I’m writing this post with the hope that it will be helpful to people who face the same computer predicament that I did a few days ago. Here’s a little bit of background information: Last Tuesday I met John Chol Daau, who is from Sudan. He grew up as one of the Lost Boys of Sudan, forced to leave his home and wander hundreds of miles through Africa to survive. If you don’t know much about this particular humanitarian issue, I suggest spending a small amount of time reading up on it. Anyway, John told me that his PC was experiencing a debilitating virus, and asked if I would look at it. I said that I would. After spending quite a bit of time reading through various website forums, here’s a short description of the problem and its solution:
Problem: The PC (which runs Windows XP with SP2) starts normally. The Windows splash screen appears correctly and then the login prompt correctly loads. You can then enter your user name and password like normal, but as soon as you try to login you are IMMEDIATELY logged back out again. The desktop doesn’t even load. It moves immediately back to the login window where you can then enter your user name and password again. No matter how many times you try to login you always experience this immediate logout. Even if you try to login to the computer in safe mode you still experience the same problem. This problem is documented on Microsoft’s website here.
Solution: I’m sure this behavior can be caused by many different problems, but the most common cause is a virus. If you’re familiar with the Windows registry, this virus changes a few registry key values that makes it impossible to login to your computer. If you’re not familiar with the registry, don’t panic. I’ll post links to a few articles that very clearly explain how to fix this problem. Basically, the virus makes two very simple changes to your computer that render it useless. In order to fix the problem, you have to change these two things back to the way they were while your computer was working.
Easy Fix: The “easy” solution to this problem can be found here. In order to use this fix you have to have your Windows XP install CD. This is the CD that contains the files necessary to install the operating system on your computer. You probably have this disk stashed in a drawer somewhere. You should note that there’s a difference between the Windows XP install CD and the recovery CD that may have shipped with your computer. It’s actually possible that when you bought your computer that it didn’t actually come with a Windows XP install CD. Sometimes computer manufacturers will only ship you a recovery disk, which is altogether different. You need your Windows XP install CD so that you can run an application called the Recovery Console. The link above should provide documentation on how to use the Recovery Console. Unfortunately, this fix didn’t work for John’s computer, but it may work for yours.
Slightly Harder Fix: This fix is the one that ended up working to fix John’s computer. A detailed explanation of this fix can be found here. It requires you to have access to another Windows PC with a CD burner (even if it’s a friend’s computer). You have to download a program called BartPE, which is one of the greatest recovery tools that exists. For this particular problem, BartPE will enable you to quickly change the two settings that the virus messed up. You may need a Windows XP install CD for this method as well. But it may be possible for the program to find what it needs from your friend’s computer without having to have access to this disk.
If you have any questions, please feel free to contact me. The above links should give you the tutorials you need to fix the problem. And if you use a PC you should use a virus protection program! If you don’t, you’re asking for trouble! Good luck!
Tags: Virus, Windows XP
you are the man.
dan
That does sound quite debilitating!
As I sit here no my PowerMac G5, though not perfect, I feel a sadness for all Windows users. Since my computer is the one of only two Macs on our church network, the abundance of PCs provide great job security, as there are issues that arise every week.
Have you had any experience with Vista yet?
Typical, One of the Mac users decides to take a jab at Windows. If what they’re running truely is the best, why do they insist on slamming other systems?? In this case the answer is provided. “on our church network,” there is the key. Our religion is the best…your stupid and we must help you not to be stupid. Once again if what you’ve got is so great they why isn’t it enough just to have it and leave other people, who may be quite happy with what they’ve also got, the **** alone.
I don’t think that was really a jab… he just said he’s happy he doesn’t have to deal with viruses. So am I, even though I have plenty of issues with Apple (and do not belong to any church). Relax. He even said up front that his computer isn’t perfect.
Also your and you’re are not the same word.
As for “if what you’ve got is so great they[sic] why isn’t it enough just to have it and leave other people [...] the **** alone” – probably because this is a site where people are replying to other people, he wanted to ask the question about Vista, and is happy that he doesn’t get viruses.
Don’t worry; eventually those of us who pay obscene amounts of money to use Apple computers will get viruses just like you do. Until then, chill. We aren’t actually evil; we just like our computers (most of the time).
Alternate question: If Windows users are so happy with their OS, why do they flip out every time a Mac user talks? You’re remarkably defensive for being so happy.
macs are for people who are too stupid to run a PC without problems. but i guess some people like to pay obscene amounts of money for their computer to make themselves feel better about themselves. macs arent any better than PC’s. mac lovers seem to have this notion that they are. they are wrong. but let them waste money on their computer.
quote: “macs are for people who are too stupid to run a PC without problems.”
