After running spyware - XP won't let me boot - keeps logging out

[daviddschool]

I have a dual boot XP and Win 7. I was in XP at the time.



I had recently running spybot because of a virus/spyware in my system

that caused the little RED X to appear in the start up menu and caused

my desktop background to show "YOU HAVE A VIRUS" repair immediately

and then it puts a TRIAL of some software on my desktop. Needless to

say, I didn't bother with it.

So here is what I did :



1) Ran Hijack This and took out what I could. Some things could not

be removed.



2) I rebooted and this did not fix the issue.



3) Tried restarting in safe mode, same issue.



4) Ran spybot and rebooted, this time it continues to log me off in

both safe and regular mode - it says "Loading user settings", and then

it logs me off.



Any ideas how to fix this?

 

[C]

After running spyware - XP won't let me boot - keeps loggingout

daviddschool wrote:

> I have a dual boot XP and Win 7. I was in XP at the time.

>

> I had recently running spybot because of a virus/spyware in my system

> that caused the little RED X to appear in the start up menu and caused

> my desktop background to show "YOU HAVE A VIRUS" repair immediately

> and then it puts a TRIAL of some software on my desktop. Needless to

> say, I didn't bother with it.

> So here is what I did :

>

> 1) Ran Hijack This and took out what I could. Some things could not

> be removed.

>

> 2) I rebooted and this did not fix the issue.

>

> 3) Tried restarting in safe mode, same issue.

>

> 4) Ran spybot and rebooted, this time it continues to log me off in

> both safe and regular mode - it says "Loading user settings", and then

> it logs me off.

>

> Any ideas how to fix this?



Reformat. Reinstall XP or spend weeks trying to chase down all the

malware. I trust you're backed up.



--

C

 

[Pegasus [MVP]]

"daviddschool" said this in news item

news:4f47d646-afd7-4f4a-9922-bfdb91c180cc@c22g2000vbb.googlegroups.com...

> I have a dual boot XP and Win 7. I was in XP at the time.

>

> I had recently running spybot because of a virus/spyware in my system

> that caused the little RED X to appear in the start up menu and caused

> my desktop background to show "YOU HAVE A VIRUS" repair immediately

> and then it puts a TRIAL of some software on my desktop. Needless to

> say, I didn't bother with it.

> So here is what I did :

>

> 1) Ran Hijack This and took out what I could. Some things could not

> be removed.

>

> 2) I rebooted and this did not fix the issue.

>

> 3) Tried restarting in safe mode, same issue.

>

> 4) Ran spybot and rebooted, this time it continues to log me off in

> both safe and regular mode - it says "Loading user settings", and then

> it logs me off.

>

> Any ideas how to fix this?



The looping issue is caused by a problem with the file userinit.exe. To fix

it can be tedious. As C suggested, your machine is compromised and you

should save all your important files (including your EMail files!), then

re-install Windows on a freshly formatted disk. If you continue with your

current system then you are likely to have a never-ending string of

problems.

 

[Jose]

On Feb 8, 9:06 am, daviddschool wrote:

> I have a dual boot XP and Win 7.  I was in XP at the time.

>

> I had recently running spybot because of a virus/spyware in my system

> that caused the little RED X to appear in the start up menu and caused

> my desktop background to show "YOU HAVE A VIRUS" repair immediately

> and then it puts a TRIAL of some software on my desktop.  Needless to

> say, I didn't bother with it.

> So here is what I did :

>

> 1) Ran Hijack This and took out what I could.  Some things could not

> be removed.

>

> 2) I rebooted and this did not fix the issue.

>

> 3) Tried restarting in safe mode, same issue.

>

> 4) Ran spybot and rebooted, this time it continues to log me off in

> both safe and regular mode - it says "Loading user settings", and then

> it logs me off.

>

> Any ideas how to fix this?



You could reinstall without even trying to fix your system, or you can

try to fix what you have.



A reinstall will require a genuine bootable XP installation CD.



