Cannot Open Windows from Welcome Screen

Archived from groups: microsoft.public.windowsxp.basics (More info?)

I have a problem with an HP laptop on our church network. I am unable to
get beyond the Windows XP Welcome screen.

As far as I know it was working reasonably well, but today, I discovered
several virus' on it. The primary "infection" was from Beagle and I have
cleaned that off. It also had a few files infected with Mitclieder.m (or
something close to that name), KillAV, and Baglet.

I had not yet installed SP2...that was my next move.

I removed Beagle (with a removal tool from Norton). I installed and ran
Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware found
314 spyware/malware/data miner/etc objects and I told it to remove them.
All were quarantined and removed except a couple locations of
....msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete them
upon rebooting and I said yes.

I rebooted and am now unable to get beyond the Welcome Screen.

When I click on the User Icon, windows responds "Loading your personal
settings", then "Logging off", and finally "Saving your settings".

I have tried starting the computer in safe mode and the only difference is I
get two log-in icons...one for the Administrator and one for the User. With
either icon it is the same story as above, "Loading...", "Logging off", and
"Saving..."; but no movement beyond the welcome screen.

The only thing that I know I did not do, but should have, was I did not turn
off system restore prior to running the Beagle fix program and the Ad-Aware.

I have removed the laptop from the network, but I am at a loss as to how to
proceed from this point.

Thanks in advance for any assistance.

Bill
8 answers Last reply
More about cannot open windows screen
  1. Archived from groups: microsoft.public.windowsxp.basics (More info?)

    On Wed, 22 Sep 2004 17:42:26 -0400, Bill wrote:

    > I have a problem with an HP laptop on our church network. I am unable to
    > get beyond the Windows XP Welcome screen.
    >
    > As far as I know it was working reasonably well, but today, I discovered
    > several virus' on it. The primary "infection" was from Beagle and I have
    > cleaned that off. It also had a few files infected with Mitclieder.m (or
    > something close to that name), KillAV, and Baglet.
    >
    > I had not yet installed SP2...that was my next move.
    >
    > I removed Beagle (with a removal tool from Norton). I installed and ran
    > Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware found
    > 314 spyware/malware/data miner/etc objects and I told it to remove them.
    > All were quarantined and removed except a couple locations of
    > ...msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete them
    > upon rebooting and I said yes.
    >
    > I rebooted and am now unable to get beyond the Welcome Screen.
    >
    > When I click on the User Icon, windows responds "Loading your personal
    > settings", then "Logging off", and finally "Saving your settings".
    >
    > I have tried starting the computer in safe mode and the only difference is I
    > get two log-in icons...one for the Administrator and one for the User. With
    > either icon it is the same story as above, "Loading...", "Logging off", and
    > "Saving..."; but no movement beyond the welcome screen.
    >
    > The only thing that I know I did not do, but should have, was I did not turn
    > off system restore prior to running the Beagle fix program and the Ad-Aware.
    >
    > I have removed the laptop from the network, but I am at a loss as to how to
    > proceed from this point.
    >
    > Thanks in advance for any assistance.
    >
    > Bill

    The copy of the virus hiding in System Restore typically remains harmless
    *unless* you roll back to a restore point that includes it. Since you
    aren't going to do that, you could delete the restore points now instead.

    Consider: You're working with a machine that has been severely compromised.
    Using a few tools you've found a number of viruses and a high number of
    other malware. There may be more infections that have not yet been found.
    There is no way to determine how extensive the damage is since you can't
    log on. (PS: One tool specifically for Beagle and a few scans with
    anti-spyware programs is only a start to analyzing what's going on with
    this system and probably it has shown only the tip of the iceberg.)

    Wouldn't it make more sense, for the safety of the entire network, to do a
    complete restore instead of trying to repair this? After restoring, put
    protection in place (firewall, antivirus, anti-spyware programs, etc);
    educate the laptop user on their use and on safe computing practices.