And windows is for people who are too stupid to run linux without problems.
Just let everybody be happy with whatever OS they decided to use.
…and who would be stupid enough to try Linux on Windows?
I am a Linux Expert, and you can not compare the Windows friendly User interface, which was made for the average computer user, to LINUX, which was made for people with programming skills.
2 different worlds
No, I haven’t really played with Vista as of yet. My MS program currently requires XP more or less, so I don’t feel like installing it under Boot Camp only to find that there’s going to be weird issues with it. I’ve already run into some of the Office 2007 backward compatibility issues, which was enough to make me cringe. Once Leopard comes out in October (or whatever it ends up being) I’m sure that I’ll finally install Vista on my own machine.
I’m working in Macalle’, Ethiopia. Here there are some computers with the same behaviour, but your solution didn’t work
At least i found how here:
http://www.dotnethell.it/forum/messages.aspx?ThreadID=7796
(sorry italian only!).
N.B moreover i found corrupted also this registry value
HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
the right value should be “explorer.exe”, the infection changed it in c:\recycled\svchost.exe
Hi,
I encountered a problem while loading hive; after typing MyXPHive as you suggested, I clicked OK button and this message showed up “Cannot Load X:\i386\SYSTEM32\CONFIG\SOFTWARE: Access is denied.
Why this info and what could be the solution?
Thank you.
My first thought would be to make sure that you’re referencing the correct drive letter. Make sure that it’s X: on your system rather than something else. I vaguely remember this happening to me at first as well, but I realized that I was pointing at an incorrect location. You want to make sure that you’re searching for your Windows installation drive.
It is not clear the answer for Nath
“X:\i386\SYSTEM32\CONFIG\SOFTWARE: Access is denied.
Why this info and what could be the solution?:”
Great solution!! Worked for me here too!! You’re great! Thanks for the information.
“You need your Windows XP install CD so that you can run an application called the Recovery Console. The link above should provide documentation on how to use the Recovery Console. ”
Sorry but I cant see that link above.
Thanks
Oh dear got it I must be blind…
Im having the same problem as Nath anyone have a solution
Hi i did follow the step until KEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon to edit userinit’s key but it doesn’t have userinit register in there. Please help me how i can do. thank you very much
“X:\i386\SYSTEM32\CONFIG\SOFTWARE: Access is denied.
Can some1 please help me with this problem?
Must i use my windows folder under C:\ or the BartPE folder under X:\ when loading the MyXpHive file?
Funny… I’m browsing your site from Southern Sudan where I’ve been trying to fix the same issues with a couple of PC’s here. I say funny ‘cos the background of this posting was an issue with one of our lost boys from the beloved Southern sudan.
Thnx..
“X:\i386\SYSTEM32\CONFIG\SOFTWARE: Access is denied.
Did anyone solve this?
Thanks
Dave
You have to map to your PC from another PC. Then do the following: Run regedit and then click file, connect network registry, put in the PC name of the affected PC
For Windows XP:
Navigate in the registry on the infected PC to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
In the right pane look for Userinit and the path should point to: C:\WINDOWS\system32\userinit.exe,
Make sure you add the “ , “ at the end.
For Windows 2000:
Navigate in the registry in the infected PC to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
In the right pane look for Userinit and the path should point to: C:\WINNT\system32\userinit.exe,
Make sure you add the “ , “ at the end.
LYNN!!!!
You’re a genius!!
I’ve spent 5 hours today trying to get back into my computer after getting stuck in this logon/logoff loop on my old Win2K PC (no install disk or recovery disk available). The only thing I had at my disposal was my prior mapping to the harddrive over our network.
I didn’t know that regedit could access a network computer. Once in, I found that something changed the path to my userinit.exe to the wrong path – it was trying to get to c:\windows\system32 instead of c:\winnt\system32. I changed it, restarted, and I’m back in business!!
MUCHO KUDOS to you LYNN!!!
Dear Ian Luke Kane,
Thank you for this well written article. It was of tremendous help. Though in
my case the Easy Fix did not work, the Slightly Harder Fix did work
beautifully.
I sent a note of gratitude to Bart and made a donation for the software he
developed.
For anyone confused about which Windows folder to use when loading the HIVE
file found in the instruction for the Slightly Harder Fix (suggested name
MyXPHive), the folder is directory on your PC where Windows XP is installed -
not from the BartPE CD or from any other folder. i.e.
“c:\windows\system32\config\software” or if you upgraded from NT, it could be
“c:\winnt\system32\config\software” (do not type quotes when entering into the
BartPE field).
For some reason BartPE could not display the deeper folder structure of my
Windows Directory, but this was not a problem, I simple typed the path in the
field and it loaded the software HIVE.
Hope this helps.
