Hi Guys,

I struck a strange one today.. And please no comment what I should do.. problem was Repaired.. I mention it here as I did not locate a likley cause..

The system:
Win XP He sp1, Cel2.6G 256Mb ram on a gigabyte MoBo.. NAV 2004 appeared to be updated to one week ago.. patches seemed ok but not SP2..

Fault;
system would boot almost to Desktop..ie wallpaper would appear then the "welcom" would reappear.. and the logon screen would come up.. (single user and no password)
Clicking on the users name would bring up a brief flash of the users wallpaper the Logging out would come up and back to logon screen:

Customer had reported that they had cleared the cookies and TIF's and emptied the Recycle Bin before switch off.. so suspicion of a critical file is considdered..

What I did:
Yep: Bart was first into the show: checked the recycle bin.. empty.. (I don't have bart setup to do file recovery..)
then a Stinger and a Mcafee AV scann (2 week old defs).. only found a couple of Downloader trojans.. ie Adware crap
Adawre 6 found the same..

A quick look at the registry, The tool I currently use looks at HKLM and HKCU strands of the registry, Showed only a couple of parasites ..ie Bridge.exe And some rundll32's ..

So a backup of the machines registry (haven't tried a restore from a remote registry bu yet so this was like putting on Bubble wrap before jumping out of a speeding car)

All funnies Renamed, moved or deleted.. ready to restart.. almost.. "Google is my friend":

A couple of tries with different combinations in google with Logo logoff and winXP .. yeilded about three mentions of the symptoms I was looking at.. each mentioned a corrupted Userinit.exe .. ok restore from CD.. Well these guys had no problems it seems.. Oh and buy the way it seems that at least one of these ppl had the same set of circumstances leading to the problem,, oh and their machines were full of spyware....

So a check of the file ..no problems correct weight and size for a SP1 HE machine.. Restore from the cd anyway!! .. Attempted restart..FAILED.. Same symptoms as before..

Can't F around anlonger with this job.. Repair install.. Fixed.. REmoved the remaining spyware crap 10 different progs.. 40 or so files (not counting 1 or 2 hundred cookies)..
Ren Win Update.. installed SP 2.. F...F...F.. Modem gone..F SP2.. reinstalled Modem.. yep the Customers Hubbies Porn Sites are back and running.. (Copied Links for future examination then) Removed them.. Installed F/Fox, and placed the porn sites in the Hosts file..redirected to 127.0.0.1


It annoys me when I cant get to the root cause of the problem..but Time is money.. and in this case it was a time restriction as well..



Anyone else seen this symptom? Be interested to see if this isn't a newish virii or Crapware..

Cheers

Undies


BTW: Had another job.. site call

Compaq Box with Win2k.. on a small network (ok TS ..a what netwerk) 3 machines via a adsl router -SLOOOOOOOOOOW ADSL 64\128

Intermittent errors in IE (they have to use it because of the Company online finance and sales logins) and Cant send emails ..

Hmm quick check: Outbox 10 emails, one with an attachment, a small picture of 52.5MB

deleted .. problem 1 solved..
Hmmm .. Taskman?,.. yep a funny in the running processes..

killed it and a quick run of FXNETSKY to remove the rest of Netsky.D.. while that was running a quick install of Adaware-se and 60 items later (mainly Cookies) ..An install of AVG..to tide them over untill my next call to install a current edition of McAfee AV.. to replace their 2yr out of date version.. (thats right 1 bloody virus.. and 2 years of no def updates..oh and the version had no email scan either) that is luck