XP can't get past startup screen

[piratepast40]

Computer is a Compaq R4000 w/ amd 3200 and 1g Ram. Running XP home.

Got the MS Antivirus 2009 virus/trojan from (of all places) a boat repair forum. This one is particularly nasty in that it changes names after you've removed the program and registry entries. AVG didn't stop the ionfestation but ran a complete scan last night. Now I'm stuck at the login screen.

Computer starts normally. When you get to the login screen and press the user name to load your settings, it begins loading your settings, the wallpaper flashes on for a fraction of a second, and then is says that it's saving your settings. At that point, it reverts back to the sign in screen. You can then shutdown or restart.

I can boot into safe mode but the process is the same.

Tried a repair install from bot recovery disc and fresh windows disc but since the old registry entries are still there, it goes back to the behavior above.

Can't run any programs since I can't get into the XP interface.

Any recommendations other than a reformat and reinstall? (no floppy so can't load basic DOS 5 programs).

If this should go under a different topic or has been covered before - feel free to redirect me.

Thanks

 

[techdeuce]

the reg key for userinit.exe is hosed, or the userinit file itself was overwritten. Try to push a new userinit.exe to the c:\windows\system32 directory either by a network pc or by putting the hard drive into another machine as a slave and copying the good userinit.exe from the clean machine. Another tip is if you have a file in c:\windows\system32 call wsaupdater.exe sometimes it is bad and you can replace it with the userinit.exe (supposed to be the same...sometimes) and just rename it wsaupdater.exe. This one is tricky. Had a server do this on me the other day as a user was running internet explorer on the RDP server even though it was proxyed to go nowhere. Somehow he got around it and got the vundo virus on the rdp server. Had the same symptons you are describing. good luck and make sure you have backups as always.

 

[piratepast40]

Thanks for replying. You're absolutely right about the files. AVG discovered that the virus had replaced the file and that the replacement was infected so it deleted the file. I tried to substitute a new file from a USB drive while in the repair mode but the virus popped up again under name. I finally performed a full format and started from scratch. The problem I'm having now is that I can't log onto my wireless network when it's in a secure mode. My laptops MAC address is listed as an allowed machine but I still get a 0.0.0.0 IP address. I'll eventually restore my router and start from scratch from there also. I believ that issue is newer drivers for my broadcom wireless adapter and some issue with the HP wireless assistant. In any case, it's a good example of what happens with such a pervasive virus. Reverting to a working restore point wouldn't have done any good either.

The lesson is both about backups (I'm covered there) and active anti virus software. I'm not a big fan of something so invasive constantly running on my single core laptop but may need to bite the bullet - either that or NOT DOWNLOAD ACTIVE X FROM AN UNKNOWN SOURCE!!!!

Thanks again for your sugestions. This is a really nasty virus that keeps changing names.