Unable To Logon To WindowsXP After Cleaning Trojans 1

[zoeythecat]

Hi All,

I have a situation with a laptop with WindowsXP (Had SP1 and no up to date virus program). I updated the system to SP2 and installed an up to date virus program. After doing so, several trojans and malware got detected. After running post SP2 updates and running a couple of scans, the following problem is encountered: I get the windows logon screen, I attempt to logon. The logon process appears to be going okay, but no icons are displayed on desktop, no start button, nothing. Just the blue Dell screen appears. Several reboots and waiting for up to a 1/2 hour to see if anything appears, but nothing appears. I've tried running a chkdsk /r but I still have the same issue. Is there any other way (other than to reinstall/reformat)I can recover this system?

TIA,
Zoey

 

[Sympology]

Hit CNTRL, ALT & DEL and open taks manager, see if anything is locked at 100% cpu.

Stu..

Only the truly stupid believe they know everything.
Stu.. 2004

 

[Sympology]

Also can you get in Safe Mode?

Only the truly stupid believe they know everything.
Stu.. 2004

 

[zoeythecat]

CPU is running fine. I get the same issue in SafeMode

 

[gbaughma]

Drop in your XP disc, boot off of it, take the SECOND "R" (for repair windows installation)

Do your service packs again once that is complete.



Just my 2¢
-Cole's Law: Shredded cabbage

--Greg

http://parallel.tzo.com

 

[linney]

Some general things to try.



See if System Restore will get you back to a restore point before your problem with Explorer.

You tried Safe Mode but did you try another username from Normal Mode in case it is a corrupted profile problem?

811151 - How to Copy User Data to a New User Profile

http://support.microsoft.com/?kbid=811151

Removing adware & spyware
faq608-4650

Try the free version of "Ewido" now called "AVG Anti-Spyware 7.5"

http://www.ewido.net/en/download/

Windows Defender

http://www.microsoft.com/athome/security/spyware/software/default.mspx

Run the System File Checker program from the Run Box by typing.....Sfc /Scannow in it and have your XP CD handy.

HOW TO: Verify Unsigned Device Drivers in Windows XP

http://support.microsoft.com/support/kb/articles/q308/5/14.asp

If they don't work you could try repairing windows by running it over itself. You will lose all your windows updates but your files will be untouched.

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP (Q315341)

http://support.microsoft.com/support/kb/articles/q315/3/41.asp

 

[allteltec]

I had one once that acted like yours. I was called after they left there AV program run out for a couple months and was doing P2P down loading and when the computer started running slow they bought McAfee and ran it after that the computer booted like yours. What I founded was a Virus extention to the winlogon Shell
My Computer\HKEY_LOCAL_MACHINE\SHOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell
should say Explorer.exe The bad info said Explorer.exe; trojan. I used Bert Pe with a regedit plugin and edited the Shell info and the computer booted up ok.

 

[zoeythecat]

Thanks for all your suggestions. I will try them all.

Allteltec: I think your suggestion may work. One of the spyware programs that was active on this system was "nail.exe" that resided in the registry key you noted. I believe if I put the explorer.exe back in the key you note, I should then be all set.

I'll post back after I check this tomorrow.

Thanks everyone!

 

[zoeythecat]

Allteltec,

That worked.

Thanks