Tags:



Prepare for launch.
March 3, 2008 4:56 PM   RSS feed for this thread Subscribe

I need to know if nuking WindowsXP (Home) is the right way to go with my computer problems. Short version: recycle bin won't empty, antivirus going berserk, FF getting popups, general WTF-ery. Details inside.

The computer that was once shiny and new has now seem to have fallen on some hard times.

I have all my files backed up, but I'm down to only 85% free space (eep!).

The problems are as follows:
-- 85% free space (which is when my last computer died a terrible death)
-- The recycle bin won't empty. (It will empty some files, but will say 'cannon delete file: cannot read from source file or disk' even if I can't see anything in there, using 'explore')
-- My antivirus has been going batshit for a while, telling me that logon.exe is infected and demands to reboot. Also, every day, random dll things show up as being deleted or quarentined
-- Firefox went all wonky a few days ago (after the last update, I believe) and slowly started deleting my bookmark folders (one at a time, one at each new FF startup) but that seems to have gone away after a reinstall of FF only.

I have a backup HD (personal files only), a legal copy of WinXP Pro, Microsoft Office, and pretty much everything I need to nuke from orbit.

My first question is: what the hell caused all this to go completely freakazoid?

I'm not very good with computers and diagnosing problems, but I've run my antivirus scans (Symantec from pop's work), AdAware, and Spybot multiple times. I've defragged. The only thing I can think of is that something got in through uTorrent (but I read the comments and whatnot to make sure things aren't completely trashed).

Last questions:
#1: Should I reinstall XP?
#2: If I was to reinstall, how do I go about doing that? I've got all my personal stuff backed up (FF bookmarks and the like) and everything else I can re-download.
#3: How can I keep this from happening again?


Thanks y'all. I've looked through a lot of the tags relating to this, but none of them really seemed to give a hand-holding approach, which is what I really need.
posted by sperose to technology (36 comments total) 1 user marked this as a favorite
Oh, I forgot about the IE problems. I don't use IE, but I have it installed to get new PP backgrounds for school. For a while, it was giving me constant popups (even though I went into IE to block all popups). It did stop after several runs with the antivirus.
posted by sperose at 4:58 PM on March 3, 2008


Before you do this, try the following. It should be less hassle than installing Windows, especially if you are using a laptop.

1) Open your computer in safe mode, as stripped down as possible (ie: no network). If the performance in safe mode is way better, you are running something that is bogging your system.
2) Run your virus checker and nothing else. If your virus checker won't run - reboot the computer again and open it in safe mode with network. Download a free virus checker (the AVG free version is the one I recommend, its free - just download it and be careful you don't grab it from the wrong site.)
3) Let your virus checker finish and let it fix whatever it wants to fix.
4) Stay in safe mode. Run a spyware removal tool - I use Ad aware (again just be sure whatever you use is legit)
5) let the spyware tool do its thing.
6) Once you have finished reboot your computer back to normal windows. it may be a lot better.

The anti-virus program going crazy makes me think you have a malware incident. Some malware will try to break the anti-virus program, and it sometimes works.
posted by Deep Dish at 5:04 PM on March 3, 2008 [1 favorite]


I'd definitely reformat. It's fairly simple. Here's the hand holding.
Another thing, run as a limited user account on your new install, and only switch to administrator mode when you need to install something, then switch back to your limited account, this should keep you from messing things up too badly.
posted by mhp at 5:05 PM on March 3, 2008


What do you mean by "only 85% free space"? You mean you're only using 15% of your hard drive space? Because that sounds like an enviable position to be in, not a problem.
posted by loiseau at 5:07 PM on March 3, 2008


I'd definitely reformat. It's fairly simple.

Its fairly simple if you have a lot of time to run a windows installer and download a bunch of updates. Keep this in your arsenal but its probably not the first place you should go.
posted by Deep Dish at 5:07 PM on March 3, 2008


#1: Should I reinstall XP?

