Jump to content
All visa questions and fresh Immigration updates here ×

Need Files From My Computer But Can't Login

futureexpat

By futureexpat
in IT and Computers

 Share

Recommended Posts

futureexpat Explorer Member

futureexpat

Posted
Posted

I got a worm on my computer, ran some tools to get the worm off.

Before running the tools, I could still use the computer. Now I can't even login. About half a second after I login, the computer automatically logs back out.

Is there any way I can get around this or get some files off the computer before reformatting? Should I take it to Panthip or some other place to see if they can retrieve data from the computer?

Link to comment
Share on other sites
Oswulf Senior Member

Oswulf

Posted
Posted (edited)

What operating system are you using?

And what was the worm? And what tool did you use to try to remove it?

Assuming you're running Windows, have you tried (1) booting in Safe Mode? (2) booting to the command line? (3) booting from the Windows CD?

Edited by Oswulf
Link to comment
Share on other sites
Rice_King Silver Member

Rice_King

Posted
Posted
Is there any way I can get around this or get some files off the computer before reformatting? Should I take it to Panthip or some other place to see if they can retrieve data from the computer?

One option would be for you to remove the hard drive from the machine, install that drive into an external USB case, then copy the data to another machine/drive/media.

Link to comment
Share on other sites
futureexpat Explorer Member

futureexpat

Posted
  • Author
Posted
What operating system are you using?

And what was the worm? And what tool did you use to try to remove it?

Assuming you're running Windows, have you tried (1) booting in Safe Mode? (2) booting to the command line? (3) booting from the Windows CD?

Sorry, I should have included more details.

I got this worm ( http://en.wikipedia.org/wiki/Brontok )on my computer (running Windows XP) and used Bit Defender to do a scan and removal of infected files.

When I did a search, I found that I still had a copy of the worm in every folder in the location of my user profile/local settings. I highlighted the files and ran the system scan on them and it deleted and removed them.

After rebooting, I still didn't have access to "Folder Options" to see hidden files (a symptom of the worm). I then used the Bit Defender virus removal tool. Something opened up (maybe regedit?) and the computer promptly logged off or shut down (sorry, don't remember which).

Now whenever I turn the computer on, I get to the login screen, enter login info, it starts to login, and in less than half a second, it automatically logs off.

I don't have the original CD and don't know about booting from command line. I'll try to get in under safe mode. If I can do so, is there anything I can do from there to get my system back up and running? I mainly need to recover some files that I need to work on ASAP.

Link to comment
Share on other sites
futureexpat Explorer Member

futureexpat

Posted
  • Author
Posted
Is there any way I can get around this or get some files off the computer before reformatting? Should I take it to Panthip or some other place to see if they can retrieve data from the computer?

One option would be for you to remove the hard drive from the machine, install that drive into an external USB case, then copy the data to another machine/drive/media.

Where do you recommend I take it too? Pantip Plaza? I think I've heard people mention MBK or somewhere else.

Thanks.

Link to comment
Share on other sites
cdnvic Star Member

cdnvic

Posted
Posted

Start the computer in safe mode (F5 or F8 when Windows starts to load) then only the basic drivers needed to run Windows will load. That should let you run your programs.

What worm is it, and what are you using to get rid of it?

Link to comment
Share on other sites
thaipete Senior Member

thaipete

Posted
Posted

there seems to be a lot of viruses about lately it has taken weeks for me to clean my hdds I now keep a 100 gig portable hard drive where I keep my important info so I can reformat my others and without windows installed on it it does not seem to get infected. I am currently using several anti spyware and virus guards and daily get messages about viruses trying to get in.

Link to comment
Share on other sites
RKASA Platinum Member

RKASA

Posted
Posted (edited)

This is why you should have a livecd it provides a write protected full functional OS that uses the cdrom and some ram.  Then you can run any program you have in the cd to clean remove transfer recover etc etc free and downloadable from the web the recover livecd's have everything you need on them.  Google, download burn iso to cd.  store in a handy place. If anything it lets you copy out your data files before anything else happens, then can attack the problems without worry about the data.  Thats the worse case, because having said all that 90% of the time safe mode will let ya fix a problem if ya find the right step by step. edit to add the livecd will also normally provide a way to get back on line and find answers, if your system is really messed up it can provide a browser and connection to the internet.

Edited by RKASA
Link to comment
Share on other sites
Rice_King Silver Member

Rice_King

Posted
Posted
Is there any way I can get around this or get some files off the computer before reformatting? Should I take it to Panthip or some other place to see if they can retrieve data from the computer?

One option would be for you to remove the hard drive from the machine, install that drive into an external USB case, then copy the data to another machine/drive/media.

Where do you recommend I take it too? Pantip Plaza? I think I've heard people mention MBK or somewhere else.

Thanks.

If booting into safe mode doesn't work for you, and you don't have an install disk (to do a repair with), then Panthip Plaza is one place to acquire the hardware (about 600-1000 baht) I mentioned. I would only go this route after all other login methods have failed.

While at Panthip, a knowledgeable technician there should have a bootable recovery disk (Ultimate Boot CD, Bart's PE, etc.) that will allow you to boot into the OS and then copy your files for you.

Link to comment
Share on other sites
cdnvic Star Member

cdnvic

Posted
Posted
there seems to be a lot of viruses about lately it has taken weeks for me to clean my hdds I now keep a 100 gig portable hard drive where I keep my important info so I can reformat my others and without windows installed on it it does not seem to get infected. I am currently using several anti spyware and virus guards and daily get messages about viruses trying to get in.

That could cause trouble if they're running on top of each other. Better to run one good AV and a good antispyware.

Link to comment
Share on other sites
futureexpat Explorer Member

futureexpat

Posted
  • Author
Posted

Well, I tried Safe Mode and all the other choices available after pressing F8 and couldn't get anywhere. It still asks me to login, starts to login, then logs out. This happened using my username and also administrator.

The info on the worm is above in the wiki leak. The problems didn't occur until I went after the worm. I suspect it might have deleted an important infected file.

Link to comment
Share on other sites
Guest Reimar

Guest Reimar

Posted
Posted

As others suggested, try to boot in Safe Mode and use an external USB HDD for to save your Data.

After done so, get an XP CD, may buy an copy somewhere, and run the repair from CD. It's a easy task, boot from the CD, ignore the first screen which gives you the option to Repair, after the EULA screen, where you've to hit F8 for confirm an other Repair Option should come up. Use this option and Windows will be newly installed without loosing or changing Data, Drivers and so on.

Link to comment
Share on other sites
ballbreaker Gold Member

ballbreaker

Posted
Posted

Sounds like malware modified the Userinit area in the registry (replacing the userinit.exe with something like wsaupdater.exe(most common)) and your cleaner (with a particular definition update) removed the wsaupdater.exe(or whatever it was called) file from the system, thus causing the Logon - Logoff loop. That is, when you login to Windows, the 'loading personal settings" will appear, but suddenly it will logoff.

You need the winxp cd so can get into recovery console and perform following.

Booting the pc with winxp cd

at the recovery console

type cd system32

type copy userinit.exe wsaupdater.exe

type exit

now reboot your pc , you should be able to log into windows (if missing file was above)

goto start , run then type regedit

find the following registerkey :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Userinit string value should be:

C:\WINDOWS\system32\userinit.exe,

On a damaged installations it's can be one of these:

C:\WINDOWS\system32\wsaupdater.exe,

C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wsaupdater.exe,

In this case edit the string to :

c:\windows\system32\userinit.exe,

Everything should work fine now !

Good luck

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.







×
×
  • Create New...