Hello, I must be going.
September 6, 2009 10:39 AM Subscribe
While attempting to remove a virus from my in-laws Windows XP Home machine, I have now made it so that it boots to the login screen, and when you click on a username, it logs in and immediately logs my back out, leaving me at the login screen. Oh noes.
A few more relevant details:
- It does this in Safe Mode as well.
- They don't back this system up at all.
- I tried to do a repair of Windows using an XP install disk, but it kept asking for an Administrator password. To my knowledge, there isn't an admin password, but I still can't get this to work.
- The file I deleted is still in the Recycle Bin.
- Less than a year ago, my wife and I provided the owners of this computer with a brand new, beautiful grandchild, but at this moment, I don't think that will help me much.
How can I get this thing to boot properly again? Thanks for your help.
A few more relevant details:
- It does this in Safe Mode as well.
- They don't back this system up at all.
- I tried to do a repair of Windows using an XP install disk, but it kept asking for an Administrator password. To my knowledge, there isn't an admin password, but I still can't get this to work.
- The file I deleted is still in the Recycle Bin.
- Less than a year ago, my wife and I provided the owners of this computer with a brand new, beautiful grandchild, but at this moment, I don't think that will help me much.
How can I get this thing to boot properly again? Thanks for your help.
http://home.eunet.no/pnordahl/ntpasswd/bootdisk.html
That CD/Floppy image will remove the admin. password, and is only a couple of MB.
posted by ed\26h at 10:46 AM on September 6, 2009
That CD/Floppy image will remove the admin. password, and is only a couple of MB.
posted by ed\26h at 10:46 AM on September 6, 2009
What you need to do is pull out their hard drive and put it into a USB enclosure.
That will allow you to get their data off safely without infecting further USB keys/machines/etc.
Next, buy a new hard drive, install that and install Windows from scratch - it may mean buying a new copy, sorry.
That is truly the only safe method if this is a true virus or very nasty peice of malware.
(I've faced similar situations with my family, my in-laws and my neighbours - thankfully most of their machines came with an actual installable copy of Windows)
posted by jkaczor at 10:47 AM on September 6, 2009
That will allow you to get their data off safely without infecting further USB keys/machines/etc.
Next, buy a new hard drive, install that and install Windows from scratch - it may mean buying a new copy, sorry.
That is truly the only safe method if this is a true virus or very nasty peice of malware.
(I've faced similar situations with my family, my in-laws and my neighbours - thankfully most of their machines came with an actual installable copy of Windows)
posted by jkaczor at 10:47 AM on September 6, 2009
If you have to go the data rescue/reinstall route, you can also use a bootable linux CD to get at the contents of the HD. I've used knoppix and others for similar tasks, and transferred files over the network to someplace safe. If the virus is still on there and giving you fits, I've seen how-tos for using bootable linux cds and ClamAV to clean them out, but I've never done it and YMMV.
posted by jquinby at 11:31 AM on September 6, 2009
posted by jquinby at 11:31 AM on September 6, 2009
This sounds like you have a corrupt userinit.exe or winlogon.exe. If you can get a boot cd (like they say above), maneuver to the C:/Windows/System32 folder, rename the current files and replace them with ones from a healthy system it may solve your problem.
If, when booting from the XP Home disc, you are getting asked for an admin password then you are trying to use the repair console, which is not what you want. You need to choose "Install Windows" (not the repair console) and it will find the install that is already there, offering to repair the installation. THIS is what you want to do, and it will not ask for a password.
posted by dozo at 11:34 AM on September 6, 2009
If, when booting from the XP Home disc, you are getting asked for an admin password then you are trying to use the repair console, which is not what you want. You need to choose "Install Windows" (not the repair console) and it will find the install that is already there, offering to repair the installation. THIS is what you want to do, and it will not ask for a password.
posted by dozo at 11:34 AM on September 6, 2009
Response by poster: I tried ed/26h's idea, and discovered that the Aministrator account has no password assigned to it, and the problem is this http://support.microsoft.com/kb/308402.
Basically, the problem is that the copy XP that I have does not have SP1 on it. SP1 fixes this password problem.
