Computer Help forum

General discussion

*HELP* -Windows does not let me log on!!!

by azyardies / December 15, 2009 3:02 PM PST

I have had numerous issues with some malware. It disabled malwarebytes. In order to save time and not list all that I have dealt with and have fixed, I will start describing where I am at right now.....

Note this first: I did an AVG scan and it found 7 trojans. It placed them in the vault. It said reboot, so I rebooted. I believe that is why I can not get my pc to go past the windows screen.
I tried rebooting multi times, but the machine can not go beyond the 'welcome screen'...............

MALWARE messed up my safemode, so I can NOT log into safe mode. TO make matters worse, when I boot up, my system is stuck in the "Welcome screen" (blue) - I click on my user acct (only one that I have), and it starts to say, 'loading your personal settings'. I get a split second view of my wallpaper on my desktop. But then it goes back to the welcome blue screen...Then it says 'logging off' under my icon user name acct..It wont log off/turn off unless I manually click the 'turn off computer' icon red button on the bottom left corner.


SPECS: Windows Home edition OEM sp2 IE7-HP pavillion 8100 laptop-
I have the original sealed discs that came with my 4 or so year old Laptop.

THanks in advance.
Please use easy terms and step by step. I dont want to mess things up more than what there are....

Post a reply
Discussion is locked
You are posting a reply to: *HELP* -Windows does not let me log on!!!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: *HELP* -Windows does not let me log on!!!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: can't logon
by Kees Bakker / December 15, 2009 5:21 PM PST
Collapse -
"*HELP* -Windows does not let me log on!!!"
by azyardies / December 15, 2009 10:41 PM PST
In reply to: Re: can't logon

Yes, kees, my issues of not being able to log on to windows is very much so like a previous poster. I read what Grif suggested to them. I read the windows recovery console stuff in the link he put too. BUT, I want to do this right. And he did not put the 'command' and the step by step instructions on how to do this. I googled it and tried to get some info, but I dont know if I should trust the answers of the searches I gathered.
I inserted my CD to get into recovery console (I dont believe it is installed in my computer), and see all the commands there but what do I type, how do i copy a clean winlogon.exe using this recovery console, and what do I do afterwards?
I am at this step right now... C:\WINDOWS

I thank you in advance.

Collapse -
Using the command mode is not for VERY newbies.
by Kees Bakker / December 15, 2009 10:50 PM PST

People who used MS-DOS in the 1990's will know.

The commands you need to master are:
- cd
- dir
- copy
and possibly
- extract if the file has to come from the CD

http://support.microsoft.com/kb/314058 tells more.


Kees

Collapse -
If You're Already In The Recovery Console
by Grif Thomas Forum moderator / December 16, 2009 12:14 AM PST

...and at the command line at C:\WINDOWS, at the flashing cursor, try typing. (I'm not sure we can walk you through step by step, but here goes.)Type the commands below.:

cd \

then press the "Enter" key.. (there's a single space between the cd and the backslash.)

You should now see "C:\>"

Now type:

dir

then press the "Enter" key.

The various files and directories in the C: directory will scroll by.. Do you see a "Directory/DIR" named "i386" ? (If the screen goes by too fast, you can press the Ctrl+S combination to pause the screen or the "Pause/Break" key in the upper right of most keyboards.) If there's a "i386 folder there, let us know.

Now type:

cd Windows\System32

then press the "Enter" key..

It should then show the line:

C:\Windows\System32>

If it does that, then type:

dir

and press the "Enter" key again.

It should scroll through the files and allow you to search for the file named "winlogon.exe". (Once again, choose the pause keys mentioned earlier to carefully check for the file.) Is it there? Is there a file near it which has a similar name to "winlogon.exe"?

Let's stop there for now and let us know how it's going.

Hope this helps.

Grif

Collapse -
*In recovery console-Found winlogon.exe
by azyardies / December 16, 2009 12:38 AM PST

Thanks grif. Your instructions were effective to follow and I did them step by step. I found the "i386" but the letter "i" was capitalized.
And finally in the last step, I found the winlogon.exe
I will await further instructions.

Collapse -
OK, Then The Next Step Is..
by Grif Thomas Forum moderator / December 16, 2009 2:18 AM PST

Since Winlogon.exe is still in the System32 folder, the problem you're experiencing may, or may not be related to that particular file.. Still, we can try replacing the current file with a "good" one from the I386 folder but since you are currently using XP Service Pack 2, we need to find the correct "winlogon.exe" to replace the bad one with.... So... lets see if we can find the correct one.. I'm not on an XP HOME machine here, but it should be similar to the XP Pro system here..

Using the same procedures as before, navigate back to the C:\Windows prompt so it looks like this:

C:\WINDOWS>

Then type:

dir

Press "Enter" and look for a directory named "ServicePackFiles"..

If you see it, at the "C:\Windows" prompt, type:

cd ServicePackFiles

Then Press the "Enter" key..

