Good day to you all. I hope things are treating you okay today. ;)
Problem: Windows boots normally and you hit the logon page. You click on one of the accounts and it starts to log in, you see a flash of your desktop wallpaper and then you’re logged back out again. This happens for every account.
Fix: You need to tweak the registry using remote registry tools. I’ll briefly show you how.
THE FIRST METHOD:
The way to fix this problem is by modifying a registry key in the HKLM registry tree. The key points to a file located in WINDOWS_DIRECTORY\system32\ (WINDOWS_DIRECTORY is most likely “C:\windows\ but some users like to choose something else….) The file is called userinit.exe.
Unfortunately since you cannot log in you can’t get to the registry via the normal way. There are a variety of ways of loading something called a “Remote Registry” and the process that I like the best is by using a free tool called UBCD4Win. It’s basically a liveCD version of windows. Get a copy and boot into UBCD4Win and on the desktop you should see an icon called “Remote RegEdit.”
Open it and load the remote registry hives. You don’t need to in this example but you might as well “load all remaining users.” And there you have it, you should have your registry open in front of you and ready to be modified.
Okay let’s modify!
- Navigate to the “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” registry key.
- Find the “userinit” value. Delete it. (If you can’t find it, don’t worry we’ll be creating a new one.)
- Right click and create a new string value. Call it “userinit” and put the following into it (without the quotes): “WINDOWS_DIRECTORY\system32\userinit.exe” (where WINDOWS_DIRECTORY is the path to your windows folder, usually it will be “C:\windows”.)
- Reboot the computer and you should be able to log in!
THE SECOND METHOD (Try the first method first!!):
Sometimes the above method may not work because the windows files themselves have become damaged. In this case you must replace them with a new, working version. Thankfully this is easy.
Using UBCD4Win you can boot into the recovery console (make sure that your version of UBCD4Win was built with the XP version of Windows.) Follow the prompts (I assume I don’t have to hold your hand for this) and once you’re in the recovery console do the following:
Open the correct windows installation and enter your administrator password if you have one. You’ll see something like “C:\Windows\”, this means that it is pointing to your windows folder. That’s good and normal except the file that we want to change is in another folder so we must point to that folder.
- Type the following: “CD SYSTEM32” and press enter. The prompt should now say something like “C:\windows\system32”.
- Type the following: “COPY USERINIT.EXE WSAUPDATER.EXE” This will replace the file that is responsible for this mess.
- Type “Exit”.
Now you should be able to log into windows. The last thing you need to do is change the “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” key as described in the first method.
And hopefully that will work!
How to explain this problem to the client: Well sir this is caused by a rogue piece of spyware that likes to maim your windows installation when you remove it. It’s like a kamikaze attack. Pretty snarly isn’t it?
Good luck and tell me how it goes on the forums.