Cannot Open Windows from Welcome Screen

  • Thread starter Thread starter Bill
  • Start date Start date
B

Bill

I have a problem with an HP laptop on our church network. I am unable to
get beyond the Windows XP Welcome screen.

As far as I know it was working reasonably well, but today, I discovered
several virus' on it. The primary "infection" was from Beagle and I have
cleaned that off. It also had a few files infected with Mitclieder.m (or
something close to that name), KillAV, and Baglet.

I had not yet installed SP2...that was my next move.

I removed Beagle (with a removal tool from Norton). I installed and ran
Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware found
314 spyware/malware/data miner/etc objects and I told it to remove them.
All were quarantined and removed except a couple locations of
....msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete them
upon rebooting and I said yes.

I rebooted and am now unable to get beyond the Welcome Screen.

When I click on the User Icon, windows responds "Loading your personal
settings", then "Logging off", and finally "Saving your settings".

I have tried starting the computer in safe mode and the only difference is I
get two log-in icons...one for the Administrator and one for the User. With
either icon it is the same story as above, "Loading...", "Logging off", and
"Saving..."; but no movement beyond the welcome screen.

The only thing that I know I did not do, but should have, was I did not turn
off system restore prior to running the Beagle fix program and the Ad-Aware.

I have removed the laptop from the network, but I am at a loss as to how to
proceed from this point.

Thanks in advance for any assistance.

Bill
 
I have a problem with an HP laptop on our church network. I am unable to
get beyond the Windows XP Welcome screen.

As far as I know it was working reasonably well, but today, I discovered
several virus' on it. The primary "infection" was from Beagle and I have
cleaned that off. It also had a few files infected with Mitclieder.m (or
something close to that name), KillAV, and Baglet.

I had not yet installed SP2...that was my next move.

I removed Beagle (with a removal tool from Norton). I installed and ran
Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware found
314 spyware/malware/data miner/etc objects and I told it to remove them.
All were quarantined and removed except a couple locations of
...msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete them
upon rebooting and I said yes.

I rebooted and am now unable to get beyond the Welcome Screen.

When I click on the User Icon, windows responds "Loading your personal
settings", then "Logging off", and finally "Saving your settings".

I have tried starting the computer in safe mode and the only difference is I
get two log-in icons...one for the Administrator and one for the User. With
either icon it is the same story as above, "Loading...", "Logging off", and
"Saving..."; but no movement beyond the welcome screen.

The only thing that I know I did not do, but should have, was I did not turn
off system restore prior to running the Beagle fix program and the Ad-Aware.

I have removed the laptop from the network, but I am at a loss as to how to
proceed from this point.

Thanks in advance for any assistance.

Bill
Click to expand...

The copy of the virus hiding in System Restore typically remains harmless
*unless* you roll back to a restore point that includes it. Since you
aren't going to do that, you could delete the restore points now instead.

Consider: You're working with a machine that has been severely compromised.
Using a few tools you've found a number of viruses and a high number of
other malware. There may be more infections that have not yet been found.
There is no way to determine how extensive the damage is since you can't
log on. (PS: One tool specifically for Beagle and a few scans with
anti-spyware programs is only a start to analyzing what's going on with
this system and probably it has shown only the tip of the iceberg.)

Wouldn't it make more sense, for the safety of the entire network, to do a
complete restore instead of trying to repair this? After restoring, put
protection in place (firewall, antivirus, anti-spyware programs, etc);
educate the laptop user on their use and on safe computing practices.

Okay, I'm dreaming on that last part - users, for the most part, do not
like to listen to this kind of advice and it will happen again. At least
get them on a backup routine so that they don't lose their "stuff" when the
machine has to be rebuilt again.
 
Do you have a Norton Anti-Virus or Norton Systemworks CD? If so, you can
boot the system with it and select "run utilities from the cd". That
feature is designed for your situation. It will be a start and will only
detect and deal with viruses identified at the time the cd was manufactured,
but you may get lucky and be able to eliminate the malware preventing a
boot. If you can get the system to boot after this repair then you can go
online to Symantec or another Anti-virus manufacturer's website and use
their online virus scanner to deal with remaining problems.

Do you have a Ghost image or backup file on an external hard drive you can
use to restore the system in these cases?
 
Thanks for the suggestion...you speak with great validity.

Since this is a new user of this computer...the previous user has moved to a
new job...it makes pretty good sense. I doubt he has much on the laptop to
lose.

Since I can't log in, do I just do this restore from the system disks (which
I am attempting to locate)?

Thanks for your help.

Bill
 
Thanks Colin,

I have both Norton CDs...though maybe not new enough, hard to say. The
computer actually has Norton AV on it, but the subscription had run out.
Darn the luck.

Actually, the on-line screen is what I ran today to find the virus'.

No luck on the backups. Sharon probably has the best suggestion since this
will be a new user and can start "fresh". I'm just not sure how to do the
restore since I can't log in.

Bill
 
I think the utilities will run from the CD regardless of the subscription.
In any case, a clean install is in order. Do a full hard disk format (not
the quick format).
 
Thanks for the suggestion...you speak with great validity.

Since this is a new user of this computer...the previous user has moved to a
new job...it makes pretty good sense. I doubt he has much on the laptop to
lose.

Since I can't log in, do I just do this restore from the system disks (which
I am attempting to locate)?

Thanks for your help.
Click to expand...

Hi, Bill

Most laptops come with OEM restore/recovery CDs. These usually have their
own special setup routine and running this can be different than running
XP's setup.

You should be able to go online at the manufacturer's site and download a
manual for the laptop model. If no manual is available for downloading, at
the very least there should be an online document that maps out the steps
for the procedure. Recently, the hard drive on my daughter's Dell took a
dive and Dell sent her a new one. I was able to guide her through the
reinstall process over the phone using a downloaded manual found on the
Dell site.

By the way, the OEMs (original equipment manufacturers) usually have
replacement CDs that can be purchased if the original CDs are lost or
damaged.
 
Hi all,

I just went thru this whole gig last week...same
login/logoff problem. Fortunately was able to use XP disk
to boot and run utility to fix. I am seeing this problem
alot in discussions. The next topic will be: when you run
Norton, it will find a TON of adware/malware. The Norton
site has detailed steps on how to delete each one. Here's
the catch...most will need to have strings removed from
the Registry. However, nothing happens when I try to run
regedit. No windows appear and seems there is no way to
get to the registry to clean out all the malware strings.
Any ideas or thoughts would be helpful. Thanks.
 
most will need to have strings removed from
the Registry. However, nothing happens when I try to run
regedit. No windows appear and seems there is no way to
get to the registry to clean out all the malware strings.
Any ideas or thoughts would be helpful. Thanks.
Click to expand...

Many of these things will block the running of MSCONFIG, Task Manager and
the Registry Editor -thus making the removal of the intrusion more
difficult. If the system tools are blocked by name, renaming their
executables is a good workaround. Example: Rename regedit.exe to
regedit.com

Or you can run the tool created by MVP Doug Knox that creates a "backup
set" of those three programs for you:
http://www.dougknox.com/xp/utils/xp_emerutils.htm
 
Back
Top