1

Need help. Problem appeared when I tried to log in to my OS today, before this problem has never been. I entered password, logged in and several seconds after immediatly logged out. OS is Windows Server 2012. The whole day I'm trying to solve this, but all of my attempts are failed. I looked to regedit and all of the values such as Shell, UIHost, Userinit have right values.

Shell: explorer.exe

UIHost: logonui.exe

Userinit: C:\Windows\System32\userinit.exe

Moreover, I guessed that it could be that userinit is binded to malware executable and It somehow logs off PC. I used MalwareBytes, but nothing was found. In safe mode everything is all right: I enter password and log in and then nothing send me back. What could be wrong?

Dmitry Mikhaylenko
  • 11
  • 1
    If safe mode is working, it's probably some program in your startup. Run msconfig and try disabling things. – allquixotic Mar 13 '14 at 14:33
  • I just tried it. Nothing new happened. – Dmitry Mikhaylenko Mar 13 '14 at 14:34
  • You tried what with MSconfig exactly? Did you disable all non-MS services and 3rd party start-ups? If you create a new user, can you log in (normal mode) with it? – Ƭᴇcʜιᴇ007 Mar 13 '14 at 14:45
  • I created new User and added to Administrators Group, disabled all in start up. After logging through new created user I've got the same as with Administrator user. – Dmitry Mikhaylenko Mar 13 '14 at 15:08
  • anything in the eventlog that stands out? – Keltari Mar 13 '14 at 15:45
  • Right now looking for something significant information. There is events as Winlogon : Logoff notification for Customer Expierence Improvement Program.Nothing more Informative. – Dmitry Mikhaylenko Mar 13 '14 at 16:15
  • More Detailes: A few days ago I've installed Apache Server on Windows Server 2012 and mod_wsgi. Web app use django, so I chose This Tools. Apache is Listening 8079 port IIS 80, but main domain is bound to IIS. Could it be a problem somewhere here? But when I disabled Apache nothing new happened, so It seems that problem is not in that area. – Dmitry Mikhaylenko Mar 13 '14 at 16:19
  • Same problem on a fresh (!) Win2012 R2 Server install. Nothing installed yet. It’s been joined to a domain. The local admin can log in, and two out of four domain users I tried. The other two log immediately off after logging in. Event log shows it’s “user-initiated”. – mirabilos Nov 13 '14 at 16:24
  • I've just reinstalled my system. Unfortunatly, nothing helped me. Try to look for something suspicious via win log system. – Dmitry Mikhaylenko Nov 13 '14 at 22:01

0 Answers0