Problem:
When attempting to login to a Windows 2003 server via RDP or from in front of the machine, after entering the username and password the system logs on then immediately logs off. This was a problem on a production server in a remote location. It prevented us from performing any remote maintenance of the server.
Fix:
We need to remotely access the infected computer from another computer on same network. Then we need to correct the registry key for userinit under winlogon.
Lets see the steps one by one:
1. Connect the infected Server to a network which has at least one healthy computer connected. Power on both of the computers.
2. From the healthy computer, Go to Start > Run, type regedit.exe and press enter. This will launch the registry editor.
3. Go to File > Connect Network Registry, connect to the infected servers registry across the network.
4. Locate this entry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
5. At this entry there is a key named userinit, double click on the key and set its value to “C:\WINDOWS\System32\userinit.exe,“
Exit the registry editor, restart the infected computer. This is it. This will work for most servers & desktops