It should now show:

C:\Windows\ServicePackFiles

If so, then type:

dir

The press the "enter" key and search for an "i386" folder which resides there.. If it's there, then type:

cd i386

The press the "Enter" key and you should see:

C:\Windows\ServicePackFiles\I386

Now type:

dir

Press the "Enter" key and look for the "winlogon.exe" file that should reside there.
______________

If it's there, then type:

cd \

Then press the "Enter" key and you should see:

C:\>

Now type:

cd Windows\System32

Then press the "Enter" key

You should now see:

C:\Windows\System32

Then type:

ren winlogon.exe winlogon.old

(There's a single space between "ren" and "winlogon.exe" and a single space between ".exe" and "winlogon.old". There are no other spaces)

Then press the "Enter" key.. As long as there is no error, you should be back to the "C:\WINDOWS\System32" prompt.. If there is an error, tell us.. If there is no error, type the command below:

cd \

Then press the "Enter" key.

You should see:

C:\>

Now, at the flashing cursor, type:

cd Windows\ServicePackFiles\i386

Then press the "Enter" key and it should now show:

C:\Windows\ServicePackFiles\i386

If that's the case, then type:

copy winlogon.exe C:\WINDOWS\System32

(There's a single space between the ".exe" and the "C:\WINDOWS\System32".)

Then press the Enter key.

If there are no errors in all these commands, try restarting the computer and see if it now boots correctly. If you'd like, before restarting and while still in the Recovery Console, do a "dir" at the "System32" folder and make sure you now have a new "winlogon.exe" file there PLUS the renamed "winlogon.old".
_____________

Let us know about any errors and exactly where you see them.

Hope this helps.

Grif

Collapse -
Re: Ok the next step is....
by azyardies / December 16, 2009 3:41 AM PST

Hi Griff, I got to this step:
C:\Windows\ServicePackFiles

Then typed after the, C:\Windows\ServicePackFiles>dir
And this is what showed up:
The volume in drice C has no label
The volume Serial Number is 3136-db0e

Directory of C:\Windows\ServicePackFiles

8/13/09 04:36a d------- 0.
8/13/09 04:36a d------- 0..
8/13/09 04:36a d------- 0 ServicePackCache
3 file<s> 0 bytes
34952921088 bytes free

So I was unable to go any further... Darn, I thought it was going to go smooth.
Can we continue still?

Collapse -
Well, That's a Problem
by Grif Thomas Forum moderator / December 16, 2009 5:48 AM PST

Although we could "expand" the WINLOGON.EX_ file which resides in the "C:\I386" directory and copy it over to the System32 folder, it's probably the wrong version and could therefore not fix your issue and cause configuration issues. Then again, it might work just fine but it would be best to have the correct directory where a "good" winlogon.exe file sits. Most importantly here, you need to have your Windows XP disc or a REcovery disc just in case none of this fixes the problem.. Do you have such?

I'm not sitting in front of an XP Home computer so I'm simply not sure where the correct backup file resides and at this point, since a "winlogon.exe" file was still in the System32 folder, it may not be root of the problem.. Have you tried checking the various files in the "System32" folder to see if there is a second "winlogon.exe" file.. You could use the same "dir" command to slowly search through the directory. Sometimes, the actual file has been replaced with an infected version but the "real" file is there with a similar name.. If that's the case, we use commands to delete the bad and rename the good, but you'll need to search the directory yourself.

Hope this helps.

Grif

Collapse -
re: well thats a problem....
by azyardies / December 16, 2009 10:47 AM PST
In reply to: Well, That's a Problem

(1)You asked, "Most importantly here, you need to have your Windows XP disc or a Recovery disc just in case none of this fixes the problem.. Do you have such?

YES, That is what I have been using to do the recovery console thing. My pc was bought new and came with all the disks. Like 3-4 years ago.

(2) you asked, "Have you tried checking the various files in the "System32" folder to see if there is a second "winlogon.exe" file.. You could use the same "dir" command to slowly search through the directory. Sometimes, the actual file has been replaced with an infected version but the "real" file is there with a similar name.."

YES, I checked the system32 folder. I was able to see much of the malware in there too, of course. I did not see a second winlogon.exe. I will assume that if there is another version there, it will be an executable file. If that is so, here is what I found that is malware with an .exe file extension...

AVR10.exe
winupdate86.exe

I also found several numbered malware in the beginning of the directory starting with numbers. Just a couple of examples are:
0 11478.exe
0 15724.exe

I found much malware with dll extentions. If I need to list those, let me know.

NOTE:I googled these and they appear to be malware. Plus ironically, these showed the dates of this year, 2009. Most of them were 12-15-09. Few were in September. Which verifies that this is recent activity.

Here are other things I found with the word 'logon' in them. To be sure, I will post these here. Dont know if there is relevance in these:

krnl386.exe
logagent.exe
logoff.exe
logon.scr
logonui.exe
logonui.exe.manifest
seclogon.dll
wgalogon.dll
windowslogon.manifest

I combed thru as best as I could.
Thanks for your help.

Collapse -
Then I'll Suggest Performing A Full Format And Reinstall
by Grif Thomas Forum moderator / December 16, 2009 11:38 AM PST

Because of the variety of malware you've seen, the damage that was done, plus the availability of your Windows XP disc and other recovery discs, it will be quicker and more thorough to simply wipe the drive and reinstall everything from scratch. Sorry....

Hope this helps.

Grif

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

CNET Forums

Looking for tech help?

Whether you’re looking for dependable tech advice or offering helpful tricks, join the conversation in our forums.