Sign in with
Sign up | Sign in
Your question

Cannot Open Windows from Welcome Screen

Last response: in Windows XP
Share
September 22, 2004 9:42:26 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

I have a problem with an HP laptop on our church network. I am unable to
get beyond the Windows XP Welcome screen.

As far as I know it was working reasonably well, but today, I discovered
several virus' on it. The primary "infection" was from Beagle and I have
cleaned that off. It also had a few files infected with Mitclieder.m (or
something close to that name), KillAV, and Baglet.

I had not yet installed SP2...that was my next move.

I removed Beagle (with a removal tool from Norton). I installed and ran
Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware found
314 spyware/malware/data miner/etc objects and I told it to remove them.
All were quarantined and removed except a couple locations of
....msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete them
upon rebooting and I said yes.

I rebooted and am now unable to get beyond the Welcome Screen.

When I click on the User Icon, windows responds "Loading your personal
settings", then "Logging off", and finally "Saving your settings".

I have tried starting the computer in safe mode and the only difference is I
get two log-in icons...one for the Administrator and one for the User. With
either icon it is the same story as above, "Loading...", "Logging off", and
"Saving..."; but no movement beyond the welcome screen.

The only thing that I know I did not do, but should have, was I did not turn
off system restore prior to running the Beagle fix program and the Ad-Aware.

I have removed the laptop from the network, but I am at a loss as to how to
proceed from this point.

Thanks in advance for any assistance.

Bill

More about : open windows screen

Anonymous
September 22, 2004 9:42:27 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

On Wed, 22 Sep 2004 17:42:26 -0400, Bill wrote:

> I have a problem with an HP laptop on our church network. I am unable to
> get beyond the Windows XP Welcome screen.
>
> As far as I know it was working reasonably well, but today, I discovered
> several virus' on it. The primary "infection" was from Beagle and I have
> cleaned that off. It also had a few files infected with Mitclieder.m (or
> something close to that name), KillAV, and Baglet.
>
> I had not yet installed SP2...that was my next move.
>
> I removed Beagle (with a removal tool from Norton). I installed and ran
> Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware found
> 314 spyware/malware/data miner/etc objects and I told it to remove them.
> All were quarantined and removed except a couple locations of
> ...msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete them
> upon rebooting and I said yes.
>
> I rebooted and am now unable to get beyond the Welcome Screen.
>
> When I click on the User Icon, windows responds "Loading your personal
> settings", then "Logging off", and finally "Saving your settings".
>
> I have tried starting the computer in safe mode and the only difference is I
> get two log-in icons...one for the Administrator and one for the User. With
> either icon it is the same story as above, "Loading...", "Logging off", and
> "Saving..."; but no movement beyond the welcome screen.
>
> The only thing that I know I did not do, but should have, was I did not turn
> off system restore prior to running the Beagle fix program and the Ad-Aware.
>
> I have removed the laptop from the network, but I am at a loss as to how to
> proceed from this point.
>
> Thanks in advance for any assistance.
>
> Bill

The copy of the virus hiding in System Restore typically remains harmless
*unless* you roll back to a restore point that includes it. Since you
aren't going to do that, you could delete the restore points now instead.

Consider: You're working with a machine that has been severely compromised.
Using a few tools you've found a number of viruses and a high number of
other malware. There may be more infections that have not yet been found.
There is no way to determine how extensive the damage is since you can't
log on. (PS: One tool specifically for Beagle and a few scans with
anti-spyware programs is only a start to analyzing what's going on with
this system and probably it has shown only the tip of the iceberg.)

Wouldn't it make more sense, for the safety of the entire network, to do a
complete restore instead of trying to repair this? After restoring, put
protection in place (firewall, antivirus, anti-spyware programs, etc);
educate the laptop user on their use and on safe computing practices.

Okay, I'm dreaming on that last part - users, for the most part, do not
like to listen to this kind of advice and it will happen again. At least
get them on a backup routine so that they don't lose their "stuff" when the
machine has to be rebuilt again.

--
Sharon F
MS-MVP ~ Windows XP Shell/User
Anonymous
September 22, 2004 9:42:27 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Do you have a Norton Anti-Virus or Norton Systemworks CD? If so, you can
boot the system with it and select "run utilities from the cd". That
feature is designed for your situation. It will be a start and will only
detect and deal with viruses identified at the time the cd was manufactured,
but you may get lucky and be able to eliminate the malware preventing a
boot. If you can get the system to boot after this repair then you can go
online to Symantec or another Anti-virus manufacturer's website and use
their online virus scanner to deal with remaining problems.

