User profile failed to logon

lauriem0 · May 26, 2010

I am trying to logon to my laptop, VIsta XP, and i keep getting this error message
The user profile service service failed the logon, user profile cannot be loaded, i have 2 profiles and everytime i click on either one it gives me this error, i cannot even get into my windows. Recently my wireless connection has been running really slow or booting me out. I ran spybot and it came up with a Banker Trojan?? any ideas what that is, i cannot remove it because i cannot get into my pc at all. Please help me!!! thanks in advance

niemiro · May 26, 2010

Hello,

NOTE: Items in Quote boxes were not originally written by me, but still apply.

Trojan.Banker is a really serious threat.

Trojan.Banker steals information such as bank accounts, usernames, passwords and credit card details from your computer and sends it to the attacker.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Do not use this computer for online banking again until a trained Malware Removal expert has given you the all clear.

Once this has been done, start to follow these steps to fix your computer:

http://www.vistax64.com/tutorials/1...-failed-logon-user-profile-cannot-loaded.html

If you have any problems with any of this, just ask.

Then, because your computer will still be full of infections, start to slowly follow all of these instructions:

Malware and Spyware Cleaning Guide

Do not start two topics at once, but since this is a serious infection, and we are not a specific Malware Removal Website, you may post at geekstogo.com. If you do, you MUST tell me. This is completely fine, but we don't want to waste the time of two people with degrees in Malware Removal (not me) However, I am able to look at your logs and offer help.

Richard

lauriem0 · May 26, 2010

I do not use this for banking or making any purchases for anything. Just to play games and stuff like that. So thats a plus.

So what exactly is the first step i should take. I cannot log on to my computer at all, 2 profiles and neither works.

Do i reboot and go under safe mode and then what do i have to do once i have that highlighted???

I am able to respond to you because i am using my work computer, otherwise i cant respond back since my laptop is corrupted. Thanks

niemiro · May 26, 2010

Hello,

Do not worry about having late replies. Post when you can, and do not worry about not being able to get back to me for a long time. That is fine.

It is fortunate that you do not use this computer for online backing etc., however, you should be vigilant for anything unexpected.

In terms of fixing your computer, try and boot into Safe Mode. Tell me if this works. If it does, then ideally try Option 1 of the tutorial I referenced. If not, then tell me.

Good luck!

Richard

EDIT: (Famous last words!) Under normal circumstances, Safe Mode WILL work when you receive this issue, however, if it doesn't, I will help you to fix it.

lauriem0 · May 26, 2010

Yes very lucky we only use it for games and stuff.

I believe we have tried doing the F8, highlight safe mode, then we hit chose and then it runs its course and brings us back to the 2 profiles and we get the error message still. Are we suppose to highlight the safe mode and do something else. Also, the Banker Trojan virus, is it hard to remove, i did print off some steps on how to remove all the files and registry . Is there a specific virus program i should use.

niemiro · May 27, 2010

Hello,

To try and fix your computer:

You used Safe Mode correctly. Try Last Known Good Configuration, just to see if it will work, though I doubt it will. If it does not:

Insert your Windows Vista DVD.
Boot into it (you may have to go into the one time boot menu or change your BIOS settings.
Enter your language and keyboard layout and click Next.
Then click Repair your Computer, followed by Command Prompt.
Then type regedit.exe. This usually works. Hopefully you will have no problems.
Choose File > Load Hive.
Navigate to: C:\Windows\System32\Config then single click on Software and click Load or double click on Saftware.
Follow Option 1 in the tutorial I referenced by Brink.
Click File > Unload Hive or similar. This is vital, as unlike in Windows, if you don't unload the hive, your changes will not be saved.

In terms of cleaning your computer afterwards:

This virus, although nasty, is not too difficult to remove. Some varients are completely removed by Malwarebytes Anti-Malware. I will then have a look at your OTL log, (a HiJackThis log + much more). If anything nasty remains, I will give you a script. All you have to do is paste it into OTL and click Run Fix. Not too hard.

