I’m writing this post with the hope that it will be helpful to people who face the same computer predicament that I did a few days ago. Here’s a little bit of background information: Last Tuesday I met John Chol Daau, who is from Sudan. He grew up as one of the Lost Boys of Sudan, forced to leave his home and wander hundreds of miles through Africa to survive. If you don’t know much about this particular humanitarian issue, I suggest spending a small amount of time reading up on it. Anyway, John told me that his PC was experiencing a debilitating virus, and asked if I would look at it. I said that I would. After spending quite a bit of time reading through various website forums, here’s a short description of the problem and its solution:
Problem: The PC (which runs Windows XP with SP2) starts normally. The Windows splash screen appears correctly and then the login prompt correctly loads. You can then enter your user name and password like normal, but as soon as you try to login you are IMMEDIATELY logged back out again. The desktop doesn’t even load. It moves immediately back to the login window where you can then enter your user name and password again. No matter how many times you try to login you always experience this immediate logout. Even if you try to login to the computer in safe mode you still experience the same problem. This problem is documented on Microsoft’s website here.
Solution: I’m sure this behavior can be caused by many different problems, but the most common cause is a virus. If you’re familiar with the Windows registry, this virus changes a few registry key values that makes it impossible to login to your computer. If you’re not familiar with the registry, don’t panic. I’ll post links to a few articles that very clearly explain how to fix this problem. Basically, the virus makes two very simple changes to your computer that render it useless. In order to fix the problem, you have to change these two things back to the way they were while your computer was working.
Easy Fix: The “easy” solution to this problem can be found here. In order to use this fix you have to have your Windows XP install CD. This is the CD that contains the files necessary to install the operating system on your computer. You probably have this disk stashed in a drawer somewhere. You should note that there’s a difference between the Windows XP install CD and the recovery CD that may have shipped with your computer. It’s actually possible that when you bought your computer that it didn’t actually come with a Windows XP install CD. Sometimes computer manufacturers will only ship you a recovery disk, which is altogether different. You need your Windows XP install CD so that you can run an application called the Recovery Console. The link above should provide documentation on how to use the Recovery Console. Unfortunately, this fix didn’t work for John’s computer, but it may work for yours.
Slightly Harder Fix: This fix is the one that ended up working to fix John’s computer. A detailed explanation of this fix can be found here. It requires you to have access to another Windows PC with a CD burner (even if it’s a friend’s computer). You have to download a program called BartPE, which is one of the greatest recovery tools that exists. For this particular problem, BartPE will enable you to quickly change the two settings that the virus messed up. You may need a Windows XP install CD for this method as well. But it may be possible for the program to find what it needs from your friend’s computer without having to have access to this disk.
If you have any questions, please feel free to contact me. The above links should give you the tutorials you need to fix the problem. And if you use a PC you should use a virus protection program! If you don’t, you’re asking for trouble! Good luck!
Tags: Virus, Windows XP
-
you are the man.
dan
-
That does sound quite debilitating!
As I sit here no my PowerMac G5, though not perfect, I feel a sadness for all Windows users. Since my computer is the one of only two Macs on our church network, the abundance of PCs provide great job security, as there are issues that arise every week.
Have you had any experience with Vista yet?
-
Typical, One of the Mac users decides to take a jab at Windows. If what they’re running truely is the best, why do they insist on slamming other systems?? In this case the answer is provided. “on our church network,” there is the key. Our religion is the best…your stupid and we must help you not to be stupid. Once again if what you’ve got is so great they why isn’t it enough just to have it and leave other people, who may be quite happy with what they’ve also got, the **** alone.
-
I don’t think that was really a jab… he just said he’s happy he doesn’t have to deal with viruses. So am I, even though I have plenty of issues with Apple (and do not belong to any church). Relax. He even said up front that his computer isn’t perfect.
Also your and you’re are not the same word.
As for “if what you’ve got is so great they[sic] why isn’t it enough just to have it and leave other people [...] the **** alone” – probably because this is a site where people are replying to other people, he wanted to ask the question about Vista, and is happy that he doesn’t get viruses.
Don’t worry; eventually those of us who pay obscene amounts of money to use Apple computers will get viruses just like you do. Until then, chill. We aren’t actually evil; we just like our computers (most of the time).
