locked
OneCare Update Yesterday >>> Reboot >>> Can't log into Administrator Account RRS feed

  • Question

  •  

    As I write this, I am in Safe Mode using the SafeModeScanner of OneCare in my administrator account. What prompted me to perform this action was an automatic update that occurred yesterday that halted my OneCare, downloaded the update, and asked if I should reboot. I shut the system down allowing my system to complete the OneCare update.

     

    This morning, I boot up my system and I am prompted with baloons indicating, to paraphrase, that logging into my set administrator account was impossible and that a temporary account would be used during my session. Once in, none of my settings or desktop is visible. It's obviously a temp setting.

     

    However, now OneCare is indicating that there are problems with my system and that it needs to "fix" some issues. Not sure if a trojan/virus has infected the system to emulate OneCare, I shut down and reboot in safe mode.

     

    In safe mode, I can log into my administrator account and see all my settings and desktop (albeit, in another screen resolution). And, thus, I am running the SafeModeScanner to see if something took control of my OneCare and installed a malicious piece of software.

     

    What was I doing when OneCare prompted me to halt and download some sort of update? Visiting MSN.com. That's it.

     

    What is my next step? And if this was normal, not being able to log into my administrator account and losing my settings temporarily, why was I not warned of this other than telling me that an update would occur? And that update would change things to make my system appear that something else unrelated was wrong? Because that's what it looks like.

    Thursday, January 10, 2008 5:57 PM

Answers

  •  

    Stephen, I still want to hear your thoughts about the former issue. However, I wanted to provide an update:

     

    1. I ran the OneCare SafeModeAvScanner.exe in Safe Mode confirming that no viruses were found.

    2. I rebooted the system.

    3. I was able to log into my system as Administrator

    4. Still, I don't know what would have happened if I had continued in the "temp" administrator profile and could not recommend anyone going forward with that progression unless it was clear that following the OneCare prompts from within the "temp" administrator profile would not adversely affect the original Administrator account.

     

    Hence, the reason I'd like to hear your thoughts on the causes or what could have happened if I had proceeded.

     

    Note: There were some other minor glitches with the Online Photo Backup section under the "Save your backup settings" part of the 'new' OneCare setup. But I will post this in a separate thread.

    Thursday, January 10, 2008 7:08 PM

All replies

  • The update was a OneCare upgrade to 2.0 and did require a reboot. It sounds like your profile was somehow locked on reboot, causing what you encountered.

    Have you tried to reboot again and log in normally into your regular profile or did you jump right to Safe Mode and the scan?

    -steve

    Thursday, January 10, 2008 6:15 PM
    Moderator
  • Thanks for your reply, Stephen. As a practice, I jump right into Safe Mode and execute certain measures before returning to normal mode. Once the SafeModeAvScanner.exe is complete, I will attempt to reboot normally and give you an update one what I find.

     

    Nonetheless, it sounds like this might be a 2.0 update issue (which is a bit of a relief, on the trojan/virus aspect of things). However, do you have any conclusions as do why the Administrator account would be violated, or locked, after such an update? And since OneCare was programmed to "fix" some issues, I am now wondering if that fix entailed fixing this issue.

     

    Mind you, I chose not to proceed and reboot for two reasons:

     

    1. The first being that a trojan/virus could have existed and accepting any further prompts could potentially cause more damage.

     

    2. Second, even if this was not a trojan/virus related matter, I did not want OneCare potentially damaging my current Administrator profile by attempting to "fix" the issue by returning it to a default status, thus destroying and losing all my profile related settings and files.

     

    Your thoughts?

     

     

    Thursday, January 10, 2008 6:33 PM
  •  

    Stephen, I still want to hear your thoughts about the former issue. However, I wanted to provide an update:

     

    1. I ran the OneCare SafeModeAvScanner.exe in Safe Mode confirming that no viruses were found.

    2. I rebooted the system.

    3. I was able to log into my system as Administrator

    4. Still, I don't know what would have happened if I had continued in the "temp" administrator profile and could not recommend anyone going forward with that progression unless it was clear that following the OneCare prompts from within the "temp" administrator profile would not adversely affect the original Administrator account.