    Okay, I'm dreaming on that last part - users, for the most part, do not
    like to listen to this kind of advice and it will happen again. At least
    get them on a backup routine so that they don't lose their "stuff" when the
    machine has to be rebuilt again.

    --
    Sharon F
    MS-MVP ~ Windows XP Shell/User
  2. Archived from groups: microsoft.public.windowsxp.basics (More info?)

    Do you have a Norton Anti-Virus or Norton Systemworks CD? If so, you can
    boot the system with it and select "run utilities from the cd". That
    feature is designed for your situation. It will be a start and will only
    detect and deal with viruses identified at the time the cd was manufactured,
    but you may get lucky and be able to eliminate the malware preventing a
    boot. If you can get the system to boot after this repair then you can go
    online to Symantec or another Anti-virus manufacturer's website and use
    their online virus scanner to deal with remaining problems.

    Do you have a Ghost image or backup file on an external hard drive you can
    use to restore the system in these cases?

    "Bill" <billb-1111nospam@cox.net> wrote in message
    news:tlm4d.45019$Ka6.20074@okepread03...
    >I have a problem with an HP laptop on our church network. I am unable to
    >get beyond the Windows XP Welcome screen.
    >
    > As far as I know it was working reasonably well, but today, I discovered
    > several virus' on it. The primary "infection" was from Beagle and I have
    > cleaned that off. It also had a few files infected with Mitclieder.m (or
    > something close to that name), KillAV, and Baglet.
    >
    > I had not yet installed SP2...that was my next move.
    >
    > I removed Beagle (with a removal tool from Norton). I installed and ran
    > Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware found
    > 314 spyware/malware/data miner/etc objects and I told it to remove them.
    > All were quarantined and removed except a couple locations of
    > ...msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete them
    > upon rebooting and I said yes.
    >
    > I rebooted and am now unable to get beyond the Welcome Screen.
    >
    > When I click on the User Icon, windows responds "Loading your personal
    > settings", then "Logging off", and finally "Saving your settings".
    >
    > I have tried starting the computer in safe mode and the only difference is
    > I get two log-in icons...one for the Administrator and one for the User.
    > With either icon it is the same story as above, "Loading...", "Logging
    > off", and "Saving..."; but no movement beyond the welcome screen.
    >
    > The only thing that I know I did not do, but should have, was I did not
    > turn off system restore prior to running the Beagle fix program and the
    > Ad-Aware.
    >
    > I have removed the laptop from the network, but I am at a loss as to how
    > to proceed from this point.
    >
    > Thanks in advance for any assistance.
    >
    > Bill
    >
  3. Archived from groups: microsoft.public.windowsxp.basics (More info?)

    Thanks for the suggestion...you speak with great validity.

    Since this is a new user of this computer...the previous user has moved to a
    new job...it makes pretty good sense. I doubt he has much on the laptop to
    lose.

    Since I can't log in, do I just do this restore from the system disks (which
    I am attempting to locate)?

    Thanks for your help.