If you already have things backed up, then yeah, it probably wouldn't be a bad idea to format and start from scatch. You will save yourself a lot of time and headache.

#2: If I was to reinstall, how do I go about doing that? I've got all my personal stuff backed up (FF bookmarks and the like) and everything else I can re-download.

You should have got some disks from Dell - or you may have a restore partition.

#3: How can I keep this from happening again?

Stop using torrents. If you must steal filez, look into Usenet (much cleaner - better community - Faster - Costs $ usually)

- or -

Stop downloading software through torrents. Your not really going to get infected downloading AVIs and MP3s, but once you start fucking with the EXEs, you are pretty much bringing it on yourself.
posted by B(oYo)BIES at 5:11 PM on March 3, 2008


Stop using torrents. If you must steal filez, look into Usenet (much cleaner - better community - Faster - Costs $ usually)
Actually, well seeded torrents from popular trackers are fairly safe. Even more so if they are big private trackers.

The main source for virus when you pirate software is when you download it from the other kind of p2p software: Shareaza, Limewire, Kazaa, etc.

However, I agree with this:
Stop downloading software through torrents. Your not really going to get infected downloading AVIs and MP3s, but once you start fucking with the EXEs, you are pretty much bringing it on yourself.
If you don't know how to pirate software safely, well... you shouldn't do it at all.
posted by Memo at 5:31 PM on March 3, 2008


I didn't see anything about checking the disk.

If you haven't, before doing ANYTHING, do this (Directions are for win2000, yours may differ some):
As administrator, click My Computer.
Right click the C: drive. Click Properties, then Tools.
Click check now
Check all the check boxes, then press Start.
It will complain that you can't do that now. Reboot when you go to bed.
The disk will be checked during the reboot. It will take hours.

When you next see it (in the morning) the computer will look normal.

But what happened? Finding out is kind of a pain:

As administrator, right-click My Computer, pick Management,
then Event Viewer, Application
The result of the check disk is in there somewhere. Look for WinLogon in the Source column.
Right-click that entry. The 'Description' is the check disk report. Scroll through it.

No bad sectors? The problem is something else (see above)
A few bad sectors (say, <1> Lots of bad sectors. Get a new hard drive and move to it. It's not something else.
posted by hexatron at 5:33 PM on March 3, 2008


XP is far, far, far better than what came before, yet even with XP a fresh install every few years is not a bad thing. Back up all your data, write down all your installed programs, and then nuke the whole thing and start from ground zero.
posted by caddis at 5:34 PM on March 3, 2008


There are some people who always seem to be re-installing Windows and reformatting their hard drives. I never understood it - I've had one computer for the last four years and I've never had to reinstall Windows once, and my computer still runs zippy as ever.

It's hard to tell what's wrong with your computer without being "behind the wheel", but there are a lot of websites where people troubleshoot computer problems - CastleCops being one I can think of (though it is oriented more towards malware problems)

You said you ran the antivirus programs multiple times. What did they say? Did they find anything? You might want to try the TrendMicro online virus scan or the PandaScan - in my experience they've found more things than Norton or AVG does.

HijackThis is a great tool for seeing which programs are running on startup, which most viruses tend to do. You have to be careful about disabling things that you actually need, but you can take the HJT log over to CastleCops or myriad other websites where people analyze HJT logs. If you're suspicious about something, Google the filename. System Repair Engineer is another great program that is a bit more intuitive and hand-holdy.

In general, this is what I do to keep my computer running well:

1. Don't use IE or Outlook. I really dislike that the default behavior for Outlook Express is to automatically load images in e-mail, although I'm sure this can be adjusted.

2. Use a firewall, especially if you are on a university network. I remember the first time I hooked up to my university network, I started to get viruses even before opening my web browser. ZoneAlarm works well enough and is free.

3. Don't install stuff you don't need, never agree to install anything a website asks you to, disable all the various programs that try to run on startup unless you absolutely need them. This includes antivirus programs - they tend to be pretty useless, as these days people mostly get infected with stuff that can't be detected before it's too late.