You are certainly not the first person to have this problem.



You can probably fix what you have with a genuine bootable XP

installation CD or a bootable Recovery Console CD that you can make

yourself.



Here are some instructions to make a bootable Recovery Console CD:



http://www.bleepingcomputer.com/forums/topic276527.html



After you have successfully booted the afflicted computer on the

Recovery Console CD, then you can work on resolving your issue.

 

[daviddschool]

On Feb 8, 10:22 am, "Pegasus [MVP]" wrote:

> "daviddschool" said this in news itemnews:4f47d646-afd7-4f4a-9922-bfdb91c180cc@c22g2000vbb.googlegroups.com...

>

>

>

>

>

> > I have a dual boot XP and Win 7.  I was in XP at the time.

>

> > I had recently running spybot because of a virus/spyware in my system

> > that caused the little RED X to appear in the start up menu and caused

> > my desktop background to show "YOU HAVE A VIRUS" repair immediately

> > and then it puts a TRIAL of some software on my desktop.  Needless to

> > say, I didn't bother with it.

> > So here is what I did :

>

> > 1) Ran Hijack This and took out what I could.  Some things could not

> > be removed.

>

> > 2) I rebooted and this did not fix the issue.

>

> > 3) Tried restarting in safe mode, same issue.

>

> > 4) Ran spybot and rebooted, this time it continues to log me off in

> > both safe and regular mode - it says "Loading user settings", and then

> > it logs me off.

>

> > Any ideas how to fix this?

>

> The looping issue is caused by a problem with the file userinit.exe. To fix

> it can be tedious. As C suggested, your machine is compromised and you

> should save all your important files (including your EMail files!), then

> re-install Windows on a freshly formatted disk. If you continue with your

> current system then you are likely to have a never-ending string  of

> problems.- Hide quoted text -

>

> - Show quoted text -



Will the reinstall delete every?



Also, since I am running a DUAL BOOT system on two different drives,

is it safe to go to WIN 7, look at the drive and take what I need from

it before hand? If it is malware, will it jump from drive to drive

even if I am not using it? If I reinstall, does that delete

everything?

 

[C]

After running spyware - XP won't let me boot - keeps loggingout

daviddschool wrote:

> On Feb 8, 10:22 am, "Pegasus [MVP]" wrote:

>> "daviddschool" said this in news itemnews:4f47d646-afd7-4f4a-9922-bfdb91c180cc@c22g2000vbb.googlegroups.com...

>>

>>

>>

>>

>>

>>> I have a dual boot XP and Win 7. I was in XP at the time.

>>> I had recently running spybot because of a virus/spyware in my system

>>> that caused the little RED X to appear in the start up menu and caused

>>> my desktop background to show "YOU HAVE A VIRUS" repair immediately

>>> and then it puts a TRIAL of some software on my desktop. Needless to

>>> say, I didn't bother with it.

>>> So here is what I did :

>>> 1) Ran Hijack This and took out what I could. Some things could not

>>> be removed.

>>> 2) I rebooted and this did not fix the issue.

>>> 3) Tried restarting in safe mode, same issue.

>>> 4) Ran spybot and rebooted, this time it continues to log me off in

>>> both safe and regular mode - it says "Loading user settings", and then

>>> it logs me off.

>>> Any ideas how to fix this?

>> The looping issue is caused by a problem with the file userinit.exe. To fix

>> it can be tedious. As C suggested, your machine is compromised and you

>> should save all your important files (including your EMail files!), then

>> re-install Windows on a freshly formatted disk. If you continue with your

>> current system then you are likely to have a never-ending string of

>> problems.- Hide quoted text -

>>

>> - Show quoted text -

>

> Will the reinstall delete every?

>

> Also, since I am running a DUAL BOOT system on two different drives,

> is it safe to go to WIN 7, look at the drive and take what I need from

> it before hand? If it is malware, will it jump from drive to drive

> even if I am not using it? If I reinstall, does that delete

> everything?