Do you have a Ghost image or backup file on an external hard drive you can
use to restore the system in these cases?

"Bill" <billb-1111nospam@cox.net> wrote in message
news:tlm4d.45019$Ka6.20074@okepread03...
>I have a problem with an HP laptop on our church network. I am unable to
>get beyond the Windows XP Welcome screen.
>
> As far as I know it was working reasonably well, but today, I discovered
> several virus' on it. The primary "infection" was from Beagle and I have
> cleaned that off. It also had a few files infected with Mitclieder.m (or
> something close to that name), KillAV, and Baglet.
>
> I had not yet installed SP2...that was my next move.
>
> I removed Beagle (with a removal tool from Norton). I installed and ran
> Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware found
> 314 spyware/malware/data miner/etc objects and I told it to remove them.
> All were quarantined and removed except a couple locations of
> ...msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete them
> upon rebooting and I said yes.
>
> I rebooted and am now unable to get beyond the Welcome Screen.
>
> When I click on the User Icon, windows responds "Loading your personal
> settings", then "Logging off", and finally "Saving your settings".
>
> I have tried starting the computer in safe mode and the only difference is
> I get two log-in icons...one for the Administrator and one for the User.
> With either icon it is the same story as above, "Loading...", "Logging
> off", and "Saving..."; but no movement beyond the welcome screen.
>
> The only thing that I know I did not do, but should have, was I did not
> turn off system restore prior to running the Beagle fix program and the
> Ad-Aware.
>
> I have removed the laptop from the network, but I am at a loss as to how
> to proceed from this point.
>
> Thanks in advance for any assistance.
>
> Bill
>
Related resources
September 23, 2004 4:08:13 AM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Thanks for the suggestion...you speak with great validity.

Since this is a new user of this computer...the previous user has moved to a
new job...it makes pretty good sense. I doubt he has much on the laptop to
lose.

Since I can't log in, do I just do this restore from the system disks (which
I am attempting to locate)?

Thanks for your help.

Bill

"Sharon F" <sharonfDEL@ETEmvps.org> wrote in message
news:ejz%23ZRPoEHA.3896@TK2MSFTNGP15.phx.gbl...
> On Wed, 22 Sep 2004 17:42:26 -0400, Bill wrote:
>
>> I have a problem with an HP laptop on our church network. I am unable to
>> get beyond the Windows XP Welcome screen.
>>
>> As far as I know it was working reasonably well, but today, I discovered
>> several virus' on it. The primary "infection" was from Beagle and I have
>> cleaned that off. It also had a few files infected with Mitclieder.m (or
>> something close to that name), KillAV, and Baglet.
>>
>> I had not yet installed SP2...that was my next move.
>>
>> I removed Beagle (with a removal tool from Norton). I installed and ran
>> Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware
>> found
>> 314 spyware/malware/data miner/etc objects and I told it to remove them.
>> All were quarantined and removed except a couple locations of
>> ...msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete
>> them
>> upon rebooting and I said yes.
>>
>> I rebooted and am now unable to get beyond the Welcome Screen.
>>
>> When I click on the User Icon, windows responds "Loading your personal
>> settings", then "Logging off", and finally "Saving your settings".
>>
>> I have tried starting the computer in safe mode and the only difference
>> is I
>> get two log-in icons...one for the Administrator and one for the User.
>> With
>> either icon it is the same story as above, "Loading...", "Logging off",
>> and
>> "Saving..."; but no movement beyond the welcome screen.
>>
>> The only thing that I know I did not do, but should have, was I did not
>> turn
>> off system restore prior to running the Beagle fix program and the
>> Ad-Aware.
>>
>> I have removed the laptop from the network, but I am at a loss as to how
>> to
>> proceed from this point.
>>
>> Thanks in advance for any assistance.
>>
>> Bill
>
> The copy of the virus hiding in System Restore typically remains harmless
> *unless* you roll back to a restore point that includes it. Since you
> aren't going to do that, you could delete the restore points now instead.
>
> Consider: You're working with a machine that has been severely
> compromised.
> Using a few tools you've found a number of viruses and a high number of
> other malware. There may be more infections that have not yet been found.
> There is no way to determine how extensive the damage is since you can't
> log on. (PS: One tool specifically for Beagle and a few scans with
> anti-spyware programs is only a start to analyzing what's going on with
> this system and probably it has shown only the tip of the iceberg.)
>
> Wouldn't it make more sense, for the safety of the entire network, to do a
> complete restore instead of trying to repair this? After restoring, put
> protection in place (firewall, antivirus, anti-spyware programs, etc);
> educate the laptop user on their use and on safe computing practices.
>
> Okay, I'm dreaming on that last part - users, for the most part, do not
> like to listen to this kind of advice and it will happen again. At least
> get them on a backup routine so that they don't lose their "stuff" when
> the
> machine has to be rebuilt again.
>
> --
> Sharon F
> MS-MVP ~ Windows XP Shell/User
September 23, 2004 4:12:11 AM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Thanks Colin,