    Bill

    "Sharon F" <sharonfDEL@ETEmvps.org> wrote in message
    news:ejz%23ZRPoEHA.3896@TK2MSFTNGP15.phx.gbl...
    > On Wed, 22 Sep 2004 17:42:26 -0400, Bill wrote:
    >
    >> I have a problem with an HP laptop on our church network. I am unable to
    >> get beyond the Windows XP Welcome screen.
    >>
    >> As far as I know it was working reasonably well, but today, I discovered
    >> several virus' on it. The primary "infection" was from Beagle and I have
    >> cleaned that off. It also had a few files infected with Mitclieder.m (or
    >> something close to that name), KillAV, and Baglet.
    >>
    >> I had not yet installed SP2...that was my next move.
    >>
    >> I removed Beagle (with a removal tool from Norton). I installed and ran
    >> Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware
    >> found
    >> 314 spyware/malware/data miner/etc objects and I told it to remove them.
    >> All were quarantined and removed except a couple locations of
    >> ...msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete
    >> them
    >> upon rebooting and I said yes.
    >>
    >> I rebooted and am now unable to get beyond the Welcome Screen.
    >>
    >> When I click on the User Icon, windows responds "Loading your personal
    >> settings", then "Logging off", and finally "Saving your settings".
    >>
    >> I have tried starting the computer in safe mode and the only difference
    >> is I
    >> get two log-in icons...one for the Administrator and one for the User.
    >> With
    >> either icon it is the same story as above, "Loading...", "Logging off",
    >> and
    >> "Saving..."; but no movement beyond the welcome screen.
    >>
    >> The only thing that I know I did not do, but should have, was I did not
    >> turn
    >> off system restore prior to running the Beagle fix program and the
    >> Ad-Aware.
    >>
    >> I have removed the laptop from the network, but I am at a loss as to how
    >> to
    >> proceed from this point.
    >>
    >> Thanks in advance for any assistance.
    >>
    >> Bill
    >
    > The copy of the virus hiding in System Restore typically remains harmless
    > *unless* you roll back to a restore point that includes it. Since you
    > aren't going to do that, you could delete the restore points now instead.
    >
    > Consider: You're working with a machine that has been severely
    > compromised.
    > Using a few tools you've found a number of viruses and a high number of
    > other malware. There may be more infections that have not yet been found.
    > There is no way to determine how extensive the damage is since you can't
    > log on. (PS: One tool specifically for Beagle and a few scans with
    > anti-spyware programs is only a start to analyzing what's going on with
    > this system and probably it has shown only the tip of the iceberg.)
    >
    > Wouldn't it make more sense, for the safety of the entire network, to do a
    > complete restore instead of trying to repair this? After restoring, put
    > protection in place (firewall, antivirus, anti-spyware programs, etc);
    > educate the laptop user on their use and on safe computing practices.
    >
    > Okay, I'm dreaming on that last part - users, for the most part, do not
    > like to listen to this kind of advice and it will happen again. At least
    > get them on a backup routine so that they don't lose their "stuff" when
    > the
    > machine has to be rebuilt again.
    >
    > --
    > Sharon F
    > MS-MVP ~ Windows XP Shell/User
  4. Archived from groups: microsoft.public.windowsxp.basics (More info?)

    Thanks Colin,

    I have both Norton CDs...though maybe not new enough, hard to say. The
    computer actually has Norton AV on it, but the subscription had run out.
    Darn the luck.

    Actually, the on-line screen is what I ran today to find the virus'.

    No luck on the backups. Sharon probably has the best suggestion since this
    will be a new user and can start "fresh". I'm just not sure how to do the
    restore since I can't log in.