Now you know why dual booting isn't a good idea. You should reinstall

both or just one.



--

C

 

[Twayne]

In news:4f47d646-afd7-4f4a-9922-bfdb91c180cc@c22g2000vbb.googlegroups.com,

daviddschool typed:

> I have a dual boot XP and Win 7. I was in XP at the time.

>

> I had recently running spybot because of a virus/spyware in my system

> that caused the little RED X to appear in the start up menu and caused

> my desktop background to show "YOU HAVE A VIRUS" repair immediately

> and then it puts a TRIAL of some software on my desktop. Needless to

> say, I didn't bother with it.

> So here is what I did :

>

> 1) Ran Hijack This and took out what I could. Some things could not

> be removed.

>

> 2) I rebooted and this did not fix the issue.

>

> 3) Tried restarting in safe mode, same issue.

>

> 4) Ran spybot and rebooted, this time it continues to log me off in

> both safe and regular mode - it says "Loading user settings", and then

> it logs me off.

>

> Any ideas how to fix this?



If you read the text, HiJack This should only be run AFTER you have

exhausted all other means of recovering your computer. It shouldn't be the

first thing you do and won't often get you anyhelp if/when you post the

output as instructed.



It sounds like a clean install might be in order, actually. You may be

infested with several hard to chase down pieces of malware that AV isn't

going to find. If you've backed up as you should, it's an easy process. If

not, well, it might take a day or two or more to do the reinstall. Without

reinstalling you could spend months chasing things and never succeed.



HTH,



Twayne









--

--

Life is the only real counselor; wisdom unfiltered

through personal experience does not become a

part of the moral tissue.

 

[daviddschool]

> If you read the text, HiJack This should only be run AFTER you have

> exhausted all other means of recovering your computer. It shouldn't be the

> first thing you do and won't often get you anyhelp if/when you post the

> output as instructed.

>

> It sounds like a clean install might be in order, actually. You may be

> infested with several hard to chase down pieces of malware that AV isn't

> going to find. If you've backed up as you should, it's an easy process. If

> not, well, it might take a day or two or more to do the reinstall.  Without

> reinstalling you could spend months chasing things and never succeed.

>

> HTH,

>

> Twayne

>

I am just worried if it is a virus or malware that is might go to the

other drive. I have a USB flash drive that was plugged in at the time

- and that is giving me issues now, so I didn't want to infect the

other drive if it might do that. But I don't know enough about this

to be sure.



I don't mind reinstalling, but I wonder if my drive is now off-limits

- ie; if I boot with Win7 and access the drive, am I at risk of

corrupting the other drive?

I do have a backup from about 3 weeks ago. Nothing major has been

changed this then, so I am not too worried about it, but there are a

few files I want to get - so that is why I was wondering if I could

boot to Win7 and then access those file from the bad drive - or is

this just causing more issue down the road?

-

 

[Pegasus [MVP]]

"daviddschool" said this in news item

news:a99c33d4-ae76-4fcb-baaa-21bfd26369cc@x9g2000vbo.googlegroups.com...

> On Feb 8, 10:22 am, "Pegasus [MVP]" wrote:

>> "daviddschool" said this in news

>> itemnews:4f47d646-afd7-4f4a-9922-bfdb91c180cc@c22g2000vbb.googlegroups.com...

>>

>>

>>

>>

>>

>> > I have a dual boot XP and Win 7. I was in XP at the time.

>>

>> > I had recently running spybot because of a virus/spyware in my system

>> > that caused the little RED X to appear in the start up menu and caused

>> > my desktop background to show "YOU HAVE A VIRUS" repair immediately

>> > and then it puts a TRIAL of some software on my desktop. Needless to

>> > say, I didn't bother with it.

>> > So here is what I did :

>>

>> > 1) Ran Hijack This and took out what I could. Some things could not

>> > be removed.

>>

>> > 2) I rebooted and this did not fix the issue.

>>

>> > 3) Tried restarting in safe mode, same issue.