Thanks again Ian,
Troy
I type the c:\windows\system32\config\ literally and it responds that the path does not exist.
I have loaded the hive and navigated to the correct area however the userinit.exe did not exist, anyone know what to do from here???
Make sure you’re logged in as administrator to for the “Access is denied” error.
My dad uses his computer just to surf and screw around online. He told me he had issues with logging in and described that same problem. I was able to get into the computer in Safe Mode but thats it. So after performing “chdsk /p /r” and waiting it recovered one file but that didn’t solve the problem. So I tried System Restore to Oct 1, 2008 and that got it. I erased a bunch of things from Programs menu that he had installed and ran AVG Free Antivirus before I connected the computer back on the internet, it’s all good now and things are normal again.
I should’ve noted that my userinit.exe file was intact and there seemed nothing wrong with it.
Thanks for helping me solve the logon/logoff problem.
I could no longer logon to the computer, not even in safe mode. Here’s my experience to help others with similar problem ; it’s an easy fix :
1. I used a WinXP CD to boot into Recovery console mode.
2. There was no userinit.exe in the system32 or dllcache folders ! Completely missing !!
3. (HINT) The WinXP install CD contains a packed version in the I386 folder named userinit.ex_
4. Go into the windows\system32 folder (cd \windows\system32) and unpack the userinit from the cdrom (expand d:\i386\userinit.ex_)
If this does not work
expand d:\i386\userinit.ex_ c:\windows\system32\userinit.exe
and gives you an error message
Unable to create file userinit.exe
0 file(s) expanded.
extract it to some other drive say e:\
expand d:\i386\userinit.ex_ E:\
when then file gets extracted copy it from e:\ to c:\windows\system32\
copy e:\userinit.exe c:\windows\system32\
WOW! Thanks sooooo much, Swan. Out of all the solutions I tried, yours worked the best. But, I had to tweak your directions because when I tried to expand into E:\, it would say “the path was not found.” I realized that I don’t have an E: drive.. duh. So instead:
If you guys have the same problem, try
expand d:\i386\userinit.ex_ C:\
instead of
expand d:\i386\userinit.ex_ E:\
then,
copy it from c:\ to c:\windows\system32\
Good luck to everyone else!
Worked perfectly for me too. Just posting here to say thanks!
Briliant, worked well.
I could not find the userinit in registry either so have created new string, checked if userinit.exe is available on C:\WINDOWS\system32\userinit.exe as it was I have just typed this path to the string in registry under myxphive..etc…did the unload and worked since.
I’ve tried with Slightly Harder Fix solution, that’s really work out. Thanks!
thank you
Guys I need some help here. Nothing on here is working for me. I tried te Slightly Harder fix as I dont have XP CD.
I did everything as described in the link…went to the following lcoation:
HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon\
And this is how my Userinit key looked like. Just as it describes it in the solution.
C:\Windows\System32\Userinit.exe,
What am I missing…I think I need to update my registery somewhere but I am all out of idea. Please adivse if anyone know what I could be doing wrong.
Thanks
I had the same problem. Use this entry to fix it:
James on February 9, 2009 at 6:30 pm
Hi..So how was this fixed? My value for the unserinit was exactly how it’s supposed to be changed to already…
Your post was very helpful! However, when I ran the xp set up and pressed “r” the next screen said “setup did not find any hard disk drives installed in your computer” Yikes…now what? When it’s booting up and hits the black screen, it shows “none” next to the hard disks master and slave lines…
I’m having the same problem. Did yours get resolved, and if so, how did you get it to work?
Thanks!
Thanks man… that quite helped …. yet to try it out though
I have the logon/logoff virus. When I try to insert the windows XP install CD my laptop doesn’t recognize that it is there. I go to the boot divices and select CD-ROM but there aren’t any CDs being displayed, even though the disk is in and spinning. The logon/logoff also happens in safe mode. Please Help !!!!!
OK, I am very confused.
When loading the hive, don’t we want to load a good copy of userinit.exe???
Why then would se load it from the infected PC system32 folder?
Shouldn’t we load a good copy? ie the one that is on the Barts built disk?
However, this is not accessible as pointed out by previous posts. Logging on as administrator is not an option since booting to a Barts disk does not involve logging on.
I insert copy userinit.exe wsaupdater.exe. I get an error message saying “the system cannot find the file specified”. What am I doing wrong?
Okay, so I am having problems getting the fix to work. I had some difficulty, but it finally let me expand and copy userinit.exe to c:\windows\system32 sucessfully, but then when I try to copy it as wsaupdater.exe I promptly get the “the system cannot find the file specified” error again. Is there something I am missing? Something I am doing wrong?