I have both Norton CDs...though maybe not new enough, hard to say. The
computer actually has Norton AV on it, but the subscription had run out.
Darn the luck.

Actually, the on-line screen is what I ran today to find the virus'.

No luck on the backups. Sharon probably has the best suggestion since this
will be a new user and can start "fresh". I'm just not sure how to do the
restore since I can't log in.

Bill

"Colin Barnhorst" <colinbarharst@msn.com> wrote in message
news:u4%2393sPoEHA.3712@TK2MSFTNGP15.phx.gbl...
> Do you have a Norton Anti-Virus or Norton Systemworks CD? If so, you can
> boot the system with it and select "run utilities from the cd". That
> feature is designed for your situation. It will be a start and will only
> detect and deal with viruses identified at the time the cd was
> manufactured, but you may get lucky and be able to eliminate the malware
> preventing a boot. If you can get the system to boot after this repair
> then you can go online to Symantec or another Anti-virus manufacturer's
> website and use their online virus scanner to deal with remaining
> problems.
>
> Do you have a Ghost image or backup file on an external hard drive you can
> use to restore the system in these cases?
>
> "Bill" <billb-1111nospam@cox.net> wrote in message
> news:tlm4d.45019$Ka6.20074@okepread03...
>>I have a problem with an HP laptop on our church network. I am unable to
>>get beyond the Windows XP Welcome screen.
>>
>> As far as I know it was working reasonably well, but today, I discovered
>> several virus' on it. The primary "infection" was from Beagle and I have
>> cleaned that off. It also had a few files infected with Mitclieder.m (or
>> something close to that name), KillAV, and Baglet.
>>
>> I had not yet installed SP2...that was my next move.
>>
>> I removed Beagle (with a removal tool from Norton). I installed and ran
>> Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware
>> found 314 spyware/malware/data miner/etc objects and I told it to remove
>> them. All were quarantined and removed except a couple locations of
>> ...msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete
>> them upon rebooting and I said yes.
>>
>> I rebooted and am now unable to get beyond the Welcome Screen.
>>
>> When I click on the User Icon, windows responds "Loading your personal
>> settings", then "Logging off", and finally "Saving your settings".
>>
>> I have tried starting the computer in safe mode and the only difference
>> is I get two log-in icons...one for the Administrator and one for the
>> User. With either icon it is the same story as above, "Loading...",
>> "Logging off", and "Saving..."; but no movement beyond the welcome
>> screen.
>>
>> The only thing that I know I did not do, but should have, was I did not
>> turn off system restore prior to running the Beagle fix program and the
>> Ad-Aware.
>>
>> I have removed the laptop from the network, but I am at a loss as to how
>> to proceed from this point.
>>
>> Thanks in advance for any assistance.
>>
>> Bill
>>
>
>
Anonymous
September 23, 2004 5:58:24 AM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

I think the utilities will run from the CD regardless of the subscription.
In any case, a clean install is in order. Do a full hard disk format (not
the quick format).