>>

>> > 4) Ran spybot and rebooted, this time it continues to log me off in

>> > both safe and regular mode - it says "Loading user settings", and then

>> > it logs me off.

>>

>> > Any ideas how to fix this?

>>

>> The looping issue is caused by a problem with the file userinit.exe. To

>> fix

>> it can be tedious. As C suggested, your machine is compromised and you

>> should save all your important files (including your EMail files!), then

>> re-install Windows on a freshly formatted disk. If you continue with your

>> current system then you are likely to have a never-ending string of

>> problems.- Hide quoted text -

>>

>> - Show quoted text -

>

> Will the reinstall delete every?

>

> Also, since I am running a DUAL BOOT system on two different drives,

> is it safe to go to WIN 7, look at the drive and take what I need from

> it before hand? If it is malware, will it jump from drive to drive

> even if I am not using it? If I reinstall, does that delete

> everything?



What do you mean with "Will the reinstall delete every?"



IMHO a decent dual-booting system should have complete separation between

the two OSs so that there is no traffic between them. The traditional

Windows boot loaders cannot hide partitions from each other but many

third-party boot loaders (e.g. XOSL) can.

 

[daviddschool]

What do you mean with "Will the reinstall delete every?"

>

> IMHO a decent dual-booting system should have complete separation between

> the two OSs so that there is no traffic between them. The traditional

> Windows boot loaders cannot hide partitions from each other but many

> third-party boot loaders (e.g. XOSL) can.- Hide quoted text -

>

> - Show quoted text -



Sorry, I meant a fix or reinstall - will it delete everything or just

the corrupt and missing files?



Also, I am not sure about the USB flash drive. Because I did access

it during the night when it happened, I am not sure about it. I am

going to try and run an ONLINE virus scan to see what comes up

(hopefully it will show me something). The iussue I have with the USB

flash drive is that if it is infected, won't every computer that comes

in contact with it become infect, in effect not really letting me be

able to check it? Is there a way that that I can get XP or WIN7 not

to access the drive and do the 'auto run' thing when I plug it in?

 

[John Wunderlich]

daviddschool wrote in

news:d6df2de7-7c24-43f9-85a8-f5bff6b55826@o8g2000vbm.googlegroups.com

:



> I am just worried if it is a virus or malware that is might go to

> the other drive. I have a USB flash drive that was plugged in at

> the time - and that is giving me issues now, so I didn't want to

> infect the other drive if it might do that. But I don't know

> enough about this to be sure.

>

> I don't mind reinstalling, but I wonder if my drive is now

> off-limits - ie; if I boot with Win7 and access the drive, am I at

> risk of corrupting the other drive?

> I do have a backup from about 3 weeks ago. Nothing major has been

> changed this then, so I am not too worried about it, but there are

> a few files I want to get - so that is why I was wondering if I

> could boot to Win7 and then access those file from the bad drive -

> or is this just causing more issue down the road?

> -

>



IMHO, your best approach at this point would be to boot your computer

from one of the free Live Linux CDs (such as Knoppix). Since the OS

will be on a CD, it can't be corrupted and since it isn't Windows,

there's little chance of the virus moving over on its own unless you

explicitly copy it. After you boot from the Linux CD, back up your

files to either a USB drive or a network drive. Then you can reinstall

Windows on your hard drive.



Knoppix:



HTH,

John

 

[daviddschool]

> IMHO, your best approach at this point would be to boot your computer

> from one of the free Live Linux CDs (such as Knoppix).  Since the OS

> will be on a CD, it can't be corrupted and since it isn't Windows,

> there's little chance of the virus moving over on its own unless you

> explicitly copy it.  After you boot from the Linux CD, back up your

> files to either a USB drive or a network drive.  Then you can reinstall

> Windows on your hard drive.

>

> Knoppix:  

>

> HTH,

>   John



Thanks John, you advice is great. I am downloading now.

Again, I guess my biggest worry is still my USB flash drive. It has

important files on it and I don't know if they are infected or not.