Not sure if it’s helpful to anyone, but now when I try to log in it lets me, but then everything sort of jut freezes once I get to the desktop before anything past my wallpaper loads.
Siobhan,
In your case you will also need to extract “explorer.exe” to the C:\windows\system32 folder. This is done using the same methods as when you extracted the “userinit.exe” file.
if explorer.exe doesnt exist you must expand it from windows cd like DC said,
if expllorer.exe exists in your windows folder ,you must also change the value of Shell in registry (regedit) to:
Shell=explorer.exe (no commas)
it took me 3 months to solve the problem…
all you need is to delete all files in system 32 and make a recovery (the windows xp or the recovery) and download all viruses that you have the best is the Suravaya
Family member dropped a PC off this evening that was looping at the login. This helped… turns out the registry key was right, but the userinit.exe file was missing from where it was supposed to be. Used BartPE, copied userinit.exe where it was supposed to be and PC is booting. Now I can at least start the PC, run some proper virus scans, etc. Thanks all!!!!
Tried the fix at least 4 different times, and did not work for me. I’m sure I followed instructions correctly. Will try to delete all system32 files as mentioned above. The BartPE did not work for my problem.
I tried this method by loading Bart PE and I came up with the same error as most when trying to load the hive but when I went to try and change it from the D drive to the C or X drive it wont let me. It says that it cant find the C or X drive. What do I do?
hey will my files go lost if i do the 2nd method???? please reply
I love you baby!!!! Thanks a lot!!!!!!
Anyone having the “Acces denied” problem follow Troy Van Marter on July 4, 2008 at 3:25 pm instruction. (Thanks to you as well)
I am continuously getting the error:
X:\i386\SYSTEM32\CONFIG\SOFTWARE: Access is denied
I don’t understand the comments posted for this error…
1. Someone said, you have to be administrator… there was no log on screen in whole booting process..
2. Someone said, map the C:\windows\system32\config\ path… I can only see X: and some B: (I dont know where it came from but it does not have any windows folder). The X: drive does not have windows folder.
3. Someone suggested to check HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ for Win XP… this is not working for me…
Well, I got a message at start ‘Network connectivity required?’.. and I said no… (YES option is just giving blank black screen)
Please let me know where exactly I am going wrong? … your help is most appreciated…
I had the same problem as Nath, Yemane and Prasad and kept receiving the message:
X:\i386\SYSTEM32\CONFIG\SOFTWARE: Access is denied.
What helped for me was to realize the following (mind the capital letters
:
If you go to http://windowsxp.mvps.org/peboot.htm you will read at step 3:
“From the File menu, choose the Load Hive option. BROWSE TO YOUR WINDOWS INSTALLATION DRIVE, for example the following location:
C:\Windows\System32\Config\”
If you click on the image called “Select the Hive” you will see that in that example Windows was installed on disk G: (because next to file name it says “G:\Windows\System32\Config”)
In other words, if you have installed Windows on your C: drive like most people, just type “C:\Windows\System32\Config\” in this field and press “Open” (or )
Hope this helps for you.
Entering the literal path on the C drive responds that the path does not exist.
I am using the BartPE CD on an affected system. However, the environment does not see the C: drive. For example, from the command prompt typing c: returns that “The system cannot find the drive specified.” So, Load Hive and any other functions do not work. Any help would be appreciated.
Hey for everybody having the ‘access denied problem’ here’s the real solution!
Go to http://windowsxp.mvps.org/peboot.htm
at step 3 manually type this into the open field: C:\Windows\System32\Config\software
you may receive a file not found error if so you will be able to atleast see the files in the explorer and now you can just manually go to the correct directory, and now follow the rest of the steps on the website, I hope this helps if not email me jmextreme713@yahoo.com and we’ll work on it together, please share this if it works, and let me know as well, have nice day.
-Juvix
Ok can someone please tell me how i use the windows cd if i cant log onto any of the user names??
it just makes absolutely no sense to me.
help would be greatly appreciated!
thank you
Thanks so much! For whatever reason, neither of the literal solutions you linked to worked, but the problem was the same, and they gave me enough direction that I was able to solve this problem for an important client. Huzzah!
First of all let me thank you for providing this important information.
I had to follow some additional steps to recover my XP installation.
When Symantec AV had apparently deleted an infected file, XP was forced to shutdown. After that, I found myself stuck in the login logoff loop.
Using freeav’s linux based boot cd I was able to run Petter Nordahl’s NT Password Changer off a USB stick. It includes a registry editior.
Soon I found that the value of Userinit was OK.
In Symantec’s logfiles I could see that the file that had been removed at the time the trouble began had a randomized filename and that it was found in system32.
Therefor I decided to create a copy of userinit.exe with the randomized name – and voila! I could log into Windows again!
