do you have a valid XP CD?

If so, place it in your CD ROM drive and follow the instructions below:

• Click on Start and select Run... type sfc /scannow (note the space) (Let this run undisturbed until the window with the blue progress bar goes away)

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.



Boot from the Windows XP installation CD.

At the "Welcome to Setup" screen, press R to start Recovery Console. Choose the installation to be repaired by number (usually 1) and press "Enter".

When you are asked for the Administrator password, leave it blank and press "Enter".

At the command prompt, type chkdsk /r and press "Enter". (Note the space before /r) The disk check operation will start.

This will be a very thorough check of the hard drive and the file system...be patient and let it complete. It may appear to hang or even back up a few times...this is normal. 60 to 90 minutes is not unusual for this check...it may take longer in some cases.

Once the check completes and you are back at the command prompt, type exit and press "Enter". Let your computer boot normally to Windows.

Dempsey

ActorSeeksJob wrote: »

Do you have a valid XP CD?

If so, place it in your CD ROM drive and follow the instructions below:

• Click on Start and select Run... type sfc /scannow (note the space) (Let this run undisturbed until the window with the blue progress bar goes away)

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.



Boot from the Windows XP installation CD.

At the "Welcome to Setup" screen, press R to start Recovery Console. Choose the installation to be repaired by number (usually 1) and press "Enter".

When you are asked for the Administrator password, leave it blank and press "Enter".

At the command prompt, type chkdsk /r and press "Enter". (Note the space before /r) The disk check operation will start.

This will be a very thorough check of the hard drive and the file system...be patient and let it complete. It may appear to hang or even back up a few times...this is normal. 60 to 90 minutes is not unusual for this check...it may take longer in some cases.

Once the check completes and you are back at the command prompt, type exit and press "Enter". Let your computer boot normally to Windows.

I do indeed.

I wont be able to do the sfc /scannow bit cos I cant login but i'll be able to do the recovery console bit. Hopefully that will sort out the issue. Thanks.

Solitaire

Did you scan the affected HDD via another PC? If you had Pakes.ELV (going around at the moment - thanks Chinese Government!) AVG may have removed smss32.exe and winlogon32.exe as those are the hijacker's targets. Those are kinda important to Windows... and the bad news is that you might have to format+reinstall as Pakes screws with the Registry something fearsome, blocking Windows Product Activation attempts even after you kill it and repair the installation

Dempsey

Solitaire wrote: »

Did you scan the affected HDD via another PC? If you had Pakes.ELV (going around at the moment - thanks Chinese Government!) AVG may have removed smss32.exe and winlogon32.exe as those are the hijacker's targets. Those are kinda important to Windows... and the bad news is that you might have to format+reinstall as Pakes screws with the Registry something fearsome, blocking Windows Product Activation attempts even after you kill it and repair the installation

Oh jesus! :eek:

I cant remember the exact name of the worm but i'll give the easy method a try first and hopefully its not this Pakes.ELV. Could the people that write these viruses take a long walk off a short pier. :pac:

Sounds like I'll be pricking about with another PC for a day :mad:

rhonin

I've been working on the same problem on a friends laptop. What worked for me is this http://windowsxp.mvps.org/peboot.htm
I used BartPE to modify the registry. There is a link in the article on how to create a BartPE bootable cd.

Now that I got logged on I've noticed there is a lot of syware and malware including Internet Security 2010 so you should scan for these once you get logged in.

Dempsey

rhonin wrote: »

I've been working on the same problem on a friends laptop. What worked for me is this http://windowsxp.mvps.org/peboot.htm
I used BartPE to modify the registry. There is a link in the article on how to create a BartPE bootable cd.

Now that I got logged on I've noticed there is a lot of syware and malware including Internet Security 2010 so you should scan for these once you get logged in.

Thanks mate, much appreciated

Skid

Quote:
Originally Posted by rhonin View Post
I've been working on the same problem on a friends laptop. What worked for me is this http://windowsxp.mvps.org/peboot.htm
I used BartPE to modify the registry. There is a link in the article on how to create a BartPE bootable cd.

Now that I got logged on I've noticed there is a lot of syware and malware including Internet Security 2010 so you should scan for these once you get logged in.
Thanks mate, much appreciated



I have the same problem. Virus identified by AVG, desktop background changed to white and now I can't login in again (on logging in, the windows screen gives the message 'Loading your Personal Settings', then almost immedaiately says 'logging off'.

I have an awful feeling that Pakes.ELV was the name of the virus as suggested.

@Dempsey, did the BartPE CD work for you?

Dempsey

SkidMark wrote: »

Quote:
Originally Posted by rhonin View Post
I've been working on the same problem on a friends laptop. What worked for me is this http://windowsxp.mvps.org/peboot.htm
I used BartPE to modify the registry. There is a link in the article on how to create a BartPE bootable cd.

Now that I got logged on I've noticed there is a lot of syware and malware including Internet Security 2010 so you should scan for these once you get logged in.
Thanks mate, much appreciated



I have the same problem. Virus identified by AVG, desktop background changed to white and now I can't login in again (on logging in, the windows screen gives the message 'Loading your Personal Settings', then almost immedaiately says 'logging off'.

I have an awful feeling that Pakes.ELV was the name of the virus as suggested.

@Dempsey, did the BartPE CD work for you?

I'm going to call around to the friend today, i'll post back afterwards and let you know how I got on

Skid

Dempsey wrote: »

I'm going to call around to the friend today, i'll post back afterwards and let you know how I got on

Thanks for that, much appreciated.

Dempsey

Followed the instructions and did exactly what it said on the tin

Ran Spybot, found a heap of malware, virus scanner is still going

Skid

Thanks for that. At the moment I only have access to a Windows Vista machine (My own computer is XP)

Can I burn a BartPE bootable CD using Vista, If I run my original XP installation disk when prompted?
Or do I need to run BartPE from an XP computer, to make an XP bootable CD, if that makes sense.

rhonin

SkidMark wrote: »

Thanks for that. At the moment I only have access to a Windows Vista machine (My own computer is XP)

Can I burn a BartPE bootable CD using Vista, If I run my original XP installation disk when prompted?
Or do I need to run BartPE from an XP computer, to make an XP bootable CD, if that makes sense.

Yes you can.
I ran it from my laptop which has Windows 7. The infected PC had XP. I put the XP cd in my cd drive and pointed BertPE to the cd drive and it took the files from there.

Skid

rhonin wrote: »

Yes you can.
I ran it from my laptop which has Windows 7. The infected PC had XP. I put the XP cd in my cd drive and pointed BertPE to the cd drive and it took the files from there.

Nice one, I'll give that a try in the morning,
Thanks again.