Tuesday, February 16, 2010

Windows Log on and Log off immediately

Windows Log on and Log off immediately (The case of missing "userinit.exe")

I encountered an issue today wherein Windows XP logs in and then .....out almost immediately and takes back to the logon screen. I thought that probably the system is infected with malwares. A friend of mine also had the same doubts and he had already scanned the system using my Malware Cleaning Disc (WinPE bootable with some anti malware tools like Malwarebytes, Spybot Search & Destroy, and few more) to ascertain his doubts.. He said that he was able to find couple of infections which were cleaned however, the issue still persisted.
Few other steps like Last Known Good Configuration, Safe Mode were also tried by him but to no avail. As the system was already scanned for infections, I thought that it could be the case of some missing or corrupt core windows files and I initiated the Repair Install of windows which hung in the midway. Just to ensure that I'm not using a bad Windows XP OS CD, I replaced it with the good known Win XP OS CD and initiated Repair Install again and saw windows hanging again exactly at the same place..
I then tried System Restore thru Recovery Console by copying and renaming the registry files (System, Software, Sam, Security and Default) from snapshot folder of the relevant restore point to c:\windows\system32\config (http://support.microsoft.com/kb/307545) but to no avail again.
Finally, found MS KB article (http://support.microsoft.com/kb/555648) stating that Winlogon service tries to load the Windows default shell (explorer.exe) and user shell (userinit.exe) from registry. This service searches for Explorer.exe and Userinit.exe in the following path of registry
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
The values and correct path of shell are:
Shell = explorer.exe
Userinit.exe = C:\windows\system32\userinit.exe
It also stated that these files may be deleted by spywares.... I searched for the files and was not able to find userinit.exe........... I copied userinit.exe from another Win XP computer to C:\windows\system32\..... restarted the computer and IT WORKED!!!!! I was successfully able to login to windows.. I updated Malwarebytes and ran a full scan and found some infected DLLs and few other rouge files which were deleted by Malwarebytes.. Ran the full scan again and system was reported as CLEAN and free from Infections.. Issue RESOLVED!!! :)
Note: I booted the computer in question with WinPE boot disk and copied userinit.exe from USB pen drive to C:\windows\system32\... Alternatively, I could also have extracted the file using Windows CD.
Posted by Vaibhav Kadam - Information Technology at 3:46 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)