After running spyware - XP won't let me boot - keeps logging out

[daviddschool]

I have a dual boot XP and Win 7. I was in XP at the time.

I had recently running spybot because of a virus/spyware in my system
that caused the little RED X to appear in the start up menu and caused
my desktop background to show "YOU HAVE A VIRUS" repair immediately
and then it puts a TRIAL of some software on my desktop. Needless to
say, I didn't bother with it.
So here is what I did :

1) Ran Hijack This and took out what I could. Some things could not
be removed.

2) I rebooted and this did not fix the issue.

3) Tried restarting in safe mode, same issue.

4) Ran spybot and rebooted, this time it continues to log me off in
both safe and regular mode - it says "Loading user settings", and then
it logs me off.

Any ideas how to fix this?

 

[C]

Re: After running spyware - XP won't let me boot - keeps loggingout

daviddschool wrote:
> I have a dual boot XP and Win 7. I was in XP at the time.
>
> I had recently running spybot because of a virus/spyware in my system
> that caused the little RED X to appear in the start up menu and caused
> my desktop background to show "YOU HAVE A VIRUS" repair immediately
> and then it puts a TRIAL of some software on my desktop. Needless to
> say, I didn't bother with it.
> So here is what I did :
>
> 1) Ran Hijack This and took out what I could. Some things could not
> be removed.
>
> 2) I rebooted and this did not fix the issue.
>
> 3) Tried restarting in safe mode, same issue.
>
> 4) Ran spybot and rebooted, this time it continues to log me off in
> both safe and regular mode - it says "Loading user settings", and then
> it logs me off.
>
> Any ideas how to fix this?

Reformat. Reinstall XP or spend weeks trying to chase down all the
malware. I trust you're backed up.

--
C

 

[Pegasus [MVP]]

"daviddschool" <daviddschool@gmail.com> said this in news item
news:4f47d646-afd7-4f4a-9922-bfdb91c180cc@c22g2000vbb.googlegroups.com...
> I have a dual boot XP and Win 7. I was in XP at the time.
>
> I had recently running spybot because of a virus/spyware in my system
> that caused the little RED X to appear in the start up menu and caused
> my desktop background to show "YOU HAVE A VIRUS" repair immediately
> and then it puts a TRIAL of some software on my desktop. Needless to
> say, I didn't bother with it.
> So here is what I did :
>
> 1) Ran Hijack This and took out what I could. Some things could not
> be removed.
>
> 2) I rebooted and this did not fix the issue.
>
> 3) Tried restarting in safe mode, same issue.
>
> 4) Ran spybot and rebooted, this time it continues to log me off in
> both safe and regular mode - it says "Loading user settings", and then
> it logs me off.
>
> Any ideas how to fix this?

The looping issue is caused by a problem with the file userinit.exe. To fix
it can be tedious. As C suggested, your machine is compromised and you
should save all your important files (including your EMail files!), then
re-install Windows on a freshly formatted disk. If you continue with your
current system then you are likely to have a never-ending string of
problems.

 

[Jose]

On Feb 8, 9:06 am, daviddschool <daviddsch...@gmail.com> wrote:
> I have a dual boot XP and Win 7.  I was in XP at the time.
>
> I had recently running spybot because of a virus/spyware in my system
> that caused the little RED X to appear in the start up menu and caused
> my desktop background to show "YOU HAVE A VIRUS" repair immediately
> and then it puts a TRIAL of some software on my desktop.  Needless to
> say, I didn't bother with it.
> So here is what I did :
>
> 1) Ran Hijack This and took out what I could.  Some things could not
> be removed.
>
> 2) I rebooted and this did not fix the issue.
>
> 3) Tried restarting in safe mode, same issue.
>
> 4) Ran spybot and rebooted, this time it continues to log me off in
> both safe and regular mode - it says "Loading user settings", and then
> it logs me off.
>
> Any ideas how to fix this?

You could reinstall without even trying to fix your system, or you can
try to fix what you have.

A reinstall will require a genuine bootable XP installation CD.

You are certainly not the first person to have this problem.

