Had a PC I couldn’t get into.
XP starts normally, until I’m presented with a few login icons.
I click on a user icon, and it shows “loading user preferences” and soon afterwords “saving user settings”, it never actually leaves the login screen…
Hmmm, I try safe mode, but no go. I try administrator in safe mode, but it makes no difference. I try BartPE, and it starts, I try a virus scan, but it fails at the 20% mark.
I find a forum thread that talks about the problem: http://www.geekstogo.com/forum/lofiversion/index.php/t15771.html.
However, the system doesn’t have a wsaupdater.exe file, so its obviously a similar problem. Maybe a slight variation on the blazefind spyware with a different file substituted for the userinit.exe file… but which one? there are thousands of files in the system32 folder…
Somewhere on the same forum, I find a reference to a complicated solution at microsoft (http://support.microsoft.com/kb/307545) but by reading between the lines, I find I can scale it back to a simpler solution (by using the drive as a secondary drive on another PC, with a correctly functioning windows XP):
– attach drive to another PC
– backup, then delete reg files (eg c:windowssystem32configsystem, etc).
– copy the system restore files (from a few days prior to when I was called out… from X:System Volume Information) to a temp area. I needed to add the Administrator user to the security tab of “properties” for the SVI folder… and then give Administrator full control of the system volume information folder.
– rename files and copy them to c:windowssystem32config folder.
– shutdown, then attach drive to original PC
– happily boot PC as usual.
This is really a registry restore (by using the system restore facilities), for when you cannot start XP to do a system restore.