3. Use Google to find solutions to problems - here's some results about the recycle bin. BTW, I always use shift-delete to delete things, as I have never needed to resurrect things from the recycle bin.

4. I don't know if this has anything to do with it, but I notice a lot of people leaving their computers on all the time. I always tend to shut down my computer completely at the end of each day when I'm done using it.

Just as another datapoint, I use torrents all the time (with uTorrent) and I've never had any problems. However, I'm not really sure if your problem is a malware problem - you might just be having some trouble with the hard drive or memory.
posted by pravit at 5:35 PM on March 3, 2008


"logon.exe" is not a valid Windows file. (Atleast as far as I can tell). What that tells me is that you are infected with something.

Assuming thats the case (that you are infected), the best answer is to (backup yur data) and then wipe everything and reinstall. Why?.. because once a computer is infected or has been infected, its never really going to work "like new" again, even if you clean it thoroughly. There could be ports or services opened, registry settings changed, files added or holes left open you will get reinfected through.

How do you stop it from happening again?
1.) Reinstall Windows, very first thing, visit Windows Update and install ALL updates.
2.) Repeat Step#1 until available updates says "0"
3.) Get a decent Anti-virus program like NOD32. Yeah, it costs money, but isnt your computer (and more importantly, data) worth it ?
4.) Keep your Windows installation as clean as possible. Dont install unnecessary programs. For GODS sake avoid things like: Animated email smileys, any toolbars of any kind and 13 different chat programs. Stick to well known, respected, trusted programs.

Dont download software from torrents. Downloading data (such as movies and music) is probably safe, but downloading executable programs is a big big risk.
posted by jmnugent at 5:35 PM on March 3, 2008


(Gotta stop using <) -- the above actually ends with:

A few bad sectors (say, <10). See if the problems have disappeared. If so, think about getting a new hard drive. Otherwise, it's something else (see above)

Lots of bad sectors. Get a new hard drive and move to it. It's not something else.
posted by hexatron at 5:36 PM on March 3, 2008


Also, here's another handy tool for scanning files you download from the net which you're suspicious of.
posted by pravit at 5:36 PM on March 3, 2008


Oh, stop installing all those convenience items. They are the source of problems, any program that runs at startup, never install those, ever, they will f*** you up. Limit this crap to your antivirus program, your wireless connection and the like and you will not as frequently require a fresh install. No chat programs either, go flash, or pay for the full spyware free version.
posted by caddis at 5:43 PM on March 3, 2008


If someone's already raised this point I apologize, but you really can't reliably clean an infected machine from the infected OS. Grab yourself a utility boot cd that includes antivirus (here's one), boot off of that and then virus scan, check the disk, etc.

That said, I'd wipe the drive, but I'm a paranoid sonofabitch. You really can't trust a system once it's been compromised.
posted by JaredSeth at 8:30 PM on March 3, 2008


To answer some questions/comments:

1. I booted in safe mode and ran my antivirus and adaware/spybot programs. AdAware and Spybot both came up with stuff, which has been quarantined/deleted. Antivirus came up with the following things that all had the title Adware.PurityScan:
-- several things named A00[random 5 digits].exe which were all quarantined.
-- 1 item named RGEDIT~1.exe which it said partial
-- I item named logonui.exe (which is what I was refering to in my OP). This was also marked partial, which was different. Usually it comes up with something like 'reboot required'. That particular file came up after the following hung up the antivirus scanner "HKEY_CLASSES_ROOT\CLSID\\\*InProcServer32\"

2. I don't download .exes through torrents. Far from it.

3. I've disabled most of what comes up on startup (that I can tell as not being needed.)

4. Don't use Outlook at all (even Express). IE is used very rarely (maybe once or twice a year, if that). I don't download random shit like those smily things. I don't have a chat service installed on my computer at all.

