Helping people with computers... one answer at a time.

If you're logged out as soon as you log in to Windows it's likely that your anti-malware tools removed an infection along with your ability to login.

My PC cannot go past the Log in screen. As soon as I log in, the pc accepts the password and then immediately logs off again. There is no way for me to also run any diagnostic program as well to determine the cause.

This actually happens frighteningly often. I've encountered it at least once, and will describe what caused it and what I did to recover.

However...

There are potentially several reasons that this might happen. My specific example might be an interesting example that'll help you diagnose your problem ... or it might not help at all.

In which case, I have a different suggestion which is what I really recommend anyway.

The most common cause for immediate logout on login is that your machine was infected with a virus. And that "was" might very well be exactly accurate, because what seems to happen is this:

"Technically your machine might no longer be infected - but that doesn't matter since you can't login."
  • A system file used during login is infected with a virus.

  • Your anti-virus program detects this and removes or quarantines the file so that it can no longer be used.

  • The next time you login, the file required to complete your login is missing (having been removed or quarantined) and you can't login.

Technically, your machine might no longer be infected, but that doesn't matter since you can't login.

There are two approaches to dealing with this problem.

The first and the one that I actually recommend is to reinstall Windows. In a case like this, you may be able to do a "repair" reinstall - meaning that Windows will repair itself and replace missing files. This does require that you have your installation media from which to run the reinstall. (It's unclear if an OEM's "recovery disk" will work in a situation like this, but if it's all you have it's worth a shot.)

Since viruses can be so difficult to eradicate these days, having a good backup and doing a reformat and reinstall is perhaps a painful approach, but is the path most certain to eradicate the problem.

Those are what I recommend.

Now, here's what I did...

I fired up a recovery console (also on the Windows installation media), and identified the missing file by comparing the contents of c:\windows and c:\windows\system32 to the same folders on another, working copy of the same version of Windows.

In my case, the missing file was winlogon.exe, and since I was indeed working with two machines that had identical copies of Windows I simply used a USB drive to copy the missing file from the working system. Having done so, I rebooted, successfully logged in, and began a sequence of running the System File Checker, to locate and repair any other missing files, and of course multiple anti-malware scans.

For the record, you can probably do the same without the recovery console using a Linux live CD, such as Ubuntu, Knoppix or others. All you need is something that'll let you boot from CD, view the hard drive and copy files to it.

You may also be able to do it using your installation media instead of an identically configured system. Once you've identified the missing file (and that would be the trick without a system to compare to), you may be able to copy the file from the installation media. Since files are typically compressed on the original media (winlogon.ex_ instead of winlogon.exe, for example) you might need to run the recovery console so that you can run the "expand" utility to decompress the file.

Ultimately, though, that immediate logout scenario can be a difficult one to identify and clear up. By far the best approach is to be prepared with regular backups and your Windows installation media.

Actually, the best approach is not to let your machine get infected in the first place, of course.

Article C4289 - May 1, 2010 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

7 Comments
Tony M.
May 4, 2010 10:41 AM

I've never seen the problem that Leo identified, but his explanation and remedy, like all his advice, were very coherent and logical.

If it happened to me, I surely would have been lost because I get confused regarding the similar-sounding terms such as "recovery disk and recovery console." I've been very lucky, I suppose ... I've never needed to use either one.

I just hope that if I ever have to use any of these repair/recovery/diagnostic utilities, that they'll give a clear and thorough warning if something I'm about to try is data-destructive.

In this case, I might have suspected there was something wrong with the user account and I might have tried to log-in as the Administrator to create another account. On the other hand, if the problem file was at the system level (i.e., not account-specific), then I guess I wouldn't succeed at trying to access the Administrator account either.

Thanks, Leo. Great explanation as always, sir.

MmeMoxie
May 4, 2010 1:00 PM

Been there, done that! I have had this issue off and one for years. (Knock on wood) It has been a long time, since it has happened to me.

In all honesty, the 'symptoms' may not be due to an infection, just that the 'boot command system' has been corrupted, for several reasons. The probably of an infection is very high, though.

Must admit, since the last time this happened, I re-formatted my hard drive and installed Windows XP Pro under the NTFS mode and haven't had any trouble since. That doesn't mean that it couldn't happen, just that NTFS mode is a more solid operating system.

One factor that I have made note of in my experience, is that I have had the biggest problems when I had my computer initially operating with Windows 98SE and then upgrade to Windows XP Pro. It was this combination of operating systems that seem to cause me the issue of not being able to 'log on'. I would look for the culprit and usually found that several of my boot commands were 'missing' and these boot commands were from Windows 98SE, the whole basis of my operating system.

Again, since only re-installing Windows XP Pro in the NTFS mode, I haven't had any problems, logging in or any real issues to date.

I totally agree with Tony, excellent explanation Leo, as always.

Ron
May 4, 2010 11:52 PM

There is one more possible cause if you are on a corporate network (rather than a single, home PC).

Years ago, back in the dawn of computing, we used to do the same thing to friends who left their computer logged on and un-attended. On a network (or mainframe session) there is often some sort of "startup" file equivalent to the DOS Autoexec.bat.

So we would edit their login file and add the "logoff" command. So their computer would get part of the way through the boot process then shut down. Sure, it was a very "script-kiddie" sort of thing to do but it was good for a giggle. Usually you would have to get an administrator to clean up the problem. Which also meant having to explain why you left your computer unattended.

joel21
May 4, 2010 11:59 PM

I would go to safe mode login as adminstrator go to usser account and then delete my login password and then reboot normally to windows and then run antivirus full system scan [ which i could have doen it in a safe mode too ]
the 2th thing i would do is to run sfc/scannow in case some system files are missing or corrupt because virus infection [ like mr. leo suggest]
so i would roll out reinstalling windows at first

Jim
May 25, 2010 11:17 AM

Check out this method as well which talks about having an infected userinit.exe file which is used at login to get things started such as your network connection and starting the Windows shell.

http://www.onlinecomputertips.com/windows/wq88.html

Carlos Coquet
June 9, 2010 3:37 AM

Seen the problem and booting from the Dell Win XP recovery CD and running a "repair" (NOT the "Console" repair) took care of the problem.

steven
April 9, 2011 6:00 AM

I had the same problem after I was trying to manually get rid of a root kit. I guess I deleted the wrong file. I couldn't even get into safe mode. I reformatted and reinstalled windows from my backups. Only time was lost. Can I backup the win login file and use it if I need to a year later? I mean does it ever change?

It does change as needed with Windows Updates, though how often I don't know. I would guess having a slightly out of date one would probably work, though it might complain in some way to force you to update it.
Leo
10-Apr-2011

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.