You can probably fix what you have with a genuine bootable XP
installation CD or a bootable Recovery Console CD that you can make
yourself.

Here are some instructions to make a bootable Recovery Console CD:

http://www.bleepingcomputer.com/forums/topic276527.html

After you have successfully booted the afflicted computer on the
Recovery Console CD, then you can work on resolving your issue.

 

[daviddschool]

On Feb 8, 10:22 am, "Pegasus [MVP]" <n...@microsoft.com> wrote:
> "daviddschool" <daviddsch...@gmail.com> said this in news itemnews:4f47d646-afd7-4f4a-9922-bfdb91c180cc@c22g2000vbb.googlegroups.com...
>
>
>
>
>
> > I have a dual boot XP and Win 7.  I was in XP at the time.
>
> > I had recently running spybot because of a virus/spyware in my system
> > that caused the little RED X to appear in the start up menu and caused
> > my desktop background to show "YOU HAVE A VIRUS" repair immediately
> > and then it puts a TRIAL of some software on my desktop.  Needless to
> > say, I didn't bother with it.
> > So here is what I did :
>
> > 1) Ran Hijack This and took out what I could.  Some things could not
> > be removed.
>
> > 2) I rebooted and this did not fix the issue.
>
> > 3) Tried restarting in safe mode, same issue.
>
> > 4) Ran spybot and rebooted, this time it continues to log me off in
> > both safe and regular mode - it says "Loading user settings", and then
> > it logs me off.
>
> > Any ideas how to fix this?
>
> The looping issue is caused by a problem with the file userinit.exe. To fix
> it can be tedious. As C suggested, your machine is compromised and you
> should save all your important files (including your EMail files!), then
> re-install Windows on a freshly formatted disk. If you continue with your
> current system then you are likely to have a never-ending string  of
> problems.- Hide quoted text -
>
> - Show quoted text -

Will the reinstall delete every?

Also, since I am running a DUAL BOOT system on two different drives,
is it safe to go to WIN 7, look at the drive and take what I need from
it before hand? If it is malware, will it jump from drive to drive
even if I am not using it? If I reinstall, does that delete
everything?

 

[C]

Re: After running spyware - XP won't let me boot - keeps loggingout

daviddschool wrote:
> On Feb 8, 10:22 am, "Pegasus [MVP]" <n...@microsoft.com> wrote:
>> "daviddschool" <daviddsch...@gmail.com> said this in news itemnews:4f47d646-afd7-4f4a-9922-bfdb91c180cc@c22g2000vbb.googlegroups.com...
>>
>>
>>
>>
>>
>>> I have a dual boot XP and Win 7. I was in XP at the time.
>>> I had recently running spybot because of a virus/spyware in my system
>>> that caused the little RED X to appear in the start up menu and caused
>>> my desktop background to show "YOU HAVE A VIRUS" repair immediately
>>> and then it puts a TRIAL of some software on my desktop. Needless to
>>> say, I didn't bother with it.
>>> So here is what I did :
>>> 1) Ran Hijack This and took out what I could. Some things could not
>>> be removed.
>>> 2) I rebooted and this did not fix the issue.
>>> 3) Tried restarting in safe mode, same issue.
>>> 4) Ran spybot and rebooted, this time it continues to log me off in
>>> both safe and regular mode - it says "Loading user settings", and then
>>> it logs me off.
>>> Any ideas how to fix this?
>> The looping issue is caused by a problem with the file userinit.exe. To fix
>> it can be tedious. As C suggested, your machine is compromised and you
>> should save all your important files (including your EMail files!), then
>> re-install Windows on a freshly formatted disk. If you continue with your
>> current system then you are likely to have a never-ending string of
>> problems.- Hide quoted text -
>>
>> - Show quoted text -
>
> Will the reinstall delete every?
>
> Also, since I am running a DUAL BOOT system on two different drives,
> is it safe to go to WIN 7, look at the drive and take what I need from
> it before hand? If it is malware, will it jump from drive to drive
> even if I am not using it? If I reinstall, does that delete
> everything?

Now you know why dual booting isn't a good idea. You should reinstall
both or just one.