Running regedit and searched the registry for the randomized name: I found it at HKLM/Software/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/userinit.exe, with name being Debugger and filename as its value.
So I felt lucky, deleted the key and restarted – everything works just fine!
RESUMEE : If userinit’s value seems to be OK, but you are still stuck in the loop, look for an Image File Execution Option for userinit.exe and delete it.
GOOD LUCK
:wq
I followed the BartPE instructions – changed the data back to userinit.exe, – and had high hopes as it had all gone so smoothly. Rebooted pc and still log-on log-off problem!
I have accessed pc using Ubuntu to recover documents, photos, etc. I was running Norton Internet Security before problem. How can I find log files you mention?
Thanks
Thanks vi!!!
All registry entries under ….\Winlogon have been ok, but computer still didn’t start.
The last tip with ‘File Execution Options’ worked!
System is now up and running.
Thank you very much
Michael
HINT : Delete HKLM/Software/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/userinit.exe
:wq
Thank you,
the last comment by VI finally did it for me!
Stefan
You people are idiots. People from the Sudan helping you? That is like someone from Nigeria telling me I won a million dollars, just send 159.99 for the transfer… Makes no sense. Infected computer, use your backup, or let me guess, you folks are not making backups, figures.
I agree with Lee that backups are a necessary part of computing these days. If you’re not making backups, you’re flirting with disaster.
But I certainly wish that Lee would have read the post, and could understand that this article was written to help people in a tough spot.
thanks for this information. it’s helping me
Great man. It solved my problem. Bravo……
simple.. copy userinit.ex_ from win xp cd to c:\windows\system32 folder. download malwarebytes, install and update. Worked for me
great site thanks.
To Lee above. You are a moron. Go back to playing World of Warcraft you grumpy butt. Get a life. Next time read the post and stop taking jabs at people from Sudan, they are in-fact smarter than you. I’m real glad you could come here and write those few kind words about everyone that had absolutely no relation to the post. BTW, I have a business trip planned to your country coming up here soon, I would like my ambassador to wire you some money, will you hold on to it for me??
I’ve been having the same login problem, the only way I can login is after booting off an XP CD and changing the software file in recovery mode as per below:
C:\windows>cd system32\config
C:\windows\system32\config>ren software software.old
This renames the current software hive to software.old
C:\windows\system32\config>copy C:\windows\repair\software
But when I go to the registry is looks like this as it should:
C:\windows\system32\userinit.exe,
I can get into windows now but haven’t got to the root cause of the problem. Any ideas on next steps?
Thank you for the tip about renaming the software key, but did you have an luck after that figuring out what was wrong?
Your method worked like champ., I tried both methods but didn’t work out. Then i tried your method renaming & copying the “software” file it worked. THANKS.
virus solution in more idea
Hi, I’m trying to fix my partner’s pc, I’m mostly a mac person so this is uncharted territory for me. I was able to get my hands on an xp cd but the ‘easy solution’ does not work. I don’t have any way of burning a bart pe cd (everyone else I know seems to be a mac user too).
Paul’s solution doesn’t involve the Bart PE disk, right? But…what’s the step after renaming the software? Will we need a Bart PE disk to fix the registry keys, or can that be done as described in the “easy fix” page?
Step by step instructions are most helpful, I’m flying blind here…
I swear to God, I have tears in my eyes right now. I’m not exaggerating. I literally have tears in my eyes right now. I have struggled with this issue for almost 24 hours straight, since I tried to remove a virus and got stuck in the login loop. I’ve been to every forum, to every website, tried everything (I thought), even considered biting the bullet and losing all of my data by re-installing xp, to no avail. I lost my job and much of what I need to get a new job is on my computer. I can’t afford to take my computer to a repair shop. Just when I was about to give up, put my head between my knees and start rocking back in forth in the fetal position, I found your article. Your site, white and clean like an angel from heaven has given me the solution and words cannot express the relief and joy that you have given me. Thank you, thank you, thank you.
I could just kiss you right now.
Aaron
I kept receiving the message:
X:\i386\SYSTEM32\CONFIG\SOFTWARE: Access is denied.
To solve this problem I:
If you go to http://windowsxp.mvps.org/peboot.htm you will read at step 3:
“From the File menu, choose the Load Hive option. BROWSE TO YOUR WINDOWS INSTALLATION DRIVE, for example the following location: C:\Windows\System32\Config\”
In the Load Hive “window” type in:
C:\windows\system32\config\software
In the right-pane the userinit.exe file was missing.
To copy it from the X:\ drive (the BartPE cd):
Click Go, CMD, and type:
COPY X:\i386\system32\userinit C:\windows\system32\
(I’m pretty sure that’s what I typed. I was a bit stressed out by this point in the process.)
