Win2000 Pro Logon Problem
#1
Moderator
Thread Starter
Join Date: Dec 1998
Location: Staffs
Posts: 23,573
Likes: 0
Received 0 Likes
on
0 Posts
Got an IBM NetVisa A40 running Win 2000 Pro. I applied SP2 a few weeks back to get it into line after it was infected with various viruses like Funlove.
It was running fine earlier in the week - I logged onto it once last weekend.
Now, when you hit CTRL+ALT+DEL to logon, you enter a username and password as normall. The logon process starts - "Applying your personal settings" is displayed. Almost immediately, "Saving your personal settings" appears and you are returned back to the C+A+D logon screen. No sign of the desktop.
You get the same result on various accounts on different domains AND for the local admin account.
Suggestions or seen before? Searching Deja.com shows only one person has seen this before but no replies.
TIA,
Chris.
It was running fine earlier in the week - I logged onto it once last weekend.
Now, when you hit CTRL+ALT+DEL to logon, you enter a username and password as normall. The logon process starts - "Applying your personal settings" is displayed. Almost immediately, "Saving your personal settings" appears and you are returned back to the C+A+D logon screen. No sign of the desktop.
You get the same result on various accounts on different domains AND for the local admin account.
Suggestions or seen before? Searching Deja.com shows only one person has seen this before but no replies.
TIA,
Chris.
Trending Topics
#9
Sounds like I joke I once played on someone... Used the "Run" thingy (technical term ) to call rundll with the logout options But can't remember how to fix it.
Errr, off the top of my head, try, if you can, look though the registry using a remote computer.
H
Errr, off the top of my head, try, if you can, look though the registry using a remote computer.
H
#13
Scooby Regular
Join Date: Nov 2001
Location: Leeds - It was 562.4bhp@28psi on Optimax, How much closer to 600 with race fuel and a bigger turbo?
Posts: 15,239
Likes: 0
Received 1 Like
on
1 Post
run regedt32 connect to the machine and have a look in:
Hkey localmachine\software\microsoft\windows\currentver sion\run
delete every value, just to be on the safe side...
remove anything from startup folder
check to see what hklm\software\microsoft\windows\currentversion\win logon\ginadll is set to..
CHeck no autologon stuff set.. shouldnt cause probs. but check it..
Hold down shift whilst logging on..
Copy a new copy of explorer.exe on... as it may not be able to load the shell... or maybe corrupt.
check to see if the shell has been changed... cant remember the key though...
David
[Edited by David_Wallis - 6/13/2002 1:23:55 PM]
Hkey localmachine\software\microsoft\windows\currentver sion\run
delete every value, just to be on the safe side...
remove anything from startup folder
check to see what hklm\software\microsoft\windows\currentversion\win logon\ginadll is set to..
CHeck no autologon stuff set.. shouldnt cause probs. but check it..
Hold down shift whilst logging on..
Copy a new copy of explorer.exe on... as it may not be able to load the shell... or maybe corrupt.
check to see if the shell has been changed... cant remember the key though...
David
[Edited by David_Wallis - 6/13/2002 1:23:55 PM]
#14
If it is possible to see the machine across the network check the registy remotely using regedt32.exe (being logged in to the remote PC as domain administrator is the easiest here).
Once in check:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx
and see if anything interesting has been added.
I don't believe the rundll32 log out will work on an NT based machine (the processes priviledges are insufficient to do this).
It could a piece of software that has been installed that requires a reboot at the end of the install but the author has not written the installer correctly (there are quite a few like this).
Or it could be another virus.
Nigel
Once in check:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx
and see if anything interesting has been added.
I don't believe the rundll32 log out will work on an NT based machine (the processes priviledges are insufficient to do this).
It could a piece of software that has been installed that requires a reboot at the end of the install but the author has not written the installer correctly (there are quite a few like this).
Or it could be another virus.
Nigel
#16
Moderator
Thread Starter
Join Date: Dec 1998
Location: Staffs
Posts: 23,573
Likes: 0
Received 0 Likes
on
0 Posts
Ahh, x-posted with David and Nigel. I'll check them first but vaping it is needed I think.
Mmc.exe, userinit.exe and tlntsvr.exe have been infected so far.
Mmc.exe, userinit.exe and tlntsvr.exe have been infected so far.
#18
Moderator
Thread Starter
Join Date: Dec 1998
Location: Staffs
Posts: 23,573
Likes: 0
Received 0 Likes
on
0 Posts
I'd virus scanned the PC several times and it looked clear. Didn't have the time to format and re-install that day.
The Windows Installer Service had been killed, so I SP2'd it to put it back so I could get Office 2000 back on (which was also AWOL thanks to the virus).
The Windows Installer Service had been killed, so I SP2'd it to put it back so I could get Office 2000 back on (which was also AWOL thanks to the virus).
Thread
Thread Starter
Forum
Replies
Last Post
Pro-Line Motorsport
Car Parts For Sale
2
29 September 2015 07:36 PM