--
C

 

[Twayne]

In news:4f47d646-afd7-4f4a-9922-bfdb91c180cc@c22g2000vbb.googlegroups.com,
daviddschool <daviddschool@gmail.com> typed:
> I have a dual boot XP and Win 7. I was in XP at the time.
>
> I had recently running spybot because of a virus/spyware in my system
> that caused the little RED X to appear in the start up menu and caused
> my desktop background to show "YOU HAVE A VIRUS" repair immediately
> and then it puts a TRIAL of some software on my desktop. Needless to
> say, I didn't bother with it.
> So here is what I did :
>
> 1) Ran Hijack This and took out what I could. Some things could not
> be removed.
>
> 2) I rebooted and this did not fix the issue.
>
> 3) Tried restarting in safe mode, same issue.
>
> 4) Ran spybot and rebooted, this time it continues to log me off in
> both safe and regular mode - it says "Loading user settings", and then
> it logs me off.
>
> Any ideas how to fix this?

If you read the text, HiJack This should only be run AFTER you have
exhausted all other means of recovering your computer. It shouldn't be the
first thing you do and won't often get you anyhelp if/when you post the
output as instructed.

It sounds like a clean install might be in order, actually. You may be
infested with several hard to chase down pieces of malware that AV isn't
going to find. If you've backed up as you should, it's an easy process. If
not, well, it might take a day or two or more to do the reinstall. Without
reinstalling you could spend months chasing things and never succeed.

HTH,

Twayne




--
--
Life is the only real counselor; wisdom unfiltered
through personal experience does not become a
part of the moral tissue.

 

[daviddschool]

> If you read the text, HiJack This should only be run AFTER you have
> exhausted all other means of recovering your computer. It shouldn't be the
> first thing you do and won't often get you anyhelp if/when you post the
> output as instructed.
>
> It sounds like a clean install might be in order, actually. You may be
> infested with several hard to chase down pieces of malware that AV isn't
> going to find. If you've backed up as you should, it's an easy process. If
> not, well, it might take a day or two or more to do the reinstall.  Without
> reinstalling you could spend months chasing things and never succeed.
>
> HTH,
>
> Twayne
>
I am just worried if it is a virus or malware that is might go to the
other drive. I have a USB flash drive that was plugged in at the time
- and that is giving me issues now, so I didn't want to infect the
other drive if it might do that. But I don't know enough about this
to be sure.

I don't mind reinstalling, but I wonder if my drive is now off-limits
- ie; if I boot with Win7 and access the drive, am I at risk of
corrupting the other drive?
I do have a backup from about 3 weeks ago. Nothing major has been
changed this then, so I am not too worried about it, but there are a
few files I want to get - so that is why I was wondering if I could
boot to Win7 and then access those file from the bad drive - or is
this just causing more issue down the road?
-

 

[Pegasus [MVP]]

"daviddschool" <daviddschool@gmail.com> said this in news item
news:a99c33d4-ae76-4fcb-baaa-21bfd26369cc@x9g2000vbo.googlegroups.com...
> On Feb 8, 10:22 am, "Pegasus [MVP]" <n...@microsoft.com> wrote:
>> "daviddschool" <daviddsch...@gmail.com> said this in news
>> itemnews:4f47d646-afd7-4f4a-9922-bfdb91c180cc@c22g2000vbb.googlegroups.com...
>>
>>
>>
>>
>>
>> > I have a dual boot XP and Win 7. I was in XP at the time.
>>
>> > I had recently running spybot because of a virus/spyware in my system
>> > that caused the little RED X to appear in the start up menu and caused
>> > my desktop background to show "YOU HAVE A VIRUS" repair immediately
>> > and then it puts a TRIAL of some software on my desktop. Needless to
>> > say, I didn't bother with it.
>> > So here is what I did :
>>
>> > 1) Ran Hijack This and took out what I could. Some things could not
>> > be removed.
>>
>> > 2) I rebooted and this did not fix the issue.
>>
>> > 3) Tried restarting in safe mode, same issue.
>>
>> > 4) Ran spybot and rebooted, this time it continues to log me off in
>> > both safe and regular mode - it says "Loading user settings", and then
>> > it logs me off.
>>
>> > Any ideas how to fix this?
>>
>> The looping issue is caused by a problem with the file userinit.exe. To
>> fix
>> it can be tedious. As C suggested, your machine is compromised and you
>> should save all your important files (including your EMail files!), then
>> re-install Windows on a freshly formatted disk. If you continue with your
>> current system then you are likely to have a never-ending string of
>> problems.- Hide quoted text -
>>
>> - Show quoted text -
>
> Will the reinstall delete every?
>
> Also, since I am running a DUAL BOOT system on two different drives,
> is it safe to go to WIN 7, look at the drive and take what I need from
> it before hand? If it is malware, will it jump from drive to drive
> even if I am not using it? If I reinstall, does that delete
> everything?