Just so you know what some viruses are like, some block all .exe, .com, .scr, .reg etc., they break Safe Mode. They break the internet and all anti-virus software etc. etc. You do not have one of these, so be thankful!

Unfortunately, that manual Malware Removal guide you printed is not of much help.

Please use all the programs in the Malware Removal link I gave you. In particular, the program that is going to help you best is Malwarebytes Anti-Malware. Here is what they all do:

TFC: Many Malware have files crutial for their operation in the Temp folders. When you manually clean the Temp folders, the Malware files will be locked or in use, and will not be deleted. TFC closes as many processes as possible, gets the handles on files in use, closes these handles, and removes the file. Sometimes, a delete on reboot is required, and this is done.

ERUNT: Will back up the registry so we have a registry that works if something goes wrong.

Malwarebytes Anti-Malware: Will clean most of the infection.

GMER: Will "root out" any rootkits. (Sorry for the bad pun!) NOTE: Rootkits have a lot of false positives, so DO NOT clean any infections GMER finds.

OTL: Will show me where the rest of the infection lies if there is still a problem. I will then write you a OTL script to remove this, and we will then re-run Malwarebytes Anti-Malware and get a new OTL log to see what has been achieved.

As I have said earlier, this is not too bad an infection, and the hardest bit will be getting into your User Accounts. Please run the scans in the same order as on the link I gave you, as that way I will see what needs to be removed, rather than what may/may not have been removed. Thanks!

Why your printed guide is not too helpful:

Malware is constantly changing. New varients appear. Therfore, that file list will be out of date. Also, files will not be listed. Malwarebytes Anti-Malware will do a far better job of removing these. Malware files are locked or in use, and so you need a good tool to remove them, Windows Explorer is not enough. When you get infected, malware often downloads other malware. It is very likely that you have Trojan.Banker, but that you also have several other pieces of malware. The guide will not cover these. So in conclusion, this guide will only serve as a starting step, and not a method of removal.

The reason why not to run ComboFix:

ComboFix is a very, very powerful and destructive tool. It is only for use when Malware blocks all other attempts to remove it. ComboFix assumes that if you are running it, then your computer is infected. Due to this, on almost every run, it will break something, be it the Internet, the clock, or something far more major. Therefore, I don't want to have to clean up this mess! Also, it is not really much better than OTL for small infections. I do not believe that we will need to use ComboFix, a last resort, on your computer. Sometimes ComboFix even stops your computer booting at all, even into Safe Mode, which is why it urges you to install the Recovery Console.

Good luck, and if you have any questions, just ask!

Richard

niemiro · May 27, 2010

Please re-read my new, seriously upgraded previous post.

richc46 · May 27, 2010

An excellent post. To be honest you taught me, too. Deserves rep, but since I just tipped the scales, recently, my praise is your reward this time.

niemiro · May 27, 2010

richc46 said:
An excellent post. To be honest you taught me, too. Deserves rep, but since I just tipped the scales, recently, my praise is your reward this time.

Thank you Rich. Your kind comments are much appreciated.

niemiro · May 27, 2010

Not that anybody has doubted me, but to prove my point that malware stores files in the temporary folders, and that Malwarebytes Anti-Malware removes the majority of an infection, I have dug up and uploaded an old log that may interest you.

It does not fully prove my point about random file names, as the names of the files in the temporary files folders have a pattern at the beginning, but I think you get the point.

It also proves my point that malware often downloads other viruses as well as the initial infection.

Shadowjk · May 27, 2010

Trust me I believe you anyway really good post

niemiro · May 28, 2010

Shadowjk said:
Trust me I believe you anyway really good post

Thanks for that complement and +rep. There was never anybody who doubted me, but I included it anyway.

niemiro · May 31, 2010

Do not worry about my updated signature, this thread is the last exception.

User profile failed to logon

New Member

My Computer

Banned

My Computer

New Member

My Computer

Banned

My Computer

New Member

My Computer

Banned

My Computer

Banned

My Computer

My Computer

Banned

My Computer

Banned

Attachments

My Computer

Network Enthusiast

My Computer

Banned

My Computer

Banned

My Computer