Tech Support Guy banner
Status
Not open for further replies.
1 - 9 of 9 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter · #1 ·
Hi all,

I'm running Windows XP SP1 in a 3.2GHz Pentium IV. I have Norton Internet Security 2005, up to date, as well as the windows updates.

Aparently, some kind of adware or "virus" is playing with my OS. It boots just fine. When I type in my password and try to log in, it starts logging in, but then it automatically logs off before I can see any icons or do anything. I tried booting in safe mode and every single boot mode, but the same thing happens for all cases.

I suspect some kind of adware or similar agent has written a "log off" command on the registry so that it logs off right away when loading the programs.

I have dualboot with linux, so I can have access to the windows directories. I don't know if i can edit the regitry or treat this issue by taking care of any file.

Thanks for the help.

-- Nilium --
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #3 ·
Hi mike5532g,

Thanks for the help. Unfortunatelly, the solution suggested in the link you posted didn't work. I booted from my WinXP cd, loaded the repair console, logged in as administrator and copied userinit.exe in wsaupdater.exe. After that, I'm supposed to be able to boot normally and log in to finish cleaning up the registry. But WinXP still logs off right away when logging in.

Any other ideas?

Thanks

-- Nilium --
 

·
Registered
Joined
·
255 Posts
You could try this:

1 : boot off win xp cd
2: When given the options choose to install windows
3: When you get the next set of options choose to repair present windows xp

It will reinstall files in your windows directory but it wont change any of your settings or your installed progs. May not work, but coulsnt hurt to try
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #8 ·
hey rebelmusic,

that worked. Now, do you have any ideas of what adware could've messed it up? I noticed 2 suspicious executables in "C:\", those are cab.exe and winsecure.exe. I ran adware SE and GiantAntiSpyware but they didn't detect any threats from those files. Also, the scans didn't show anything unusual besides the typical ad/spyware stuff.

I appreciate your help

-- Nilium --
 

·
Registered
Joined
·
255 Posts
Hmmm...the only adware program I use is adaware. It doesnt get rid of everything but mixed with norton antivirus it does the trick. Also it has a very simple setup to allow you to update it's definitions.

cab.exe is a trojan called Troj/Delf-JJ. I know that sophos anti-virus can remove it. It drops malware in your registry and is probably what caused your original problem.

winsecure.exe is adware called Affilred.B. It redirects you to dodgy pages while browsing. Heres the link to what norton have to say about it:
http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.affilred.b.html

If you simply delete either of these they'll be back once you reboot your machine. I've dealt with them both before. Hope this helps.

Btw - the problem you had has happened to many people. But I've never heard it happen with adaware, so ya it was probably the other one you used.
 
1 - 9 of 9 Posts
Status
Not open for further replies.
Top