Thanks for the suggestions. Please keep them coming.
posted by 4ster at 11:39 AM on September 6, 2009
Basically, the problem is that the copy XP that I have does not have SP1 on it. SP1 fixes this password problem.
Thanks for the suggestions. Please keep them coming.
posted by 4ster at 11:39 AM on September 6, 2009
Response by poster: @dozo: userinit.exe is the file I deleted. It is in the recycle bin. is there a way to restore it from the trash, say, from DOS?
posted by 4ster at 11:41 AM on September 6, 2009
posted by 4ster at 11:41 AM on September 6, 2009
If you need to restore that file, and you know for sure it's still in the recyle bin, use knoppix 5.01 to boot an OS on there, mount the HD R/W and move the file from the trash to wherever it's supposed to live.
posted by jquinby at 11:47 AM on September 6, 2009
posted by jquinby at 11:47 AM on September 6, 2009
Here is a pretty good Youtube link to get this done with the recovery console, replacing it with the original on the XP disc. You can also do the knoppix thing suggested by jquinby but expanding from the disc will be somewhat faster.
If you get this running again, I would suggest using Malwarebytes if nothing else, though more will probably be necessary. A good forum for anti-malware is MajorGeeks.com. Fourth sticky down is where you need to go for a concise, comprehensive list of cleaners and methods, as well as helpers that will give you specific advice if you're civil and can follow directions.
posted by dozo at 11:57 AM on September 6, 2009
If you get this running again, I would suggest using Malwarebytes if nothing else, though more will probably be necessary. A good forum for anti-malware is MajorGeeks.com. Fourth sticky down is where you need to go for a concise, comprehensive list of cleaners and methods, as well as helpers that will give you specific advice if you're civil and can follow directions.
posted by dozo at 11:57 AM on September 6, 2009
LOL, crap, I didn't see the thing about the invalid password thing. Did you try just pressing enter when asked about the password?
posted by dozo at 11:59 AM on September 6, 2009
posted by dozo at 11:59 AM on September 6, 2009
If you can get to the C drive in DOS there is a usually hidden folder, C:/RECYCLED, that should contain it. You should be able to cp it to c:/Windows/System32.
posted by dozo at 12:07 PM on September 6, 2009
posted by dozo at 12:07 PM on September 6, 2009
4ster,
So what happens if you try to change the password to, say, "aaa" from that boot CD?
posted by ed\26h at 12:10 PM on September 6, 2009
So what happens if you try to change the password to, say, "aaa" from that boot CD?
posted by ed\26h at 12:10 PM on September 6, 2009
Best answer: hmm, i find that the c:/recycled folder is in a different format than I remember. I think that the best bet will be to get a boot cd (knoppix or another of the above mentioned) and replace the file entirely with a thumbdrive or similar.
posted by dozo at 12:15 PM on September 6, 2009
posted by dozo at 12:15 PM on September 6, 2009
Response by poster: OK, so I found an old copy of ubuntu, and I can boot to it and copy userinit.exe to the desktop from a thumbdrive, but not to windows/system32 because it tells me i don't have adequate permissions. is there a work around for this?
posted by 4ster at 12:51 PM on September 6, 2009
posted by 4ster at 12:51 PM on September 6, 2009
4ster, my guess is that ubuntu is mounting the NTFS drive read-only. See if you can enable write-mode - if not, try the version (or later) of knoppix I mentioned above. Writing to NTFS partitions was something of a sketchy proposition awhile back, but it seems to be decently supported now.
posted by jquinby at 1:31 PM on September 6, 2009
posted by jquinby at 1:31 PM on September 6, 2009
Response by poster: I was able to copy the file over using gOS, but i'm still having the original problem. i must have deleted registry keys as well.
posted by 4ster at 1:44 PM on September 6, 2009
posted by 4ster at 1:44 PM on September 6, 2009
See here for some recovery steps for deleting userinit.exe...
posted by jquinby at 1:49 PM on September 6, 2009
posted by jquinby at 1:49 PM on September 6, 2009
This thread is closed to new comments.
posted by dunkadunc at 10:42 AM on September 6, 2009