    Bill

    "Colin Barnhorst" <colinbarharst@msn.com> wrote in message
    news:u4%2393sPoEHA.3712@TK2MSFTNGP15.phx.gbl...
    > Do you have a Norton Anti-Virus or Norton Systemworks CD? If so, you can
    > boot the system with it and select "run utilities from the cd". That
    > feature is designed for your situation. It will be a start and will only
    > detect and deal with viruses identified at the time the cd was
    > manufactured, but you may get lucky and be able to eliminate the malware
    > preventing a boot. If you can get the system to boot after this repair
    > then you can go online to Symantec or another Anti-virus manufacturer's
    > website and use their online virus scanner to deal with remaining
    > problems.
    >
    > Do you have a Ghost image or backup file on an external hard drive you can
    > use to restore the system in these cases?
    >
    > "Bill" <billb-1111nospam@cox.net> wrote in message
    > news:tlm4d.45019$Ka6.20074@okepread03...
    >>I have a problem with an HP laptop on our church network. I am unable to
    >>get beyond the Windows XP Welcome screen.
    >>
    >> As far as I know it was working reasonably well, but today, I discovered
    >> several virus' on it. The primary "infection" was from Beagle and I have
    >> cleaned that off. It also had a few files infected with Mitclieder.m (or
    >> something close to that name), KillAV, and Baglet.
    >>
    >> I had not yet installed SP2...that was my next move.
    >>
    >> I removed Beagle (with a removal tool from Norton). I installed and ran
    >> Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware
    >> found 314 spyware/malware/data miner/etc objects and I told it to remove
    >> them. All were quarantined and removed except a couple locations of
    >> ...msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete
    >> them upon rebooting and I said yes.
    >>
    >> I rebooted and am now unable to get beyond the Welcome Screen.
    >>
    >> When I click on the User Icon, windows responds "Loading your personal
    >> settings", then "Logging off", and finally "Saving your settings".
    >>
    >> I have tried starting the computer in safe mode and the only difference
    >> is I get two log-in icons...one for the Administrator and one for the
    >> User. With either icon it is the same story as above, "Loading...",
    >> "Logging off", and "Saving..."; but no movement beyond the welcome
    >> screen.
    >>
    >> The only thing that I know I did not do, but should have, was I did not
    >> turn off system restore prior to running the Beagle fix program and the
    >> Ad-Aware.
    >>
    >> I have removed the laptop from the network, but I am at a loss as to how
    >> to proceed from this point.
    >>
    >> Thanks in advance for any assistance.
    >>
    >> Bill
    >>
    >
    >
  5. Archived from groups: microsoft.public.windowsxp.basics (More info?)

    I think the utilities will run from the CD regardless of the subscription.
    In any case, a clean install is in order. Do a full hard disk format (not
    the quick format).

    "Bill" <billb-1111nospam@cox.net> wrote in message
    news:Z3s4d.45062$Ka6.4245@okepread03...
    > Thanks Colin,
    >
    > I have both Norton CDs...though maybe not new enough, hard to say. The
    > computer actually has Norton AV on it, but the subscription had run out.
    > Darn the luck.
    >
    > Actually, the on-line screen is what I ran today to find the virus'.
    >
    > No luck on the backups. Sharon probably has the best suggestion since
    > this will be a new user and can start "fresh". I'm just not sure how to
    > do the restore since I can't log in.
    >
    > Bill
    >
    > "Colin Barnhorst" <colinbarharst@msn.com> wrote in message
    > news:u4%2393sPoEHA.3712@TK2MSFTNGP15.phx.gbl...
    >> Do you have a Norton Anti-Virus or Norton Systemworks CD? If so, you can
    >> boot the system with it and select "run utilities from the cd". That
    >> feature is designed for your situation. It will be a start and will only
    >> detect and deal with viruses identified at the time the cd was
    >> manufactured, but you may get lucky and be able to eliminate the malware
    >> preventing a boot. If you can get the system to boot after this repair
    >> then you can go online to Symantec or another Anti-virus manufacturer's
    >> website and use their online virus scanner to deal with remaining
    >> problems.
    >>
    >> Do you have a Ghost image or backup file on an external hard drive you
    >> can use to restore the system in these cases?
    >>
    >> "Bill" <billb-1111nospam@cox.net> wrote in message
    >> news:tlm4d.45019$Ka6.20074@okepread03...
    >>>I have a problem with an HP laptop on our church network. I am unable to
    >>>get beyond the Windows XP Welcome screen.
    >>>
    >>> As far as I know it was working reasonably well, but today, I discovered
    >>> several virus' on it. The primary "infection" was from Beagle and I
    >>> have cleaned that off. It also had a few files infected with
    >>> Mitclieder.m (or something close to that name), KillAV, and Baglet.
    >>>
    >>> I had not yet installed SP2...that was my next move.
    >>>
    >>> I removed Beagle (with a removal tool from Norton). I installed and ran
    >>> Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware
    >>> found 314 spyware/malware/data miner/etc objects and I told it to remove
    >>> them. All were quarantined and removed except a couple locations of
    >>> ...msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete
    >>> them upon rebooting and I said yes.
    >>>
    >>> I rebooted and am now unable to get beyond the Welcome Screen.
    >>>
    >>> When I click on the User Icon, windows responds "Loading your personal
    >>> settings", then "Logging off", and finally "Saving your settings".
    >>>
    >>> I have tried starting the computer in safe mode and the only difference
    >>> is I get two log-in icons...one for the Administrator and one for the
    >>> User. With either icon it is the same story as above, "Loading...",
    >>> "Logging off", and "Saving..."; but no movement beyond the welcome
    >>> screen.
    >>>
    >>> The only thing that I know I did not do, but should have, was I did not
    >>> turn off system restore prior to running the Beagle fix program and the
    >>> Ad-Aware.
    >>>
    >>> I have removed the laptop from the network, but I am at a loss as to how
    >>> to proceed from this point.
    >>>
    >>> Thanks in advance for any assistance.
    >>>
    >>> Bill
    >>>
    >>
    >>
    >
    >
  6. Archived from groups: microsoft.public.windowsxp.basics (More info?)