What do you mean with "Will the reinstall delete every?"

IMHO a decent dual-booting system should have complete separation between
the two OSs so that there is no traffic between them. The traditional
Windows boot loaders cannot hide partitions from each other but many
third-party boot loaders (e.g. XOSL) can.

 

[daviddschool]

What do you mean with "Will the reinstall delete every?"
>
> IMHO a decent dual-booting system should have complete separation between
> the two OSs so that there is no traffic between them. The traditional
> Windows boot loaders cannot hide partitions from each other but many
> third-party boot loaders (e.g. XOSL) can.- Hide quoted text -
>
> - Show quoted text -

Sorry, I meant a fix or reinstall - will it delete everything or just
the corrupt and missing files?

Also, I am not sure about the USB flash drive. Because I did access
it during the night when it happened, I am not sure about it. I am
going to try and run an ONLINE virus scan to see what comes up
(hopefully it will show me something). The iussue I have with the USB
flash drive is that if it is infected, won't every computer that comes
in contact with it become infect, in effect not really letting me be
able to check it? Is there a way that that I can get XP or WIN7 not
to access the drive and do the 'auto run' thing when I plug it in?

 

[John Wunderlich]

daviddschool <daviddschool@gmail.com> wrote in
news:d6df2de7-7c24-43f9-85a8-f5bff6b55826@o8g2000vbm.googlegroups.com
:

> I am just worried if it is a virus or malware that is might go to
> the other drive. I have a USB flash drive that was plugged in at
> the time - and that is giving me issues now, so I didn't want to
> infect the other drive if it might do that. But I don't know
> enough about this to be sure.
>
> I don't mind reinstalling, but I wonder if my drive is now
> off-limits - ie; if I boot with Win7 and access the drive, am I at
> risk of corrupting the other drive?
> I do have a backup from about 3 weeks ago. Nothing major has been
> changed this then, so I am not too worried about it, but there are
> a few files I want to get - so that is why I was wondering if I
> could boot to Win7 and then access those file from the bad drive -
> or is this just causing more issue down the road?
> -
>

IMHO, your best approach at this point would be to boot your computer
from one of the free Live Linux CDs (such as Knoppix). Since the OS
will be on a CD, it can't be corrupted and since it isn't Windows,
there's little chance of the virus moving over on its own unless you
explicitly copy it. After you boot from the Linux CD, back up your
files to either a USB drive or a network drive. Then you can reinstall
Windows on your hard drive.

Knoppix: <http/knopper.net/knoppix/index-en.html>

HTH,
John

 

[daviddschool]

> IMHO, your best approach at this point would be to boot your computer
> from one of the free Live Linux CDs (such as Knoppix).  Since the OS
> will be on a CD, it can't be corrupted and since it isn't Windows,
> there's little chance of the virus moving over on its own unless you
> explicitly copy it.  After you boot from the Linux CD, back up your
> files to either a USB drive or a network drive.  Then you can reinstall
> Windows on your hard drive.
>
> Knoppix:  <http/knopper.net/knoppix/index-en.html>
>
> HTH,
>   John

Thanks John, you advice is great. I am downloading now.
Again, I guess my biggest worry is still my USB flash drive. It has
important files on it and I don't know if they are infected or not.
Is there a way to use the Ontrack online checker with Knoppix? Again,
maybe I am being paranoid, but I don't want the virus (if it is a
virus) to jump to my USB flash drive - OR - if it already has, for it
to reside there without me knowing and therefore using it on my
laptop, my work computer etc. I am guessing the virus wouldn't jump
to a drive I didn't necessarily use at the time, but I just don't
know.