Alternate question: If Windows users are so happy with their OS, why do they flip out every time a Mac user talks? You’re remarkably defensive for being so happy.
-
-
-
No, I haven’t really played with Vista as of yet. My MS program currently requires XP more or less, so I don’t feel like installing it under Boot Camp only to find that there’s going to be weird issues with it. I’ve already run into some of the Office 2007 backward compatibility issues, which was enough to make me cringe. Once Leopard comes out in October (or whatever it ends up being) I’m sure that I’ll finally install Vista on my own machine.
-
I’m working in Macalle’, Ethiopia. Here there are some computers with the same behaviour, but your solution didn’t work
At least i found how here:
http://www.dotnethell.it/forum/messages.aspx?ThreadID=7796
(sorry italian only!).
N.B moreover i found corrupted also this registry value
HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
the right value should be “explorer.exe”, the infection changed it in c:\recycled\svchost.exe -
Hi,
I encountered a problem while loading hive; after typing MyXPHive as you suggested, I clicked OK button and this message showed up “Cannot Load X:\i386\SYSTEM32\CONFIG\SOFTWARE: Access is denied.
Why this info and what could be the solution?
Thank you. -
My first thought would be to make sure that you’re referencing the correct drive letter. Make sure that it’s X: on your system rather than something else. I vaguely remember this happening to me at first as well, but I realized that I was pointing at an incorrect location. You want to make sure that you’re searching for your Windows installation drive.
-
It is not clear the answer for Nath
“X:\i386\SYSTEM32\CONFIG\SOFTWARE: Access is denied.
Why this info and what could be the solution?:” -
Great solution!! Worked for me here too!! You’re great! Thanks for the information.
-
“You need your Windows XP install CD so that you can run an application called the Recovery Console. The link above should provide documentation on how to use the Recovery Console. ”
Sorry but I cant see that link above.
Thanks -
Oh dear got it I must be blind…
-
Im having the same problem as Nath anyone have a solution
-
Hi i did follow the step until KEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon to edit userinit’s key but it doesn’t have userinit register in there. Please help me how i can do. thank you very much
-
“X:\i386\SYSTEM32\CONFIG\SOFTWARE: Access is denied.
Can some1 please help me with this problem?
-
Must i use my windows folder under C:\ or the BartPE folder under X:\ when loading the MyXpHive file?
-
Funny… I’m browsing your site from Southern Sudan where I’ve been trying to fix the same issues with a couple of PC’s here. I say funny ‘cos the background of this posting was an issue with one of our lost boys from the beloved Southern sudan.
Thnx..
-
“X:\i386\SYSTEM32\CONFIG\SOFTWARE: Access is denied.
Did anyone solve this?
Thanks
Dave
-
You have to map to your PC from another PC. Then do the following: Run regedit and then click file, connect network registry, put in the PC name of the affected PC
For Windows XP:
Navigate in the registry on the infected PC to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
In the right pane look for Userinit and the path should point to: C:\WINDOWS\system32\userinit.exe,
Make sure you add the “ , “ at the end.For Windows 2000:
Navigate in the registry in the infected PC to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
In the right pane look for Userinit and the path should point to: C:\WINNT\system32\userinit.exe,
Make sure you add the “ , “ at the end. -
Dear Ian Luke Kane,
Thank you for this well written article. It was of tremendous help. Though in
my case the Easy Fix did not work, the Slightly Harder Fix did work
beautifully.I sent a note of gratitude to Bart and made a donation for the software he
developed.For anyone confused about which Windows folder to use when loading the HIVE
file found in the instruction for the Slightly Harder Fix (suggested name
MyXPHive), the folder is directory on your PC where Windows XP is installed -
not from the BartPE CD or from any other folder. i.e.
“c:\windows\system32\config\software” or if you upgraded from NT, it could be
“c:\winnt\system32\config\software” (do not type quotes when entering into the
BartPE field).For some reason BartPE could not display the deeper folder structure of my
Windows Directory, but this was not a problem, I simple typed the path in the
field and it loaded the software HIVE.Hope this helps.
Thanks again Ian,
Troy
-
I have loaded the hive and navigated to the correct area however the userinit.exe did not exist, anyone know what to do from here???
-
Make sure you’re logged in as administrator to for the “Access is denied” error.