5. I have the Windows Firewall up (but I'm not sure if it's working after I killed Windows Defender because it wouldn't recognize my antivirus [Symantec from the DoD site via my dad]).

Ah ha! New thing: Folders that I deleted while in safe mode (which are empty of all files that I previously had in them) reappeared on startup in normal mode. I just tried to delete one of them and the recycling bin didn't go to 'empty'. I just tried to empty it again and it gave me the following box: "Are you sure you want to delete WINDOWS?" If I click yes, it says 'cannot delete file: cannot read from the source file or disk'

Old thing that wasn't resolved: As I was typing this, the antivirus popped up again with that goddamned logonui.exe.

Hexatron: I will try your suggestion tonight and will report back in the morning.

Thanks again y'all, for being so patient. I have the XP disks, but as I look at the box, it says "the enclosed program will search your hard drive and/or CD to confirm your eligibility for this upgrade". Does that mean that if I pop in the disk, it won't work?
posted by sperose at 9:35 PM on March 3, 2008


Where is the logonui.exe in question located? Could you try running HijackThis and posting some logs? My standard approach to these type of things is running HijackThis, removing anything suspicious (being careful not to get rid of something I actually need), then rebooting into Safe Mode and deleting all of the various virus dll's and exe's. Sometimes you need to do this multiple times. I can help you look at the logs if you'd like.
posted by pravit at 9:45 PM on March 3, 2008


While it's impossible to tell from here it sounds like you've been infected with malware or a virus of some kind, possibly even more than one. Don't try to save it, it's a waste of time. Take the hard drive out, drop it in front of the nearest steamroller, put in a new bigger one, and install XP Pro from scratch. Be careful restoring your personal files and applications. There is a chance some of them are infected and may start the whole song and dance all over. Make sure your XP is fully patched and up to date, then run a scan on your backup from the new install before restoring anything from the backup drive.
posted by chairface at 10:03 PM on March 3, 2008


but I've run my antivirus scans (Symantec from pop's work)

Norton strikes again.

Nuke and pave, just to remind you what a pain in the arse a nuke and pave is and give yourself an incentive not to do it again. Then set your system up like this so you won't have to.

Or, you could just decide to kick Windows in the head forever (who needs trouble like this?) and join the merry Ubuntu throng.
posted by flabdablet at 10:22 PM on March 3, 2008


Is Windows something you NEED to have? If not my huge huge huge suggestion would be to switch to another OS, like Ubuntu, and leave all these problems behind forever.
posted by Cosine at 11:23 PM on March 3, 2008


Reinstall Windows. Don't bother trying to "clean" it. Once a system is compromised, it's no longer your system.

Then, install the applications you need.

Finally, remove administrative privileges from the account you use to login.

This is all you need. The built-in XP SP2 firewall is sufficient. You don't need antivirus software, because you won't be able to execute malicious programs, because you won't be able to execute any programs at all without jumping through some significant hoops (logging out and logging back in with a different administrative account, or using the runas service, etc).

I've been running Windows safely for many years this way, without any third-party "security" packages - which often cause as many problems as they solve.

Of course, if you download and install any questionable apps, all bets are once again off. If you want to run untrusted programs, that's what VMware is for!
posted by me & my monkey at 3:06 AM on March 4, 2008


Don't use IE or Outlook.

Outlook 2003 disables loading images by default, and is easily configurable to show plaintext only. And IE is perfectly safe, as long as you aren't logged in as an administrator.
posted by me & my monkey at 3:08 AM on March 4, 2008


Also check group policy settings to make sure there are no computer- or user-specific scripts running at startup.