Then go to:
HKEY_USERS\MYXPHive\Microsoft\Windows NT\CurrentVersion\Winlogon\
Click Edit, New, and String Value
This is create a new value on the right-pane. Create the name as: Userinit (no .exe)
Once the name is created, right click on it and give it a path of:
C:\Windows\system32\userinit.exe (no comma needed)
After all this, unload the MyXPHive and shut down.
My computer was finally able to start properly after all these steps. I then noticed that the task manager was disabled and the background was locked. To fix these things, see below…
To Fix the Task Manager:
Click Start, Run and type Regedit.exe
Navigate to the following branch:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
In the right-pane, delete the value named DisableTaskMgr
Close Regedit.exe
To Fix a locked background:
Click Start, Run and type Regedit.exe
Navigate to the following branch:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
In the right-pane, delete the value about “wallpaper”
Navigate to the following branch as well:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
In the right-pane, delete the value about “wallpaper”
Navigate to the following branch as well:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
In the right-pane, delete the value about “wallpaper”
Close Regedit.exe
To Fix anything else that may be wrong:
Click Start, Run and type Regedit.exe
Navigate to the following branch:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
In the right-pane, delete the values that make reference to not allowing you to do something
Navigate to the following branch as well:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
In the right-pane, delete the values that make reference to not allowing you to do something
Navigate to the following branch as well:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
In the right-pane, delete the values that make reference to not allowing you to do something
Navigate to the following branch as well:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
In the right-pane, delete the values that make reference to not allowing you to do something
Navigate to the following branch as well:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
In the right-pane, delete the values that make reference to not allowing you to do something
Navigate to the following branch as well:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
In the right-pane, delete the values that make reference to not allowing you to do something
Navigate to the following branch as well:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings
In the right-pane, delete the values that make reference to not allowing you to do something
Navigate to the following branch as well:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
In the right-pane, delete the values that make reference to not allowing you to do something
Close Regedit.exe
Hopefully this long post will at least help someone else out there.
Thanks Amy,
I didn’t have the config issue, but my task manager was disabled. Your instructions helped….I didn’t even know to look for all the stuff there. Thanks again.
one more thing….I had to change this key to get the task manager working:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System
set DisableTaskMgr to 0, or delete it, a-la info posted on http://windowsxp.mvps.org/Taskmanager_error.htm
Thanks!!!!!!!!!!
If you ever come to Finland I will bye you pint of beer
I’ve been trying to find a solution to this mess since September! At this point I’m mainly interested in recovering personal files. I barely understand how to navigate the registry and my comp wouldn’t let me in even in safe mode – I also don’t have a XP Disk.
If I muster the courage to attempt doing the steps from this article is it going to overwrite important data? Will I lose any of my personal files?
It also appeared that the virus attacked my MalwareBytes software…so if I got back into Windows how could I do a scan to find the/remove the virus?
Sorry…I’m sooooo bad with computers : (
If you just want to save files disconect the HD and conect it in a box/case via usb. save the files to the usb drive then save them to disk (scan them several times with a variety of anti virus software.)
The good thing about OUR situation is ALL data is salvagable.
However, I still want to recover my drive as teh work invovled in saving everything is huge and due to my isolation (accomodation wise) I am limited to just one PC (with 2 XP instals on it thank goodness) I cannot get into the partition.
I had a virus… I cleaned teh virus.. i rebooted… and now I have teh loop.
I cannot change the userini.exe file.
I have made a BART PE disk.. but sorry for being so stupid… I cannot seem to work it properly.
I have an XP Home SP3 OEM version disk.
and the BART PE disk.
What can I do?
I am working of a laptop from a working instal seperate install on the same drive as I have the problem. I have no access to other pcs.
thanks dude the post is really haelpful.!
Thanks a ton man!!! I work for an IT department and had a computer that got a nasty virus…got the virus off using a Kaspersky Live CD and was finally able to log into the computer using the “Slightly Harder” fix you put up…all I have to say is thank you soooo much! Worked on this problem for a whole day without any results until I stumbled onto your website
How can I create a BartPE bootable CD if I can’t get to windows. It says to “download it and run it”. I can put the download on a CD from another computer, but then how can I run the pebuilder.exe on the correct PC (with the correct Windows XP files)?
Thank you so much for the information. This was a nasty virus/trojan. The following worked for me…
1) I was able to remove the hard drive and install it on a clean computer as a slave drive. I used Norton 360 to scan and rescan the drive until it was clean of virus.
2) I copied userinit.exe and winlogon.exe from the clean computer to the 2nd HD and replaced the existing files. And reinstalled the HD in the computer. Still had problems.