Is there a way to use the Ontrack online checker with Knoppix? Again,

maybe I am being paranoid, but I don't want the virus (if it is a

virus) to jump to my USB flash drive - OR - if it already has, for it

to reside there without me knowing and therefore using it on my

laptop, my work computer etc. I am guessing the virus wouldn't jump

to a drive I didn't necessarily use at the time, but I just don't

know.

 

[daviddschool]

Also a question I forgot to ask, what is the admin password if you

don't set one? I tried REPAIR install and it asked me for an admin

password - I never set one in the first place, so what would I do in a

case like that?

 

[sgopus]

After running spyware - XP won't let me boot - keeps logging o

You are safe to boot into win 7, operating systems do not talk back and forth

like that, malware like you have seen, is only active once loaded into

memory, and your other OS should be safe, notice I said should, as I have no

idea what you've been doing or going with it. about the flash drive, get an

antivirus scanner that will scan the flash as soon as it's plugged in.



"John Wunderlich" wrote:



> daviddschool wrote in

> news:d6df2de7-7c24-43f9-85a8-f5bff6b55826@o8g2000vbm.googlegroups.com

> :

>

> > I am just worried if it is a virus or malware that is might go to

> > the other drive. I have a USB flash drive that was plugged in at

> > the time - and that is giving me issues now, so I didn't want to

> > infect the other drive if it might do that. But I don't know

> > enough about this to be sure.

> >

> > I don't mind reinstalling, but I wonder if my drive is now

> > off-limits - ie; if I boot with Win7 and access the drive, am I at

> > risk of corrupting the other drive?

> > I do have a backup from about 3 weeks ago. Nothing major has been

> > changed this then, so I am not too worried about it, but there are

> > a few files I want to get - so that is why I was wondering if I

> > could boot to Win7 and then access those file from the bad drive -

> > or is this just causing more issue down the road?

> > -

> >

>

> IMHO, your best approach at this point would be to boot your computer

> from one of the free Live Linux CDs (such as Knoppix). Since the OS

> will be on a CD, it can't be corrupted and since it isn't Windows,

> there's little chance of the virus moving over on its own unless you

> explicitly copy it. After you boot from the Linux CD, back up your

> files to either a USB drive or a network drive. Then you can reinstall

> Windows on your hard drive.

>

> Knoppix:

>

> HTH,

> John

> .

>

 

[daviddschool]

After running spyware - XP won't let me boot - keeps logging o

> IMHO, your best approach at this point would be to boot your

computer

> > from one of the free Live Linux CDs (such as Knoppix).  Since the OS

> > will be on a CD, it can't be corrupted and since it isn't Windows,

> > there's little chance of the virus moving over on its own unless you

> > explicitly copy it.  After you boot from the Linux CD, back up your

> > files to either a USB drive or a network drive.  Then you can reinstall

> > Windows on your hard drive.

>

> > Knoppix:  

>

> > HTH,

> >   John

> > .



I was just worried about virus scanning on a system that might already

be infected. Trying to dl Knoppix now. I did already download a copy

and found out it was in German. The menu system is weird as well - is

there a straight boot? There was choices like WWW, CHAT, email etc.

I tried a few and nothing happened so I wasn't sure if it was the

German language that threw me or there is something special about

booting to Knoppix...

 

[sgopus]

After running spyware - XP won't let me boot - keeps logging o

press enter as it's blank



"daviddschool" wrote:



> Also a question I forgot to ask, what is the admin password if you

> don't set one? I tried REPAIR install and it asked me for an admin

> password - I never set one in the first place, so what would I do in a

> case like that?

>

> .

>

 

[C]

After running spyware - XP won't let me boot - keeps loggingout

daviddschool wrote:

> Also a question I forgot to ask, what is the admin password if you

> don't set one? I tried REPAIR install and it asked me for an admin

> password - I never set one in the first place, so what would I do in a

> case like that?

>



Don't put in a password and then hit Enter.