 

[daviddschool]

Also a question I forgot to ask, what is the admin password if you
don't set one? I tried REPAIR install and it asked me for an admin
password - I never set one in the first place, so what would I do in a
case like that?

 

[sgopus]

Re: After running spyware - XP won't let me boot - keeps logging o

You are safe to boot into win 7, operating systems do not talk back and forth
like that, malware like you have seen, is only active once loaded into
memory, and your other OS should be safe, notice I said should, as I have no
idea what you've been doing or going with it. about the flash drive, get an
antivirus scanner that will scan the flash as soon as it's plugged in.

"John Wunderlich" wrote:

> daviddschool <daviddschool@gmail.com> wrote in
> news:d6df2de7-7c24-43f9-85a8-f5bff6b55826@o8g2000vbm.googlegroups.com
> :
>
> > I am just worried if it is a virus or malware that is might go to
> > the other drive. I have a USB flash drive that was plugged in at
> > the time - and that is giving me issues now, so I didn't want to
> > infect the other drive if it might do that. But I don't know
> > enough about this to be sure.
> >
> > I don't mind reinstalling, but I wonder if my drive is now
> > off-limits - ie; if I boot with Win7 and access the drive, am I at
> > risk of corrupting the other drive?
> > I do have a backup from about 3 weeks ago. Nothing major has been
> > changed this then, so I am not too worried about it, but there are
> > a few files I want to get - so that is why I was wondering if I
> > could boot to Win7 and then access those file from the bad drive -
> > or is this just causing more issue down the road?
> > -
> >
>
> IMHO, your best approach at this point would be to boot your computer
> from one of the free Live Linux CDs (such as Knoppix). Since the OS
> will be on a CD, it can't be corrupted and since it isn't Windows,
> there's little chance of the virus moving over on its own unless you
> explicitly copy it. After you boot from the Linux CD, back up your
> files to either a USB drive or a network drive. Then you can reinstall
> Windows on your hard drive.
>
> Knoppix: <http/knopper.net/knoppix/index-en.html>
>
> HTH,
> John
> .
>

 

[daviddschool]

Re: After running spyware - XP won't let me boot - keeps logging o

> IMHO, your best approach at this point would be to boot your
computer
> > from one of the free Live Linux CDs (such as Knoppix).  Since the OS
> > will be on a CD, it can't be corrupted and since it isn't Windows,
> > there's little chance of the virus moving over on its own unless you
> > explicitly copy it.  After you boot from the Linux CD, back up your
> > files to either a USB drive or a network drive.  Then you can reinstall
> > Windows on your hard drive.
>
> > Knoppix:  <http/knopper.net/knoppix/index-en.html>
>
> > HTH,
> >   John
> > .

I was just worried about virus scanning on a system that might already
be infected. Trying to dl Knoppix now. I did already download a copy
and found out it was in German. The menu system is weird as well - is
there a straight boot? There was choices like WWW, CHAT, email etc.
I tried a few and nothing happened so I wasn't sure if it was the
German language that threw me or there is something special about
booting to Knoppix...

 

[sgopus]

Re: After running spyware - XP won't let me boot - keeps logging o

press enter as it's blank

"daviddschool" wrote:

> Also a question I forgot to ask, what is the admin password if you
> don't set one? I tried REPAIR install and it asked me for an admin
> password - I never set one in the first place, so what would I do in a
> case like that?
>
> .
>

 

[C]

Re: After running spyware - XP won't let me boot - keeps loggingout

daviddschool wrote:
> Also a question I forgot to ask, what is the admin password if you
> don't set one? I tried REPAIR install and it asked me for an admin
> password - I never set one in the first place, so what would I do in a
> case like that?
>

Don't put in a password and then hit Enter.