-
My dad uses his computer just to surf and screw around online. He told me he had issues with logging in and described that same problem. I was able to get into the computer in Safe Mode but thats it. So after performing “chdsk /p /r” and waiting it recovered one file but that didn’t solve the problem. So I tried System Restore to Oct 1, 2008 and that got it. I erased a bunch of things from Programs menu that he had installed and ran AVG Free Antivirus before I connected the computer back on the internet, it’s all good now and things are normal again.
-
I should’ve noted that my userinit.exe file was intact and there seemed nothing wrong with it.
-
Thanks for helping me solve the logon/logoff problem.
I could no longer logon to the computer, not even in safe mode. Here’s my experience to help others with similar problem ; it’s an easy fix :
1. I used a WinXP CD to boot into Recovery console mode.
2. There was no userinit.exe in the system32 or dllcache folders ! Completely missing !!
3. (HINT) The WinXP install CD contains a packed version in the I386 folder named userinit.ex_
4. Go into the windows\system32 folder (cd \windows\system32) and unpack the userinit from the cdrom (expand d:\i386\userinit.ex_) -
If this does not work
expand d:\i386\userinit.ex_ c:\windows\system32\userinit.exe
and gives you an error message
Unable to create file userinit.exe
0 file(s) expanded.
extract it to some other drive say e:\expand d:\i386\userinit.ex_ E:\
when then file gets extracted copy it from e:\ to c:\windows\system32\copy e:\userinit.exe c:\windows\system32\
-
WOW! Thanks sooooo much, Swan. Out of all the solutions I tried, yours worked the best. But, I had to tweak your directions because when I tried to expand into E:\, it would say “the path was not found.” I realized that I don’t have an E: drive.. duh. So instead:
If you guys have the same problem, try
expand d:\i386\userinit.ex_ C:\
instead of
expand d:\i386\userinit.ex_ E:\
then,
copy it from c:\ to c:\windows\system32\
Good luck to everyone else!
-
-
Briliant, worked well.
I could not find the userinit in registry either so have created new string, checked if userinit.exe is available on C:\WINDOWS\system32\userinit.exe as it was I have just typed this path to the string in registry under myxphive..etc…did the unload and worked since.
-
I’ve tried with Slightly Harder Fix solution, that’s really work out. Thanks!
-
thank you
-
Guys I need some help here. Nothing on here is working for me. I tried te Slightly Harder fix as I dont have XP CD.
I did everything as described in the link…went to the following lcoation:
HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon\
And this is how my Userinit key looked like. Just as it describes it in the solution.
C:\Windows\System32\Userinit.exe,
What am I missing…I think I need to update my registery somewhere but I am all out of idea. Please adivse if anyone know what I could be doing wrong.
Thanks
-
I had the same problem. Use this entry to fix it:
James on February 9, 2009 at 6:30 pm
-
-
Your post was very helpful! However, when I ran the xp set up and pressed “r” the next screen said “setup did not find any hard disk drives installed in your computer” Yikes…now what? When it’s booting up and hits the black screen, it shows “none” next to the hard disks master and slave lines…
-
I’m having the same problem. Did yours get resolved, and if so, how did you get it to work?
Thanks!
-
-
Thanks man… that quite helped …. yet to try it out though
-
I have the logon/logoff virus. When I try to insert the windows XP install CD my laptop doesn’t recognize that it is there. I go to the boot divices and select CD-ROM but there aren’t any CDs being displayed, even though the disk is in and spinning. The logon/logoff also happens in safe mode. Please Help !!!!!
-
OK, I am very confused.
When loading the hive, don’t we want to load a good copy of userinit.exe???
Why then would se load it from the infected PC system32 folder?
Shouldn’t we load a good copy? ie the one that is on the Barts built disk?
However, this is not accessible as pointed out by previous posts. Logging on as administrator is not an option since booting to a Barts disk does not involve logging on. -
I insert copy userinit.exe wsaupdater.exe. I get an error message saying “the system cannot find the file specified”. What am I doing wrong?
-
Okay, so I am having problems getting the fix to work. I had some difficulty, but it finally let me expand and copy userinit.exe to c:\windows\system32 sucessfully, but then when I try to copy it as wsaupdater.exe I promptly get the “the system cannot find the file specified” error again. Is there something I am missing? Something I am doing wrong?
