1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

XP Pro logon disabled (by trojan horse?)

By vamp9190
Nov 30, 2004
  1. OS - XP Pro with SP1

    I was web surfing when McAfee caught a trojan horse, but it still re-set my IE hompage and then started crashing stuff.

    I was able to run Ad-Aware Pro several times (it crashed a few) and it found a bunch of stuff. Then I ran McAfee virus scan - it found some suspicious .exe's (but no viruses) on the C:/ root - I deleted them all.

    Finally my sys. locked up & after I tried logging back into XP - it would not let me. When it tries to 'loading personal settings' the PC clicks off to reboot - I see a quick blue screen that says something about a logon failure and gives a hex address - I can't pause it there to see it though.

    I kept trying to log-on, using F8 menu from Dos - tried all options - Debugging Mode finally worked - once I was in XP I ran Ad Aware again but PC locked up again.

    I kept trying to log-in - none of the Safe Modes work and now Debugging Mode will just lock the mouse up when I try to log-in.

    Finally i got logged-in using the 'Log in using Last Known working settings' or whatever the exact wording is -- once in XP I tried to use XP RESTORE to roll the system back a few days -- but again when it rebooted to put setting into effect, I can't log-in to XP -- back to the blue screen reboot.

    Apparently I have been told that some trojan horse has disabled all my XP profiles in the REGISTRY and that's why it will not load from the XP login screen - looks like winlogin.exe is messed up.

    Any ideas here? I would really like to repair this and not have to format my HD.
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

  3. vamp9190

    vamp9190 TS Rookie Topic Starter

    Thanks, I had already printed that one off.

    My friend mentioned that even trying something like that may not work because the registry is not recognizing any users - I wonder if the repair option fixes that.

    Also, here are 2 other things I ran across
    1. article on digitalwebcast (won't let me put URL)

    2. and from a wintrouble----net posting--
    "You can repair it by entering the repair console in the windows xp setup and temporarily changing the name of winlogon.exe to wsaupdate.exe. After you've done this you can reboot, enter windows and repair your registry. Don't forget to change back the name of wsaupdate.exe to winlogon.exe after you've repaired your registry.

    A more detailed description of this solution seems to be available on the internet."

    anyone want to confirm this???
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...