3) Created a BartPE recovery disk – best thing! Used BartPE to get access to the computer and used regedit to update the required information.
4) This link was extremely valuable on how to load and edit the registry once BartPE had worked, as loading registries is not easy. http://windowsxp.mvps.org/peboot.htm
5) Added Shell and Winlogon information to Registry keys (as the antivirus had removed them)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell=explorer.exe
Userinit = x:\windows\system32\userinit.exe
Thank you all
Oh the x:\ should be what ever drive is the main (c:\)
I have tried to open the hive from my Windows Installation Drive using C:\, D E FGABC123 and nothing seems to work. BART doesn’t seem to be reading my drive at all. I’m at a loss and not sure what to do. I tried to Connect Network Registry and nothing happens. When I first boot up BART and it asks if I want to network connect I’ve said both yes and no and neither works. I also get an error message when I’ve tried ‘yes’.
I tried doing the ‘expand’ thing in the command prompt but likewise it seems to not be reading my drive or I may be doing that part incorrectly.
Any help would be oh so greatly appreciated.
Thank you
Bart is not finding your hard drive. I had the same problem with my SATA drive. I end up plugging in as a USB drive (via USB to Sata cable) and rebooted and that worked.
After a quick search I found people complaining BartPe is not recognizing SATA drives. Solution here: http://www.wilderssecurity.com/showthread.php?t=147253
The second option worked for me. Thank you very much. fwiw, I had an issue where the machine would browse to the windows directory when loading the hive but it appeared empty. Out of frustration, i clicked it over and over again and weirdly enough, up came the sub directories and I was able to locate the software file for the registry. Success!
Do I need to use the exact same Windows XP CD that came with the computer?
I am trying to fix a friend’s computer that has this problem, and his computer, a HP Compaq, did not come with a Windows XP CD. I have my own Windows XP CD, with a different service pack than the one that was originally installed on his computer. Can I create a BART PE disk from the CD that I have? Thanks.
vic.. you can use any windows installation cd,,
just for sharing, i also have the same problem, but it all ready solved,
checked the following links http://windowsxp.mvps.org/peboot.htm
there are steps for this problem,
steps
1. boot from your BartPE cd
2. from the GO menu, choose to browse c:\windows\system32
3. find the userinit.exe file (seems virus deleted this file)
4. if you couldn’t find it, try to fnd on your BartPE CD ( on BartPE\I386) and copy it to c:\windows\system32
5. and for the rest,, check above link
it works for me
HI All,
I am having the same issue when prompted for the user password at Windows XP Home logon screen, it logs you on, then disconnects network connections and logs you off again.
I created a BartPE and copied the userinit.exe from the bart CD and replaced the old one in C:\windows\system32\.
I also run regedit and adjusted the settings as described in the link posted by MR this morning.
It still doesn’t let me log on. Could it be that a virus is still active and needs to be “killed” first? how would i do that if i can’t even log on? Any ideas?
what it’s a magic trick
Hey, Don’t know if you still check this post but your solution works F A N T A S T I C A L L Y !!!!
I had a bart pe disk, but didn’t know where in the registry the fix needed to be made.
Got an old laptop up and logged on in about 5 minutes !!
Thanks,
Jeff
The Slightly Harder Fix did it for me. Wow….all the other forums have the easy fixes that didnt work!
A+
Greg go ahead and try to take the hard drive out and get IDE/SATA to USB adapter to scan your HD for viruses
I have this problem however I have a netbook so i don’t have a CD drive is there any other way to fix this problem? I went to a computer shop to see if i could get it fixed and they told me it would be £50
This solution worked perfectly. I tried the first solution countless times until I found this secondary solution! I used another computer without a boot disc and got my BartPE from there and burned the ISO to a CD. As others have said, the key is to make sure your in the C:\ Drive and not in the X:\ drive, which the program defaults to so pay attention to every detail! I had to manually type the exact location of the SOFTWARE location in order for it to load and allow me to name my hive.
THANK YOU VERY MUCH!
This just happened to me. I run a company with this computer and was shut down all day. Your page helped me save my computer and my company. Thank you !
Thank you!!! THANK YOU!!!!
god bless and good day…..
matt
FOR GREG,
I see exactly your problem, i found this video that explains it step by step. This is a BRITISH guy who mubbles the word Ultimate boot CD for Win…….
hopefully this will help.
http://www.youtube.com/watch?v=avjLawmpWZ8
Thank you so much, the second link did the trick, finally managed to save a friend’s PC without having to reinstall windows XP.