"Bill" <billb-1111nospam@cox.net> wrote in message
news:Z3s4d.45062$Ka6.4245@okepread03...
> Thanks Colin,
>
> I have both Norton CDs...though maybe not new enough, hard to say. The
> computer actually has Norton AV on it, but the subscription had run out.
> Darn the luck.
>
> Actually, the on-line screen is what I ran today to find the virus'.
>
> No luck on the backups. Sharon probably has the best suggestion since
> this will be a new user and can start "fresh". I'm just not sure how to
> do the restore since I can't log in.
>
> Bill
>
> "Colin Barnhorst" <colinbarharst@msn.com> wrote in message
> news:u4%2393sPoEHA.3712@TK2MSFTNGP15.phx.gbl...
>> Do you have a Norton Anti-Virus or Norton Systemworks CD? If so, you can
>> boot the system with it and select "run utilities from the cd". That
>> feature is designed for your situation. It will be a start and will only
>> detect and deal with viruses identified at the time the cd was
>> manufactured, but you may get lucky and be able to eliminate the malware
>> preventing a boot. If you can get the system to boot after this repair
>> then you can go online to Symantec or another Anti-virus manufacturer's
>> website and use their online virus scanner to deal with remaining
>> problems.
>>
>> Do you have a Ghost image or backup file on an external hard drive you
>> can use to restore the system in these cases?
>>
>> "Bill" <billb-1111nospam@cox.net> wrote in message
>> news:tlm4d.45019$Ka6.20074@okepread03...
>>>I have a problem with an HP laptop on our church network. I am unable to
>>>get beyond the Windows XP Welcome screen.
>>>
>>> As far as I know it was working reasonably well, but today, I discovered
>>> several virus' on it. The primary "infection" was from Beagle and I
>>> have cleaned that off. It also had a few files infected with
>>> Mitclieder.m (or something close to that name), KillAV, and Baglet.
>>>
>>> I had not yet installed SP2...that was my next move.
>>>
>>> I removed Beagle (with a removal tool from Norton). I installed and ran
>>> Lavasoft Ad-Aware as I noted it had a lot of pop-ups, etc. Ad-Aware
>>> found 314 spyware/malware/data miner/etc objects and I told it to remove
>>> them. All were quarantined and removed except a couple locations of
>>> ...msbbhook.dll and one ...dummy.htm. It asked if I wanted to delete
>>> them upon rebooting and I said yes.
>>>
>>> I rebooted and am now unable to get beyond the Welcome Screen.
>>>
>>> When I click on the User Icon, windows responds "Loading your personal
>>> settings", then "Logging off", and finally "Saving your settings".
>>>
>>> I have tried starting the computer in safe mode and the only difference
>>> is I get two log-in icons...one for the Administrator and one for the
>>> User. With either icon it is the same story as above, "Loading...",
>>> "Logging off", and "Saving..."; but no movement beyond the welcome
>>> screen.
>>>
>>> The only thing that I know I did not do, but should have, was I did not
>>> turn off system restore prior to running the Beagle fix program and the
>>> Ad-Aware.
>>>
>>> I have removed the laptop from the network, but I am at a loss as to how
>>> to proceed from this point.
>>>
>>> Thanks in advance for any assistance.
>>>
>>> Bill
>>>
>>
>>
>
>
Anonymous
September 23, 2004 10:41:11 AM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Hi all,