-
Not sure if it’s helpful to anyone, but now when I try to log in it lets me, but then everything sort of jut freezes once I get to the desktop before anything past my wallpaper loads.
-
Siobhan,
In your case you will also need to extract “explorer.exe” to the C:\windows\system32 folder. This is done using the same methods as when you extracted the “userinit.exe” file. -
if explorer.exe doesnt exist you must expand it from windows cd like DC said,
if expllorer.exe exists in your windows folder ,you must also change the value of Shell in registry (regedit) to:
Shell=explorer.exe (no commas)
it took me 3 months to solve the problem…
-
-
all you need is to delete all files in system 32 and make a recovery (the windows xp or the recovery) and download all viruses that you have the best is the Suravaya
-
Family member dropped a PC off this evening that was looping at the login. This helped… turns out the registry key was right, but the userinit.exe file was missing from where it was supposed to be. Used BartPE, copied userinit.exe where it was supposed to be and PC is booting. Now I can at least start the PC, run some proper virus scans, etc. Thanks all!!!!
-
Tried the fix at least 4 different times, and did not work for me. I’m sure I followed instructions correctly. Will try to delete all system32 files as mentioned above. The BartPE did not work for my problem.
-
I tried this method by loading Bart PE and I came up with the same error as most when trying to load the hive but when I went to try and change it from the D drive to the C or X drive it wont let me. It says that it cant find the C or X drive. What do I do?
-
hey will my files go lost if i do the 2nd method???? please reply
-
I love you baby!!!! Thanks a lot!!!!!!
Anyone having the “Acces denied” problem follow Troy Van Marter on July 4, 2008 at 3:25 pm instruction. (Thanks to you as well) -
I am continuously getting the error:
X:\i386\SYSTEM32\CONFIG\SOFTWARE: Access is deniedI don’t understand the comments posted for this error…
1. Someone said, you have to be administrator… there was no log on screen in whole booting process..
2. Someone said, map the C:\windows\system32\config\ path… I can only see X: and some B: (I dont know where it came from but it does not have any windows folder). The X: drive does not have windows folder.
3. Someone suggested to check HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ for Win XP… this is not working for me…Well, I got a message at start ‘Network connectivity required?’.. and I said no… (YES option is just giving blank black screen)
Please let me know where exactly I am going wrong? … your help is most appreciated…
-
Ok can someone please tell me how i use the windows cd if i cant log onto any of the user names??
it just makes absolutely no sense to me.
help would be greatly appreciated!
thank you
-
Thanks so much! For whatever reason, neither of the literal solutions you linked to worked, but the problem was the same, and they gave me enough direction that I was able to solve this problem for an important client. Huzzah!
-
First of all let me thank you for providing this important information.
I had to follow some additional steps to recover my XP installation.
When Symantec AV had apparently deleted an infected file, XP was forced to shutdown. After that, I found myself stuck in the login logoff loop.
Using freeav’s linux based boot cd I was able to run Petter Nordahl’s NT Password Changer off a USB stick. It includes a registry editior.
Soon I found that the value of Userinit was OK.
In Symantec’s logfiles I could see that the file that had been removed at the time the trouble began had a randomized filename and that it was found in system32.
Therefor I decided to create a copy of userinit.exe with the randomized name – and voila! I could log into Windows again!
Running regedit and searched the registry for the randomized name: I found it at HKLM/Software/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/userinit.exe, with name being Debugger and filename as its value.
So I felt lucky, deleted the key and restarted – everything works just fine!RESUMEE : If userinit’s value seems to be OK, but you are still stuck in the loop, look for an Image File Execution Option for userinit.exe and delete it.
GOOD LUCK
:wq-
I followed the BartPE instructions – changed the data back to userinit.exe, – and had high hopes as it had all gone so smoothly. Rebooted pc and still log-on log-off problem!
I have accessed pc using Ubuntu to recover documents, photos, etc. I was running Norton Internet Security before problem. How can I find log files you mention?
Thanks
-
-
HINT : Delete HKLM/Software/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/userinit.exe
:wq
Licensing
54 comments
Comments feed for this article
Trackback link: http://www.logicnest.com/archives/90/trackback