     

    Hence, the reason I'd like to hear your thoughts on the causes or what could have happened if I had proceeded.

     

    Note: There were some other minor glitches with the Online Photo Backup section under the "Save your backup settings" part of the 'new' OneCare setup. But I will post this in a separate thread.

    Thursday, January 10, 2008 7:08 PM
  • Thanks for the update.

    I've not seen this problem reported with an upgrade of OneCare, but I personally have experienced it on a reboot (even without OneCare on the machine!) at least one or two times.

    What may be happening is that a system process is updating services as part of the upgrade and needs to lock your profile to get that done. You logged in before that was complete, hence Windows could not give you access to your own profile. Once you rebooted into Safe Mode, you could access your profile. In the temporary profile you were given, before you went to safe mode, OneCare was unable to complete the upgrade, since the files it needed access to were part of the profile that Windows had locked.

    Mind you, all of that is speculation on my part, as I'm not privy to the inner workings of OneCare (which would be kind of useless since I'm not a programmer!).

    -steve

    Thursday, January 10, 2008 7:38 PM
    Moderator
  •  

    Thank you, nonetheless, Stephen! I hope others will not experience the same either, but at least it's on record now for, at least, reference purposes. Anyway, all seems well now.

     

    Again, thanks for the ongoing support.

     

     

    Thursday, January 10, 2008 7:52 PM
  • Steve,

     

    I'm working on a friend's computer, who ran OneCare update and now can't log into the computer, at all.  Neither his nor the Administrator account will open.  When you click on the icon, it says, "Loading your personal settings...", the screen flashes quickly, then displays, "Saving your personal settings...", and goes back to the Welcome screen.  I booted it in Safe Mode and tried again, with the same results, we're unable to get into his computer, at all.  Hopefully there is an answer, besides reload Windows.

     

    Thanks,

    SandViper

    Friday, February 15, 2008 7:59 PM
  •  SandViper wrote:

    Steve,

     

    I'm working on a friend's computer, who ran OneCare update and now can't log into the computer, at all.  Neither his nor the Administrator account will open.  When you click on the icon, it says, "Loading your personal settings...", the screen flashes quickly, then displays, "Saving your personal settings...", and goes back to the Welcome screen.  I booted it in Safe Mode and tried again, with the same results, we're unable to get into his computer, at all.  Hopefully there is an answer, besides reload Windows.

     

    Thanks,

    SandViper

     

    Did this happen after the February security updates from this week or the OneCare update?

    In any event, this may help:

    http://support.microsoft.com/kb/555648/en-us

     

    I found that here, which was for Windows 2000, but there are some other ideas besides reinstalling windows to repair this problem - http://forums.techarena.in/showthread.php?t=865956

     

    What OS is this?

     

    -steve

     

    Saturday, February 16, 2008 1:57 AM
    Moderator
  • Steve,

     

    It happened after running the OneCare update, and the OS is XP Home. 

     

    I've read the first article, but the computer isn't on a network where I can get to the registry remotely.  I'll take a look at the second and see if there is anything useful in there.  I might also try using a disk I created with BartPE to see if I can get at the registry that way.

     

    -SV

    Wednesday, February 20, 2008 11:50 PM
  • Good luck to you, SV. Do let us know how you resolve it.

    -steve

     

    Thursday, February 21, 2008 1:33 AM
    Moderator
  • It took a little experimentation, but here it is.  These instructions assume a certain level of competency in working on computers like changing BIOS settings and registry editing.  This should only be untaken if you are experiened and understand that making changes to the registry can result in the system becoming unstable or inoperable.  These instructions are offered "as-is" and I make no guarantees and accept no responsiblity for any damages that may occur as a result of following them.  Follow them at your own risk.