I just went thru this whole gig last week...same
login/logoff problem. Fortunately was able to use XP disk
to boot and run utility to fix. I am seeing this problem
alot in discussions. The next topic will be: when you run
Norton, it will find a TON of adware/malware. The Norton
site has detailed steps on how to delete each one. Here's
the catch...most will need to have strings removed from
the Registry. However, nothing happens when I try to run
regedit. No windows appear and seems there is no way to
get to the registry to clean out all the malware strings.
Any ideas or thoughts would be helpful. Thanks.
>-----Original Message-----
>I think the utilities will run from the CD regardless of
the subscription.
>In any case, a clean install is in order. Do a full hard
disk format (not
>the quick format).
>
>"Bill" <billb-1111nospam@cox.net> wrote in message
>news:Z3s4d.45062$Ka6.4245@okepread03...
>> Thanks Colin,
>>
>> I have both Norton CDs...though maybe not new enough,
hard to say. The
>> computer actually has Norton AV on it, but the
subscription had run out.
>> Darn the luck.
>>
>> Actually, the on-line screen is what I ran today to
find the virus'.
>>
>> No luck on the backups. Sharon probably has the best
suggestion since
>> this will be a new user and can start "fresh". I'm
just not sure how to
>> do the restore since I can't log in.
>>
>> Bill
>>
>> "Colin Barnhorst" <colinbarharst@msn.com> wrote in
message
>> news:u4%2393sPoEHA.3712@TK2MSFTNGP15.phx.gbl...
>>> Do you have a Norton Anti-Virus or Norton Systemworks
CD? If so, you can
>>> boot the system with it and select "run utilities from
the cd". That
>>> feature is designed for your situation. It will be a
start and will only
>>> detect and deal with viruses identified at the time
the cd was
>>> manufactured, but you may get lucky and be able to
eliminate the malware
>>> preventing a boot. If you can get the system to boot
after this repair
>>> then you can go online to Symantec or another Anti-
virus manufacturer's
>>> website and use their online virus scanner to deal
with remaining
>>> problems.
>>>
>>> Do you have a Ghost image or backup file on an
external hard drive you
>>> can use to restore the system in these cases?
>>>
>>> "Bill" <billb-1111nospam@cox.net> wrote in message
>>> news:tlm4d.45019$Ka6.20074@okepread03...
>>>>I have a problem with an HP laptop on our church
network. I am unable to
>>>>get beyond the Windows XP Welcome screen.
>>>>
>>>> As far as I know it was working reasonably well, but
today, I discovered
>>>> several virus' on it. The primary "infection" was
from Beagle and I
>>>> have cleaned that off. It also had a few files
infected with
>>>> Mitclieder.m (or something close to that name),
KillAV, and Baglet.
>>>>
>>>> I had not yet installed SP2...that was my next move.
>>>>
>>>> I removed Beagle (with a removal tool from Norton).
I installed and ran
>>>> Lavasoft Ad-Aware as I noted it had a lot of pop-ups,
etc. Ad-Aware
>>>> found 314 spyware/malware/data miner/etc objects and
I told it to remove
>>>> them. All were quarantined and removed except a
couple locations of
>>>> ...msbbhook.dll and one ...dummy.htm. It asked if I
wanted to delete
>>>> them upon rebooting and I said yes.
>>>>
>>>> I rebooted and am now unable to get beyond the
Welcome Screen.
>>>>
>>>> When I click on the User Icon, windows
responds "Loading your personal
>>>> settings", then "Logging off", and finally "Saving
your settings".
>>>>
>>>> I have tried starting the computer in safe mode and
the only difference
>>>> is I get two log-in icons...one for the Administrator
and one for the
>>>> User. With either icon it is the same story as
above, "Loading...",
>>>> "Logging off", and "Saving..."; but no movement
beyond the welcome
>>>> screen.
>>>>
>>>> The only thing that I know I did not do, but should
have, was I did not
>>>> turn off system restore prior to running the Beagle
fix program and the
>>>> Ad-Aware.
>>>>
>>>> I have removed the laptop from the network, but I am
at a loss as to how
>>>> to proceed from this point.
>>>>
>>>> Thanks in advance for any assistance.
>>>>
>>>> Bill
>>>>
>>>
>>>
>>
>>
>
>
>.
>
Anonymous
September 23, 2004 12:39:19 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

On Thu, 23 Sep 2004 00:08:13 -0400, Bill wrote:

> Thanks for the suggestion...you speak with great validity.
>
> Since this is a new user of this computer...the previous user has moved to a
> new job...it makes pretty good sense. I doubt he has much on the laptop to
> lose.
>
> Since I can't log in, do I just do this restore from the system disks (which
> I am attempting to locate)?
>
> Thanks for your help.

Hi, Bill

Most laptops come with OEM restore/recovery CDs. These usually have their
own special setup routine and running this can be different than running
XP's setup.

You should be able to go online at the manufacturer's site and download a
manual for the laptop model. If no manual is available for downloading, at
the very least there should be an online document that maps out the steps
for the procedure. Recently, the hard drive on my daughter's Dell took a
dive and Dell sent her a new one. I was able to guide her through the
reinstall process over the phone using a downloaded manual found on the
Dell site.

By the way, the OEMs (original equipment manufacturers) usually have
replacement CDs that can be purchased if the original CDs are lost or
damaged.

--
Sharon F
MS-MVP ~ Windows XP Shell/User
Anonymous
September 23, 2004 7:57:29 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

On Thu, 23 Sep 2004 06:41:11 -0700, JoeW wrote:

> most will need to have strings removed from
> the Registry. However, nothing happens when I try to run
> regedit. No windows appear and seems there is no way to
> get to the registry to clean out all the malware strings.
> Any ideas or thoughts would be helpful. Thanks.

Many of these things will block the running of MSCONFIG, Task Manager and
the Registry Editor -thus making the removal of the intrusion more
difficult. If the system tools are blocked by name, renaming their
executables is a good workaround. Example: Rename regedit.exe to
regedit.com

Or you can run the tool created by MVP Doug Knox that creates a "backup
set" of those three programs for you:
http://www.dougknox.com/xp/utils/xp_emerutils.htm

--
Sharon F
MS-MVP ~ Windows XP Shell/User
!