Cannot login to XP after Torjan Win32Generic!BT quarantine

BokehBokeh Member Posts: 1,636 ■■■■■■■□□□
Daughter's computer was hit with this tonight. Clicked on a link on Facebook, grrr!

Ran Vipre AV and it quarantined 3 instances, then asked for a reboot.

Rebooted the system, and now you cannot log into any account in XP SP3. Soon as you do, you get the background screen, an hour glass, then it is taken back out to your login. This even happens in safe mode. Cannot get to command prompt in safe mode either, once selected still takes you to the login page.

Simple thing would be to just format the drive and start again, however she has videos and photos stored on this computer of my grandson. Most photos I have on cd, but she kept the videos on her phone then copied them to the computer for safe keeping after deleting from her phone.

So, anyone know a way I can at least get the videos off the machine before trashing this drive and starting again? I do have a support ticket opened with Sunbelt Software, but won't hear anything from them till sometime in the morning tomorrow.

Comments

  • undomielundomiel Member Posts: 2,818
    First thing I would try with that is a repair install. That will generally get you up and running enough to clean things up.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • LukeQuakeLukeQuake Member Posts: 579
    Bokeh wrote: »
    Daughter's computer was hit with this tonight. Clicked on a link on Facebook, grrr!

    Ran Vipre AV and it quarantined 3 instances, then asked for a reboot.

    Rebooted the system, and now you cannot log into any account in XP SP3. Soon as you do, you get the background screen, an hour glass, then it is taken back out to your login. This even happens in safe mode. Cannot get to command prompt in safe mode either, once selected still takes you to the login page.

    Simple thing would be to just format the drive and start again, however she has videos and photos stored on this computer of my grandson. Most photos I have on cd, but she kept the videos on her phone then copied them to the computer for safe keeping after deleting from her phone.

    So, anyone know a way I can at least get the videos off the machine before trashing this drive and starting again? I do have a support ticket opened with Sunbelt Software, but won't hear anything from them till sometime in the morning tomorrow.

    First thing, before you go any further is attahced this drive to another PC as a slave device. If you have an external HDD caddy, which attachs the drive via USB then use that. Back up all crucial data on the disk to another machine. Whilst you are at it, run a full virus scan from that machine on the disk to see if that will clean up anything that's left.

    Once you are certain you have a backup of all your data then run a repair install as suggested, failing that format and start over. It might even be worth considering an upgrade to Windows 7.
    Microsoft Certifications: MCITP:EA, MCSE:S, MCSA:M, MCDST, MCTS: Vista Config, MCITP: Ent Support
    Citrix Certifications: CCA XenApp 4.5/5.0 and XenServer 5.0
    Other: Marathon Certified Consultant (HA, FT and VM), ISEB InfoSec Management Principles and Security+
    Working on: CISSP and Check Team Member
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    Today's xkcd is oddly relevant
  • pryde7pryde7 Member Posts: 74 ■■□□□□□□□□
    The userinit has been replaced by wsaupdater.exe file. If you are repair savvy person....boot with the xp cd and select repair with Recovery console.
    change to the windows\system32 directory and type:
    copy userinit.exe wsaupdater.exe
    exit and reboot.
    You will be able to login now, run registry editor and change
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
    value from C:\WINDOWS\System32\wsaupdater.exe
    to C:\WINDOWS\System32\userinit.exe

    Hope that helps.
  • JockVSJockJockVSJock Member Posts: 1,118
    Ran into something like this the other day. Use the Kaspersky Rescue Disk to clean off any virus:

    Index of /devbuilds/RescueDisk/

    Here is some info in it:

    Kaspersky Rescue Disk – Load Kaspersky AntiVirus 2009 Using DOS
    ***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

    "Its easier to deceive the masses then to convince the masses that they have been deceived."
    -unknown
  • rwwest7rwwest7 Member Posts: 300
    Either take the hard drive out and slave it out to another machine then get your data off. Or do a windows re-install but DON'T format when asked. Windows will only overwrite the C:\Windows folder and everything else will still be there.
Sign In or Register to comment.