--

C

 

[daviddschool]

Tried and use ENTER - and it just reboots. I am not getting the

command prompt for recovery like I should. Sucks. Why?



Ok, looks like I am going to buy a new HD tomorrow and recover

everything to it and use the other HD as a spare. I have Ubuntu

running and I am going to use the online ONTRACK virus checker to

search the drives for issues. Lastly, I am guessing there really

isn't a fix for this and getting my XP back up and running that

doesn't involve reinstallation, right?

>

> Don't put in a password and then hit Enter.

>

> --

> C

 

[John Wunderlich]

daviddschool wrote in

news:254e0cb7-4193-4de8-8f46-46dc828a7cb1@z39g2000vbb.googlegroups.co

m:



>

>> IMHO, your best approach at this point would be to boot your

>> computer from one of the free Live Linux CDs (such as Knoppix).

>>  Since the OS will be on a CD, it can't be corrupted and since it

>> isn't Windows, there's little chance of the virus moving over on

>> its own unless you explicitly copy it.  After you boot from the

>> Linux CD, back up your files to either a USB drive or a network

>> drive.  Then you can reinstall Windows on your hard drive.

>>

>> Knoppix:  

>>

>> HTH,

>>   John

>

> Thanks John, you advice is great. I am downloading now.

> Again, I guess my biggest worry is still my USB flash drive. It

> has important files on it and I don't know if they are infected or

> not. Is there a way to use the Ontrack online checker with

> Knoppix? Again, maybe I am being paranoid, but I don't want the

> virus (if it is a virus) to jump to my USB flash drive - OR - if

> it already has, for it to reside there without me knowing and

> therefore using it on my laptop, my work computer etc. I am

> guessing the virus wouldn't jump to a drive I didn't necessarily

> use at the time, but I just don't know.



Most cases of viruses spreading from USB drives are a result of

"Autoplay" which causes a program to execute when the disk or drive is

inserted. In Windows, you can disable Autoplay with TweakUI or simply

hold down the shift key when you insert the drive (you have to hold it

down until after it is completely mounted). Data files don't usually

carry infections. Suspect .exe, .com, .bat, .pif, .vbs, .cpl, and

other executable-types of files.



Linux disks do not fix Windows problems very well, so you might

consider checking into freeware "Ultimate Boot CD for Windows" at







Where you can create a "Live Windows" CD which is very helpful for

recovering from situations like you are in. It is more work to

generate than the Live Linux CD because you have to create the .iso

yourself instead of simply just downloading it. But once you make the

disk it is a very helpful thing to keep around. I believe it even

includes some virus checkers.



HTH,

John

 

[John Wunderlich]

After running spyware - XP won't let me boot - keeps logging o

daviddschool wrote in

news:f1903c64-65d8-40b6-87ee-90fbbc80e814@z17g2000yqh.googlegroups.co

m:



>> IMHO, your best approach at this point would be to boot your

>> computer

>>> from one of the free Live Linux CDs (such as Knoppix).  Since

>>> the OS will be on a CD, it can't be corrupted and since it isn't

>>> Windows, there's little chance of the virus moving over on its

>>> own unless you explicitly copy it.  After you boot from the

>>> Linux CD, back up your files to either a USB drive or a network

>>> drive.  Then you can reinsta ll Windows on your hard drive.

>>

>>> Knoppix:  

>>

>>> HTH,

>>>   John

>>> .

>

> I was just worried about virus scanning on a system that might

> already be infected. Trying to dl Knoppix now. I did already

> download a copy and found out it was in German. The menu system

> is weird as well - is there a straight boot? There was choices

> like WWW, CHAT, email etc. I tried a few and nothing happened so I

> wasn't sure if it was the German language that threw me or there

> is something special about booting to Knoppix...



Look at the filenames when you download Knoppix. The german versions

have a "-DE" in the name. English versions have a "-EN" in the name.

The lastest english version is version 6.2:

KNOPPIX_V6.2DVD-2009-11-18-EN.iso



-- John