Helping people with computers... one answer at a time.
If you're logged out as soon as you log in to Windows it's likely that your anti-malware tools removed an infection along with your ability to login.
My PC cannot go past the Log in screen. As soon as I log in, the pc accepts the password and then immediately logs off again. There is no way for me to also run any diagnostic program as well to determine the cause.
•
This actually happens frighteningly often. I've encountered it at least once, and will describe what caused it and what I did to recover.
However...
There are potentially several reasons that this might happen. My specific example might be an interesting example that'll help you diagnose your problem ... or it might not help at all.
In which case, I have a different suggestion which is what I really recommend anyway.
•
The most common cause for immediate logout on login is that your machine was infected with a virus. And that "was" might very well be exactly accurate, because what seems to happen is this:
-
A system file used during login is infected with a virus.
-
Your anti-virus program detects this and removes or quarantines the file so that it can no longer be used.
-
The next time you login, the file required to complete your login is missing (having been removed or quarantined) and you can't login.
Technically, your machine might no longer be infected, but that doesn't matter since you can't login.
There are two approaches to dealing with this problem.
The first and the one that I actually recommend is to reinstall Windows. In a case like this, you may be able to do a "repair" reinstall - meaning that Windows will repair itself and replace missing files. This does require that you have your installation media from which to run the reinstall. (It's unclear if an OEM's "recovery disk" will work in a situation like this, but if it's all you have it's worth a shot.)
Since viruses can be so difficult to eradicate these days, having a good backup and doing a reformat and reinstall is perhaps a painful approach, but is the path most certain to eradicate the problem.
Those are what I recommend.
Now, here's what I did...
I fired up a recovery console (also on the Windows installation media), and identified the missing file by comparing the contents of c:\windows and c:\windows\system32 to the same folders on another, working copy of the same version of Windows.
In my case, the missing file was winlogon.exe, and since I was indeed working with two machines that had identical copies of Windows I simply used a USB drive to copy the missing file from the working system. Having done so, I rebooted, successfully logged in, and began a sequence of running the System File Checker, to locate and repair any other missing files, and of course multiple anti-malware scans.
For the record, you can probably do the same without the recovery console using a Linux live CD, such as Ubuntu, Knoppix or others. All you need is something that'll let you boot from CD, view the hard drive and copy files to it.
You may also be able to do it using your installation media instead of an identically configured system. Once you've identified the missing file (and that would be the trick without a system to compare to), you may be able to copy the file from the installation media. Since files are typically compressed on the original media (winlogon.ex_ instead of winlogon.exe, for example) you might need to run the recovery console so that you can run the "expand" utility to decompress the file.
Ultimately, though, that immediate logout scenario can be a difficult one to identify and clear up. By far the best approach is to be prepared with regular backups and your Windows installation media.
Actually, the best approach is not to let your machine get infected in the first place, of course.
Article C4289 - May 1, 2010
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
There is one more possible cause if you are on a corporate network (rather than a single, home PC).
Years ago, back in the dawn of computing, we used to do the same thing to friends who left their computer logged on and un-attended. On a network (or mainframe session) there is often some sort of "startup" file equivalent to the DOS Autoexec.bat.
So we would edit their login file and add the "logoff" command. So their computer would get part of the way through the boot process then shut down. Sure, it was a very "script-kiddie" sort of thing to do but it was good for a giggle. Usually you would have to get an administrator to clean up the problem. Which also meant having to explain why you left your computer unattended.
Posted by: Ron at May 4, 2010 11:52 PMI would go to safe mode login as adminstrator go to usser account and then delete my login password and then reboot normally to windows and then run antivirus full system scan [ which i could have doen it in a safe mode too ]
Posted by: joel21 at May 4, 2010 11:59 PMthe 2th thing i would do is to run sfc/scannow in case some system files are missing or corrupt because virus infection [ like mr. leo suggest]
so i would roll out reinstalling windows at first
Check out this method as well which talks about having an infected userinit.exe file which is used at login to get things started such as your network connection and starting the Windows shell.
http://www.onlinecomputertips.com/windows/wq88.html
Posted by: Jim at May 25, 2010 11:17 AMSeen the problem and booting from the Dell Win XP recovery CD and running a "repair" (NOT the "Console" repair) took care of the problem.
Posted by: Carlos Coquet at June 9, 2010 3:37 AMI had the same problem after I was trying to manually get rid of a root kit. I guess I deleted the wrong file. I couldn't even get into safe mode. I reformatted and reinstalled windows from my backups. Only time was lost. Can I backup the win login file and use it if I need to a year later? I mean does it ever change?
10-Apr-2011
Posted by: steven at April 9, 2011 6:00 AM