Ok I got the answer to all those whose BARTPE’s cant find the c drive,
go into recovery console and go to windows\system32\config
ren software to software.old and then type “copy C:\windows\repair\software”
now it should load into windows where you can do the hive fix. Dont even need bart pe.
then go back to the recovery console and rename software to software.temp and rename software.old(the one where you did the hive fix) to software, reboot and viola!
i have followed the steps for the harder fix but userinit reg does not exist in the winlogon folder ,c:\windows\system32\userinit .exe exists any ideas how to fix this
I would like to thank Mr. Kane for posting this to the web. I am an artist and frankly don’t have a lot of money to hire someone to fix my computer. So, I have to do it myself. After Googling the description, and following several false paths this page finely set me on the right one. In my case usernit.exe has gone missing. Once I found instructions on how to restore that program my computer immediately started functioning. I was down for about a day. I have no idea if a virus erased it or if my computer hiccuped and deleted it. I’m just super happy to have my computer working again. Thanks :*)
This is the page with the instructions:
http://www.f-prot.com/support/windows/fpwin_faq/106.html
P.S. PC’s may be more susceptible to viruses then Macs but they’re more affordable and they have a right mouse button.
I had to create my own string value for userinit, but other than that I had no problems. BartPE is a great find. Thanks for taking the time to help with this most annoying of pc problems; I am in your debt.
Ok guys you are all god cause it works after a combination of your explanations
Thanks !!
Can anyone PLEASE tell me how to edit the registry key if I am unable to boot from ANY CD at all?? I made the BartPE CD from a friend’s computer and changed the bios to boot from CD-ROM first; the BartPE booted when I tried it on my friend’s CD but it won’t boot at all on my computer. Instead the PC just boots up normally and goes to the log-in screen. I think my CD-ROM is jacked.
Is there a way to make this fix on the registry from a different computer? Email me, theworldiscrazy2@yahoo.com if you have the right solution, thanks so much.
This has helped many people and I have used something similar for quite a while. One thing to note, is if you upgraded your XP install from 2000 your Windows directory may be WinNT instead so the above paths would need to be adjusted.
Also, I have seen some viruses change the permissions for the registry and those have to be changed (even in Bart) to allow the reg file to be imported or edited.
It is a good habit to check the values of these settings and files after cleaning a PC but before restarting. A good utility to do that is the free Autoruns program from Microsoft’s Systernals Utilities.
brilliant solution with startup disc and handy bat file, which does all the necessary stuff to get your system going again:
http://saveme.danfischbach.com/
hi i read all your comments but, must tell you that in my case i actually deleted this file called userinit.exe when trying to remove a virus.
my cd rom drive had a problem in picking up cd so was unable to do the bartpe option….after a few huches i foud a way to fix the problem without the need for a cd…
ok what i did is that i restarted the computer and started windows normally. as it came to the welcome screen i punched in my password for the admin account as it was login in i pressed ctrl+shift+esc this opend my task manager i then clicked on file new task and typed regedit….i was loged off again…i again restarted my computer and again came to the welcome screen i typed my password for the admin account and it logged me in i again opend my task manager new task and the word regedit was already typed for me…i opend registry and went to HKLM/SOFTWARE/MICROSOFT……Iwas logged off again….i had to reapeat the same procedure and this time when i opened regedit from my task manager i had the HKLM/SOFTWARE/MICROSOFT opend i clicked on Windows NT/Current Version/ i was logged off again….restarted my comp again dis time i managed to reach the Current Version before being logged off i opend the userinit entry and typed C:\Windows\system32\userinit.exe,…..given that i am not a fast typer i was logged off again so had to restart and went back to the userinit edit entry where as much as i typed was still there i then completed the whole path and pressed ok restarted the pc and bingo it was working again……….
i actually managed to do all this without xp cd which was great the key is you have to restart as this gives you time when you login to your admin account…further you need to be very quick in opening task manager and then regedit then the reqired folder but do not worry if your loged off just restart and start again you will notice that the computer saves your opend folder so you don’t have to start everything from scratch..i hope this makes sense if not you can e-mail me for help
I install Avast antivirus and run fist scan from the booting. after clean the viruses this error appear.
i have try with your CD and the error still the same,
Please help if you can,
Thank you!
i tried everything and it still loging off ….
Nephew brought me his laptop with this problem after installing and running Norton. Read through a lot of helpful information here. Because of this Iwas able to find that his laptop was missing the userinit.exe file in system32.
I copied the file from my desktop computer onto a usb stick, then using the windows cd in recovery mode I simply copied the userinit.exe into system32 from the usb stick.
This stopped the login loop and just reports a log on error, but giving me full access to a normal windows start up.
I just have to stop the error window by following advice given above by using regedit to completey remove the problem if this is part of the same problem.
Having the logon errorr is not a problem for running windows especially as Norton does not report any problems and one click and the message is gone. I presume this is a cause of the logon loop being interupted.