After (partial) removal of the W32.Funner worm from my XP-Home PC
I can boot the PC (whether in secure mode or not is not important), but as soon as I login under any user account,which works ok, I am immediatly within half a second or so logged out again. I have no chance to enter into any account. Has anybody an idea what to do in this situation (beside installing the system again from scratch)?

Try an F8 bootup, "Last Known Good Configuration" & see if that helps... @ least as a start here.

(I have seen this before myself, & it's due to a number of possible things, including a messed up MSGINA.DLL file &/or other things... )



APK

That nasty worm have changed userinit value in Registry...

<long post>

"
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
Value: Userinit
Data: %system32%\wsaupdater.exe
"

%system32% represents the path to the System32 folder. For example, if the path is C:\Windows\System32, then the data would be: "C:\Windows\System32\wsaupdater.exe"

Instead of "wsaupdater.exe", the data should contain "userinit.exe,".
Using the example above, the data would be "C:\Windows\System32\userinit.exe,"
(!Note! the comma following the file path information.)

Using the XP's recovery console, copy userinit.exe to wsaupdater.exe to allow log on capability to be restored, and correct the registry data manually.

In the following instructions, C:\Windows\System32 shall be used as the System32 location. Change the path accordingly to accommodate for your installation directory.

Insert the Windows XP startup disk into the floppy disk drive, or insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.
Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted to do so.

When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
If you have a dual-boot or multiple-boot computer, select the installation that you want to access from the Recovery Console.
When you are prompted to do so, type the Administrator password.

If the administrator password is blank (which is likely the case if Windows XP was preinstalled by your computer manufacturer), just press ENTER.

You should now be in the Windows installation folder ("C:\Windows").
At the Recovery Console command prompt, type the following lines, pressing ENTER after you type each line:

"
cd system32
copy userinit.exe wsaupdater.exe
exit
"

At this time, remove the startup floppy or CD-ROM from your system, and boot into Windows XP. Log on to the system using an account with administrator-level privileges, and edit the registry using this information. It is recommeded that a registry backup be created prior to continuing.

Click start, then run. Enter

regedit

and click OK. Using RegEdit, expand

HKEY_LOCAL_MACHINE
+Software
+Microsoft
+Windows NT
+CurrentVersion
+Winlogon

Locate Userinit in the value column, right-click this item, and choose modify. Replace
"wsaupdater.exe" with "userinit.exe," (do not use quotes, and ensure the trailing comma is present as shown) and click OK.
Exit RegEdit.

Restart your computer, and log on to the system using an account with administrator-level privileges.

Go to My Computer, then to the System32 folder (usually C:, then Windows, then System32). If Explorer prompts that removing files from these areas is not recommended, click to continue. Locate and remove wsaupdater.exe, and delete this file.

</long post>

OH man, this ia KNOWN symptom of a "Wuurm" (as I call them, lol )?



* Figures...

APK

P.S.=> Man! If the guys creating these bastardz would put their time into creating better softwares, we'd have Longhorn out by now! apk

"
"Wuurm"
"

In Finland, these are called "mato", which means same as English word "worm".

"
If the guys creating these bastardz would put their time into creating better softwares, we'd have Longhorn out by now!
"

Agreed.

I wonder, why have none created a worm, which does not use "zombie" computers for spam spreading but for eg. SETI@Home, cancer curing programs, etc. Then again, this would be no "malware" then, it would be "careware".

And the programmers of these worms, would not get their money (or whatever drives them to do these pests) from their employers, if they got any.

Or these programmers could use their programming skills in eg. linux world and make it so, that we could use any Windows application in linux, without emulator of any sort.

Ok.
Daydreaming off.
Back to work ->

Well, there is sort-of a "bright-side" to virus/worms/bad bho/malware in general, in 2 points:

1.) They've exposed flaws &/or potential weakness' in Win32 Os' armor. This is turn, has driven Microsoft to create a more secure & better overall Operating System family because of it.

(Of course, as I alluded to above though, since it makes Microsoft have to divert their development teams from IE for example (which, iirc, DID specifically occur) to this "secure computing initiative" as part of its developer team for that? It's probably held us back from seeing IE7 &/or LongHorn being out already! BUT, would I want either to be less secure than they will be now?? NO! )

&

2.) This "entire industry" springing up around the virus/malware/bad bho/malware phenomenon actually does have an economic 'bright-side', here in the United States @ least. Outsourcing hurt alot of developers badly, myself included, from 2002-2004. Many folks like myself have created side-businesses fixing folks' systems against this, & small PC repair shops have a large part of their daily business secured because of these things as well. E.G.-> A small shop in my area daily has people streaming into it to fix "my pc is running VERY show & is a state-of-the-art/high GHZ machine with tons of RAM" etc. & 99% of the time? The owner told me it is infestations such as these!

(Keeps his motor running there... he told me it is a good 80% of his business nowadays! )



APK

P.S.=> I try to be an 'optimist' & see a bright-side to things... even the bogus ones like the malware phenomenon. In their OWN "weird way"? The creators of these things are making for a better world of tomorrow... I stated here a few times that I don't WANT to know how those guys think: Now? I think I may have sort-of started to understand... or, see what they didn't (if they were totally evil/malicious in intent) themselves as GOOD things because of all of their creations. Regular "Frankenstein Monsters" they are, & I would NOT doubt that a few of their own (Friends/Family) have taken a beating @ the hands of their own creations as well: Poetic Justice/Irony abounds if that did go down... probably has @ LEAST once too! apk

Bah, worms, viruses and trojans have been around since the dawn of man...err...computers. I wouldn't know what to do with myself, if none of these things exist. But, one thing I do wish. That the old days of having a disk that contains both Mcafee and Norton on it to scan current computers. Via DOS. Now, one thing I have noticed which is pretty cool. Avast! has a boot up virus scanner that I have not seen before. Yes, Norton has one, but only if you are not running in NTFS. Avast! doesn't care, it can still scan away. This is run in the mode where chkdsk is run with xp.