    Hi all,

    I just went thru this whole gig last week...same
    login/logoff problem. Fortunately was able to use XP disk
    to boot and run utility to fix. I am seeing this problem
    alot in discussions. The next topic will be: when you run
    Norton, it will find a TON of adware/malware. The Norton
    site has detailed steps on how to delete each one. Here's
    the catch...most will need to have strings removed from
    the Registry. However, nothing happens when I try to run
    regedit. No windows appear and seems there is no way to
    get to the registry to clean out all the malware strings.
    Any ideas or thoughts would be helpful. Thanks.
    >-----Original Message-----
    >I think the utilities will run from the CD regardless of
    the subscription.
    >In any case, a clean install is in order. Do a full hard
    disk format (not
    >the quick format).
    >
    >"Bill" <billb-1111nospam@cox.net> wrote in message
    >news:Z3s4d.45062$Ka6.4245@okepread03...
    >> Thanks Colin,
    >>
    >> I have both Norton CDs...though maybe not new enough,
    hard to say. The
    >> computer actually has Norton AV on it, but the
    subscription had run out.
    >> Darn the luck.
    >>
    >> Actually, the on-line screen is what I ran today to
    find the virus'.
    >>
    >> No luck on the backups. Sharon probably has the best
    suggestion since
    >> this will be a new user and can start "fresh". I'm
    just not sure how to
    >> do the restore since I can't log in.
    >>
    >> Bill
    >>
    >> "Colin Barnhorst" <colinbarharst@msn.com> wrote in
    message
    >> news:u4%2393sPoEHA.3712@TK2MSFTNGP15.phx.gbl...
    >>> Do you have a Norton Anti-Virus or Norton Systemworks
    CD? If so, you can
    >>> boot the system with it and select "run utilities from
    the cd". That
    >>> feature is designed for your situation. It will be a
    start and will only
    >>> detect and deal with viruses identified at the time
    the cd was
    >>> manufactured, but you may get lucky and be able to
    eliminate the malware
    >>> preventing a boot. If you can get the system to boot
    after this repair
    >>> then you can go online to Symantec or another Anti-
    virus manufacturer's
    >>> website and use their online virus scanner to deal
    with remaining
    >>> problems.
    >>>
    >>> Do you have a Ghost image or backup file on an
    external hard drive you
    >>> can use to restore the system in these cases?
    >>>
    >>> "Bill" <billb-1111nospam@cox.net> wrote in message
    >>> news:tlm4d.45019$Ka6.20074@okepread03...
    >>>>I have a problem with an HP laptop on our church
    network. I am unable to
    >>>>get beyond the Windows XP Welcome screen.
    >>>>
    >>>> As far as I know it was working reasonably well, but
    today, I discovered
    >>>> several virus' on it. The primary "infection" was
    from Beagle and I
    >>>> have cleaned that off. It also had a few files
    infected with
    >>>> Mitclieder.m (or something close to that name),
    KillAV, and Baglet.
    >>>>
    >>>> I had not yet installed SP2...that was my next move.
    >>>>
    >>>> I removed Beagle (with a removal tool from Norton).
    I installed and ran
    >>>> Lavasoft Ad-Aware as I noted it had a lot of pop-ups,
    etc. Ad-Aware
    >>>> found 314 spyware/malware/data miner/etc objects and
    I told it to remove
    >>>> them. All were quarantined and removed except a
    couple locations of
    >>>> ...msbbhook.dll and one ...dummy.htm. It asked if I
    wanted to delete
    >>>> them upon rebooting and I said yes.
    >>>>
    >>>> I rebooted and am now unable to get beyond the
    Welcome Screen.
    >>>>
    >>>> When I click on the User Icon, windows
    responds "Loading your personal
    >>>> settings", then "Logging off", and finally "Saving
    your settings".
    >>>>
    >>>> I have tried starting the computer in safe mode and
    the only difference
    >>>> is I get two log-in icons...one for the Administrator
    and one for the
    >>>> User. With either icon it is the same story as
    above, "Loading...",
    >>>> "Logging off", and "Saving..."; but no movement
    beyond the welcome
    >>>> screen.
    >>>>
    >>>> The only thing that I know I did not do, but should
    have, was I did not
    >>>> turn off system restore prior to running the Beagle
    fix program and the
    >>>> Ad-Aware.
    >>>>
    >>>> I have removed the laptop from the network, but I am
    at a loss as to how
    >>>> to proceed from this point.
    >>>>
    >>>> Thanks in advance for any assistance.
    >>>>
    >>>> Bill
    >>>>
    >>>
    >>>
    >>
    >>
    >
    >
    >.
    >
  7. Archived from groups: microsoft.public.windowsxp.basics (More info?)

