• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

User gets logged off immediatly after logging on..

D

dawks

Diamond Member
A user here got infected with Win32/Gaelicum.A. Thankfully Grisoft has a 'cleaner' for this virus. It apparently infected every .exe on the system. But by booting into safe mode, and running the cleaner, it said every file was infected but cleaned them all. I've since scanned with AVG and Panda-active scan. It says its clean.

Now the user that got infected is unable to fully log on to the system (we have roaming profiles). That user account can log on to other systems fine, and other users can log on to the previously infected system without issue. I've deleted the user profile from the system, tried logging back on, no change, tried reinstalling SP2, no change... The event viewer is no help as far as I can tell.. Any other suggestions? I don't want to reinstall if I dont have too... Thanks.
 
You said you deleted the local profile. Have you deleted the roaming profile?

You might also check this key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

It should have an entry named USERINIT with a value of %system32%\userinit.exe

 
I should have said, I deleted the local copy of the users roaming profile from the 'previously infected machine'. I checked that registry value and it is listed there as you said. And like I said, other users can log on, its this one thats having problems. It loads the profile, the says 'Applying settings', immediatly "Logging Off".

Thanks
 
I believe it's the SHIFT key you hold down while it's booting to stop the auto logon.

Let me know if this helped.
 
Originally posted by: MrChad
IMO, once a system has been compromised by a virus, it's time to reformat.
Click to expand...


Agreed.

That's the only instance in which I recommend reformating.
 
Open Regedit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\profilelist

You're going to see entries like s-1-5-a bunch of numbers Go through each one and look to the right. you will see an entry named ProfileImagePath under data it will have %\systemDrive%\Docs and setting\USERNAME

Look for an entry in there that is for the user. Delete it. Close Regedit

Go to Docs and settings, rename the profile folder. Restart. have the user log back in to create a new profile on the local machine and see if they can get logged in.
 
Originally posted by: JeffreyLebowski
Open Regedit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\profilelist

You're going to see entries like s-1-5-a bunch of numbers Go through each one and look to the right. you will see an entry named ProfileImagePath under data it will have %\systemDrive%\Docs and setting\USERNAME

Look for an entry in there that is for the user. Delete it. Close Regedit

Go to Docs and settings, rename the profile folder. Restart. have the user log back in to create a new profile on the local machine and see if they can get logged in.
Click to expand...

This sounds like a good idea, but I just gave up. Reinstalling and reconfiguring it now. I was curious to find a fix, but the system needs to be back in operation.

Thanks!
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top