April 17, 2007 Ian Luke Kane

Windows XP Login Logout Loop (Virus)

I’m writing this post with the hope that it will be helpful to people who face the same computer predicament that I did a few days ago. Here’s a little bit of background information: Last Tuesday I met John Chol Daau, who is from Sudan. He grew up as one of the Lost Boys of Sudan, forced to leave his home and wander hundreds of miles through Africa to survive. If you don’t know much about this particular humanitarian issue, I suggest spending a small amount of time reading up on it. Anyway, John told me that his PC was experiencing a debilitating virus, and asked if I would look at it. I said that I would. After spending quite a bit of time reading through various website forums, here’s a short description of the problem and its solution:

Problem: The PC (which runs Windows XP with SP2) starts normally. The Windows splash screen appears correctly and then the login prompt correctly loads. You can then enter your user name and password like normal, but as soon as you try to login you are IMMEDIATELY logged back out again. The desktop doesn’t even load. It moves immediately back to the login window where you can then enter your user name and password again. No matter how many times you try to login you always experience this immediate logout. Even if you try to login to the computer in safe mode you still experience the same problem. This problem is documented on Microsoft’s website here.

Solution: I’m sure this behavior can be caused by many different problems, but the most common cause is a virus. If you’re familiar with the Windows registry, this virus changes a few registry key values that makes it impossible to login to your computer. If you’re not familiar with the registry, don’t panic. I’ll post links to a few articles that very clearly explain how to fix this problem. Basically, the virus makes two very simple changes to your computer that render it useless. In order to fix the problem, you have to change these two things back to the way they were while your computer was working.

Easy Fix: The “easy” solution to this problem can be found here. In order to use this fix you have to have your Windows XP install CD. This is the CD that contains the files necessary to install the operating system on your computer. You probably have this disk stashed in a drawer somewhere. You should note that there’s a difference between the Windows XP install CD and the recovery CD that may have shipped with your computer. It’s actually possible that when you bought your computer that it didn’t actually come with a Windows XP install CD. Sometimes computer manufacturers will only ship you a recovery disk, which is altogether different. You need your Windows XP install CD so that you can run an application called the Recovery Console. The link above should provide documentation on how to use the Recovery Console. Unfortunately, this fix didn’t work for John’s computer, but it may work for yours.

Slightly Harder Fix: This fix is the one that ended up working to fix John’s computer. A detailed explanation of this fix can be found here. It requires you to have access to another Windows PC with a CD burner (even if it’s a friend’s computer). You have to download a program called BartPE, which is one of the greatest recovery tools that exists. For this particular problem, BartPE will enable you to quickly change the two settings that the virus messed up. You may need a Windows XP install CD for this method as well. But it may be possible for the program to find what it needs from your friend’s computer without having to have access to this disk.

If you have any questions, please feel free to contact me. The above links should give you the tutorials you need to fix the problem. And if you use a PC you should use a virus protection program! If you don’t, you’re asking for trouble! Good luck!

If you found this article helpful and would like to do something small to support Logic Nest and also benefit yourself, sign up for a Dropbox account here. Dropbox is software that syncs your files online and across your computers, and by signing up you get a 2GB free account. I also get a little bit of extra space for referring you. This is one of the best pieces of software that I use today. It’s a huge productivity booster, and helps me to back items up across computers.


Comments (130)

  1. Ahslan

    Thanks a ton man!!! I work for an IT department and had a computer that got a nasty virus…got the virus off using a Kaspersky Live CD and was finally able to log into the computer using the “Slightly Harder” fix you put up…all I have to say is thank you soooo much! Worked on this problem for a whole day without any results until I stumbled onto your website 🙂

  2. Pingback: It’s a Blog ! Not a Log ! » Well I promised . .
  3. Connie

    How can I create a BartPE bootable CD if I can’t get to windows. It says to “download it and run it”. I can put the download on a CD from another computer, but then how can I run the pebuilder.exe on the correct PC (with the correct Windows XP files)?