--
C

 

[daviddschool]

Tried and use ENTER - and it just reboots. I am not getting the
command prompt for recovery like I should. Sucks. Why?

Ok, looks like I am going to buy a new HD tomorrow and recover
everything to it and use the other HD as a spare. I have Ubuntu
running and I am going to use the online ONTRACK virus checker to
search the drives for issues. Lastly, I am guessing there really
isn't a fix for this and getting my XP back up and running that
doesn't involve reinstallation, right?
>
> Don't put in a password and then hit Enter.
>
> --
> C

 

[John Wunderlich]

daviddschool <daviddschool@gmail.com> wrote in
news:254e0cb7-4193-4de8-8f46-46dc828a7cb1@z39g2000vbb.googlegroups.co
m:

>
>> IMHO, your best approach at this point would be to boot your
>> computer from one of the free Live Linux CDs (such as Knoppix).
>>  Since the OS will be on a CD, it can't be corrupted and since it
>> isn't Windows, there's little chance of the virus moving over on
>> its own unless you explicitly copy it.  After you boot from the
>> Linux CD, back up your files to either a USB drive or a network
>> drive.  Then you can reinstall Windows on your hard drive.
>>
>> Knoppix:  <http/knopper.net/knoppix/index-en.html>
>>
>> HTH,
>>   John
>
> Thanks John, you advice is great. I am downloading now.
> Again, I guess my biggest worry is still my USB flash drive. It
> has important files on it and I don't know if they are infected or
> not. Is there a way to use the Ontrack online checker with
> Knoppix? Again, maybe I am being paranoid, but I don't want the
> virus (if it is a virus) to jump to my USB flash drive - OR - if
> it already has, for it to reside there without me knowing and
> therefore using it on my laptop, my work computer etc. I am
> guessing the virus wouldn't jump to a drive I didn't necessarily
> use at the time, but I just don't know.

Most cases of viruses spreading from USB drives are a result of
"Autoplay" which causes a program to execute when the disk or drive is
inserted. In Windows, you can disable Autoplay with TweakUI or simply
hold down the shift key when you insert the drive (you have to hold it
down until after it is completely mounted). Data files don't usually
carry infections. Suspect .exe, .com, .bat, .pif, .vbs, .cpl, and
other executable-types of files.

Linux disks do not fix Windows problems very well, so you might
consider checking into freeware "Ultimate Boot CD for Windows" at

<http/www.ubcd4win.org>

Where you can create a "Live Windows" CD which is very helpful for
recovering from situations like you are in. It is more work to
generate than the Live Linux CD because you have to create the .iso
yourself instead of simply just downloading it. But once you make the
disk it is a very helpful thing to keep around. I believe it even
includes some virus checkers.

HTH,
John

 

[daviddschool]

Most cases of viruses spreading from USB drives are a result of
> "Autoplay" which causes a program to execute when the disk or drive is
> inserted.  In Windows, you can disable Autoplay with TweakUI or simply
> hold down the shift key when you insert the drive (you have to hold it
> down until after it is completely mounted).  Data files don't usually
> carry infections.  Suspect .exe, .com, .bat, .pif, .vbs, .cpl, and
> other executable-types of files.

The file on the USB flash drive are mostly word docs, pdf, jpg and the
like. Nothing exe, so I am hoping they are safe.

>
> Linux disks do not fix Windows problems very well, so you might
> consider checking into freeware "Ultimate Boot CD for Windows" at
>
>    <http/www.ubcd4win.org>

The site is password protected? Where can I sign up? I just hit the
url and it asked me for a password and login....
>
> Where you can create a "Live Windows" CD which is very helpful for
> recovering from situations like you are in.  It is more work to
> generate than the Live Linux CD because you have to create the .iso
> yourself instead of simply just downloading it.  But once you make the
> disk it is a very helpful thing to keep around.  I believe it even
> includes some virus checkers.
>
> HTH,
>   John

That is great, if I can get into it, I will try the Live Windows CD
thing. Again, thanks for your patience on this.