     

    First you need to create a bootable Windows disk (CD).  I used BartPE, available at http://www.nu2.nu/download.php?sFile=pebuilder3110a.exe.  Don't confuse this program with WindowsPE, which is a Microsoft product.  WindowsPE is a command line interface, where BartPE has a GUI (which I found much preferable).  BartPE is not supported by Microsoft, so using it is, again, at your own risk.  You must have an original Windows XP (either Home or Pro) CD available to create the bootable image.  I used an image created with Pro on a Home install and didn't have any problems, so I can only assume the reverse is true also.

     

    You'll also need the RegeditPE plug-in available at http://regeditpe.sourceforge.net to go along with BartPE.  This gives you the ability to edit the registry on the computer you are working on.  (I'm sorry I don't have screen shots to go with this post, but...) 

     

    Once you create the bootable disk, use it to boot the computer you are having problems with.  You may have to set the BIOS, so the computer will boot from the CD drive.

     

    Anyway, once you boot from the CD, click on the "Go" button and nagivate to RegeditPE.  Once it launches, you will be able to reach the key you need.  Look for the "REMOTE_XXX" hive, and navigate to:

     

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

     

    In the right pane, look for these two values:

     

    Shell

    Userinit   <---------- In my case, this value was missing from the key.

     

    Change these two values to

     

                      Shell=explorer.exe
                      Userinit = x:\windows\system32\userinit.exe (where "x" is the drive letter containing the Windows install)

     

    NOTE:  You may also have to reinstall the "Explorer.exe" and "Userinit.exe" from the original XP disk, using the "expand" command from the recovery console, if either (or both) of the files were corrupted or deleted.

     

    Reboot the computer and you should be able to log onto the computer normally.

     

    This is worked for me, so I'm offering it in the hopes it may help someone else.

     

    Please feel free to post this information in other forums.  If you copy the instructions, please give credit where it's due.

     

    SandViper

    Friday, February 22, 2008 4:55 AM
  • Good going, SV, and thanks for the detailed explanation.

    -steve

    Friday, February 22, 2008 2:48 PM
    Moderator
  • Hello

     

    I got the update to One Care, but it has been behaving badly for a day, it seems to have lost the hub account, but then I deleted it, as when I game I create profiles and delete them to loose the hack on them. My hub seems to be located in a profile I deleted, and I cant make it come back. I am a mild mannered gamer that plays things like QUest puzzle games and Paperdoll like games, so no one should really want to nethack me, but recently I have heard a Vrrrrrooooooommm and then my system resets.  I am thinking about an OSRI, but its only been two months since the last one, and I was thinking backup.  Will creating a backup and then restoring to an older one then restorning to today remove the possible hack? I have done a malicious software removal scan and One is all green, but the system still loads oddly, oh and I did the diagnostic, fixed my network which reset winsock, so that isnt working either.

     

    Sad

    KestieQuietly

    Friday, March 14, 2008 12:34 AM
  •  Kestie wrote:

    Hello

     

    I got the update to One Care, but it has been behaving badly for a day, it seems to have lost the hub account, but then I deleted it, as when I game I create profiles and delete them to loose the hack on them. My hub seems to be located in a profile I deleted, and I cant make it come back. I am a mild mannered gamer that plays things like QUest puzzle games and Paperdoll like games, so no one should really want to nethack me, but recently I have heard a Vrrrrrooooooommm and then my system resets.  I am thinking about an OSRI, but its only been two months since the last one, and I was thinking backup.  Will creating a backup and then restoring to an older one then restorning to today remove the possible hack? I have done a malicious software removal scan and One is all green, but the system still loads oddly, oh and I did the diagnostic, fixed my network which reset winsock, so that isnt working either.

     

    KestieQuietly

    I'm really not quite sure what you are doing and what you are experiencing.

    If OneCare is green and in good status, but the profile you are running under does not reflect that this PC is a hub, you should be able to make it a hub from within OneCare.

    I certainly can't speak for the noise and reset you are experiencing, except that it sounds more like a hardware problem than any hack.

    OneCare backup does not do anything with system or program files. You may be able to undo your hack by performing a Windows System Restore to a point before your hack was implemented. Note that OneCare may complain about an update problem for up to 48 hours following a System Restore.

    -steve

    Friday, March 14, 2008 1:04 AM
    Moderator