    On Thu, 23 Sep 2004 00:08:13 -0400, Bill wrote:

    > Thanks for the suggestion...you speak with great validity.
    >
    > Since this is a new user of this computer...the previous user has moved to a
    > new job...it makes pretty good sense. I doubt he has much on the laptop to
    > lose.
    >
    > Since I can't log in, do I just do this restore from the system disks (which
    > I am attempting to locate)?
    >
    > Thanks for your help.

    Hi, Bill

    Most laptops come with OEM restore/recovery CDs. These usually have their
    own special setup routine and running this can be different than running
    XP's setup.

    You should be able to go online at the manufacturer's site and download a
    manual for the laptop model. If no manual is available for downloading, at
    the very least there should be an online document that maps out the steps
    for the procedure. Recently, the hard drive on my daughter's Dell took a
    dive and Dell sent her a new one. I was able to guide her through the
    reinstall process over the phone using a downloaded manual found on the
    Dell site.

    By the way, the OEMs (original equipment manufacturers) usually have
    replacement CDs that can be purchased if the original CDs are lost or
    damaged.

    --
    Sharon F
    MS-MVP ~ Windows XP Shell/User
  8. Archived from groups: microsoft.public.windowsxp.basics (More info?)

    On Thu, 23 Sep 2004 06:41:11 -0700, JoeW wrote:

    > most will need to have strings removed from
    > the Registry. However, nothing happens when I try to run
    > regedit. No windows appear and seems there is no way to
    > get to the registry to clean out all the malware strings.
    > Any ideas or thoughts would be helpful. Thanks.

    Many of these things will block the running of MSCONFIG, Task Manager and
    the Registry Editor -thus making the removal of the intrusion more
    difficult. If the system tools are blocked by name, renaming their
    executables is a good workaround. Example: Rename regedit.exe to
    regedit.com

    Or you can run the tool created by MVP Doug Knox that creates a "backup
    set" of those three programs for you:
    http://www.dougknox.com/xp/utils/xp_emerutils.htm

    --
    Sharon F
    MS-MVP ~ Windows XP Shell/User
Ask a new question

Read More

Windows XP