The other day while browsing the Internet I Found A Fix for a recent problem I was having. The issue is described as follows:
The problem was when logging into windows, it immediately logged off automatically. This was the same for each user account and even attempting to log in using Safe Mode.
This turned out to be due to userinit.exe not running correctly. A virus had hijacked the log in process, running its own executable instead of userinit.exe. A registry key referencing userinit.exe had been altered.
The solution is as follows:
The obvious difficulty is that I could not log on to the PC to access and edit the registry. To get around this a bootable CD such as Hiren Boot CD or BartPE is required.
To edit the registry of the PC Boot int Windows PE or Minid XP on the device.
Once in Windows go to the command prompt and type regedit.
On the File menu, choose Load Hive.
A series of message boxes might appear that stating that the folder cannot be found and that the location is unavailable. Ignore any such messages and click OK when they appear.
The Load Hive dialog box will appear.
In the Files of type box, select All Files.
Navigate to the registry location on the local PC. Typically this is C:\WINDOWS\system32\config.
In this config folder, select the hive SOFTWARE and then click OK.
Back in the Load Hive dialog box type a Key Name, e.g., TEST_ITEM.
Choose HKEY_LOCAL_MACHINE, and then choose the new reg key .
Look for a a key named “OldUserinit”, delete the “Userinit” key and rename the “OldUserinit” key to “Userinit”.
The “Userinit” key should be “C:\WINDOWS\system32\userinit.exe”.
Usually the problem is that this key is referencing an alternative exe which is causing this automatic log off.
Now clicke HKEY_LOCAL_MACHINE, go to the File menu, and then choose Unload Hive.
Reboot the PC. The log on process should work correctly. However a virus scan needs be run immediately. This is because the problem may reoccur at the next logon (This happened to me)
A scanner such as Combofix, Smitfruadfix and/or Malwarebytes should be used. Each of these can be found from a Google search.
After rebooting it is recommended to run an additional scan, perhaps with the installed Anti-Virus program.
I hope you too have Found a Fix!