Log on/Log off Loop RRS feed

  • Question

  • I have a user running XP with SP3 and the other day, they attached a USB flash drive and may have removed it, before the OS finished installing it.  They did NOT use the “safely remove hardware” option, from the system tray.  Now, the computer boots up; however, no one can log onto the computer, for as soon as a user logs on, the computer promptly logs the user off, regardless of who the user is.  I know this mimics the Virut virus/worm; however, the user claims the USB drive scans clean and he/she never saw a virus/worm notice pop up.  The PC is secured with the latest version of Microsoft Security Essentials and the OS was fully patched.  I would appreciate it if someone could point me in a direction, to allow us to log back onto this PC.  Safe mode does not allow us to log on, either.  I am planning on using Microsoft's Windows Defender Offline Beta tool (bootable CD is already created), to scan the PC; however, I am curious to know where else I should start looking.


     Thanks for everyone’s assistance.

    Tuesday, January 17, 2012 1:42 AM

All replies



    What about "Safe Mode With command prompt" and login as Administrator ?

    Did u tried to run the OS in "Last Knows good confiugration" from the boot menu ?

    How many user account u have ? dose it happen for all other user login ?


    Tuesday, January 17, 2012 2:53 AM
  • Hello, Shantanu:

    I have tried, without success, all Safe Mode options, in addition to "Last Known Good Configuration," also, without success.  There are only two accounts (Administrator-based account and user-based account) on the machine and neither one can successfully log on, without the machine logging either account out, immediately. 

    If, in fact, it turns out not to be Virut or some other like infection, I am thinking that some .dll(s) got corrupted, along with a section of the registry.  The problem is figuring out what to try to repair and I am concerned that it could be dozens, hundreds, or more sections that have been damaged or corrupted.  Some research has pointed that the executable that allows a user to log onto the machine may have been corrupted.  I am simply trying to think ahead, in case it is not an infection and am trying to get my strategies in order, prior to sitting down at the machine and beginning my work.

    Again, I appreciate everyone's advise and pointers on this issue.  Thank you.

    Tuesday, January 17, 2012 10:13 PM