  4. RANS

    Thank you so much for the information. This was a nasty virus/trojan. The following worked for me…
    1) I was able to remove the hard drive and install it on a clean computer as a slave drive. I used Norton 360 to scan and rescan the drive until it was clean of virus.
    2) I copied userinit.exe and winlogon.exe from the clean computer to the 2nd HD and replaced the existing files. And reinstalled the HD in the computer. Still had problems.
    3) Created a BartPE recovery disk – best thing! Used BartPE to get access to the computer and used regedit to update the required information.
    4) This link was extremely valuable on how to load and edit the registry once BartPE had worked, as loading registries is not easy. http://windowsxp.mvps.org/peboot.htm
    5) Added Shell and Winlogon information to Registry keys (as the antivirus had removed them)
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit = x:\windows\system32\userinit.exe

    Thank you all

  5. Ramona

    I have tried to open the hive from my Windows Installation Drive using C:\, D E FGABC123 and nothing seems to work. BART doesn’t seem to be reading my drive at all. I’m at a loss and not sure what to do. I tried to Connect Network Registry and nothing happens. When I first boot up BART and it asks if I want to network connect I’ve said both yes and no and neither works. I also get an error message when I’ve tried ‘yes’.

    I tried doing the ‘expand’ thing in the command prompt but likewise it seems to not be reading my drive or I may be doing that part incorrectly.

    Any help would be oh so greatly appreciated.

    Thank you

  6. The second option worked for me. Thank you very much. fwiw, I had an issue where the machine would browse to the windows directory when loading the hive but it appeared empty. Out of frustration, i clicked it over and over again and weirdly enough, up came the sub directories and I was able to locate the software file for the registry. Success!

  7. Vic

    Do I need to use the exact same Windows XP CD that came with the computer?

    I am trying to fix a friend’s computer that has this problem, and his computer, a HP Compaq, did not come with a Windows XP CD. I have my own Windows XP CD, with a different service pack than the one that was originally installed on his computer. Can I create a BART PE disk from the CD that I have? Thanks.

  8. MR

    vic.. you can use any windows installation cd,,

    just for sharing, i also have the same problem, but it all ready solved,
    checked the following links http://windowsxp.mvps.org/peboot.htm

    there are steps for this problem,
    1. boot from your BartPE cd
    2. from the GO menu, choose to browse c:\windows\system32
    3. find the userinit.exe file (seems virus deleted this file)
    4. if you couldn’t find it, try to fnd on your BartPE CD ( on BartPE\I386) and copy it to c:\windows\system32
    5. and for the rest,, check above link

    it works for me

  9. Greg

    HI All,
    I am having the same issue when prompted for the user password at Windows XP Home logon screen, it logs you on, then disconnects network connections and logs you off again.

    I created a BartPE and copied the userinit.exe from the bart CD and replaced the old one in C:\windows\system32\.

    I also run regedit and adjusted the settings as described in the link posted by MR this morning.

    It still doesn’t let me log on. Could it be that a virus is still active and needs to be “killed” first? how would i do that if i can’t even log on? Any ideas?

  10. Jeff Green - Washington, DC

    Hey, Don’t know if you still check this post but your solution works F A N T A S T I C A L L Y !!!!

    I had a bart pe disk, but didn’t know where in the registry the fix needed to be made.

    Got an old laptop up and logged on in about 5 minutes !!



  11. EPIC!

    The Slightly Harder Fix did it for me. Wow….all the other forums have the easy fixes that didnt work!


  12. EPIC!

    Greg go ahead and try to take the hard drive out and get IDE/SATA to USB adapter to scan your HD for viruses

  13. Emz

    I have this problem however I have a netbook so i don’t have a CD drive is there any other way to fix this problem? I went to a computer shop to see if i could get it fixed and they told me it would be £50

  14. MP

    This solution worked perfectly. I tried the first solution countless times until I found this secondary solution! I used another computer without a boot disc and got my BartPE from there and burned the ISO to a CD. As others have said, the key is to make sure your in the C:\ Drive and not in the X:\ drive, which the program defaults to so pay attention to every detail! I had to manually type the exact location of the SOFTWARE location in order for it to load and allow me to name my hive.


  15. Matthew

    This just happened to me. I run a company with this computer and was shut down all day. Your page helped me save my computer and my company. Thank you !

    Thank you!!! THANK YOU!!!!

    god bless and good day…..


  16. Thank you so much, the second link did the trick, finally managed to save a friend’s PC without having to reinstall windows XP.

Comments are closed.