Start > Run > gpedit.msc > Computer Configuration > Windows Settings > Scripts >
Start > Run > gpedit.msc > User Configuration > Windows Settings > Scripts

Open up each of the entries and make sure nothing's there that you didn't create yourself.
posted by Ziggy Zaga at 3:58 AM on March 4, 2008


You might consider getting some image backup software such as Acronis True Image. It can be a long slow process to reinstall Windows, load all the updates and applications etc and get everything "just right" again. If you take an image backup after all that then it's a trivial task to get back to that point if it screws up again.
posted by tetranz at 4:43 AM on March 4, 2008


More updates in the morning:

I did a search for logonui.exe and it popped up in 3 places:
C:\WINDOWS\prefetch with the file names: LOGONUI.EXE-2D7CAAB6.pf and C:\WINDOWS\prefetch LOGONUI.EXE-312BE1BF.EXE and under C:\WINDOWS\system32.

When I tried to do the disk check thing last night (to make sure it started alright), it said "cannot open volume for direct access" and started up normally.

I also ran HijackThis, but the log makes absolutely zero sense to me. Should I post it here?

I have two questions regarding a new OS and the non-administrator account:
1. I've heard that Ubuntu requires a fair amount of user interaction, which is something that I really don't have the time for (and I'm not exactly all one with the computer anyways). Can non-technically-inclined people use it?

2. As far as non-administrator stuff is concerned, that just doesn't seem like it would work (in my limited knowledge of stuff). All I really do on the computer is the following: utorrent, watch things, look at the internet, use MSOffice (Word, Excel, PP), resize pictures in Paint, and fuck around with Audacity. If I was to go this route, would I just install all my stuffs (FF, Audacity, uTorrent, etc) first under the Administrator account and then just switch to the other one?
posted by sperose at 5:25 AM on March 4, 2008


You should post the HijackThis log in the HijackThis forums--I've never used them myself, but have heard numerous reports of how patient and kind and friendly the forum members are.

1. Sure they can, though they might want to have either a)a more technically-inclined person holding their hand, or at least available via phone or im or something, during the install, or b)a second computer with a working internet connection, just in case anything unexpected comes up. Actually, those things are pretty much always a good idea.

2. Yeah, pretty much. (Also, I'd encourage you to ditch uTorrent for Azureus.)
posted by box at 8:58 AM on March 4, 2008


You might also check out the HijackThis reader.
posted by B(oYo)BIES at 9:07 AM on March 4, 2008


1. I've heard that Ubuntu requires a fair amount of user interaction, which is something that I really don't have the time for (and I'm not exactly all one with the computer anyways). Can non-technically-inclined people use it?

Yes, but if you have somewhat nonstandard hardware (a laptop for instance) it will be more difficult to get everything working. Linux has come a long way in this regard, and there's tons of drivers out there for various stuff, but the last time I tried doing the Linux thing, it took a really long time before I could finally get my wireless internet and sound working. The sound especially was a pain in the ass - I remember that I was never really able to resolve the problem of using two applications at the same time that needed sound (Frozen Bubble and an mp3 player, for instance). Of course if you Google and search forums and read manuals enough you will solve it, but at some point you think "is it really worth it to go through this much trouble just to achieve the same functionality I had under Windows?" Personally I think if you're just going to watch movies, browse the net, use Audacity, etc. Windows will be absolutely fine. MacOS would probably be even better for doing that kind of stuff without worrying about things getting screwed up, actually.

Needless to say I couldn't have done it without a second computer w/ internet access and asking repeated questions on the Ubuntu forums (the people there are quite nice to newbies btw, I can't say the same about other Linux distro communities).
posted by pravit at 9:38 AM on March 4, 2008


You can post your HJT logs here or better yet, on a forum where people spend time reading those things. I also think the System Recovery Engineer program I mentioned earlier is more intuitive - you could give that one a try.
posted by pravit at 9:41 AM on March 4, 2008


As I write this, my antivirus has gone completely batshit and my browser keeps freezing.

Launch will commence shortly.
posted by sperose at 2:33 PM on March 4, 2008


1. Non-technically-inclined people using Ubuntu:

Short answer: in my experience, Ubuntu is a better fit for non-technically-inclined people than Windows is.

Long answer: In the small town where I live, I am the go-to guy for people with computer problems. Many of these people are almost completely computer-clueless, and their most common requirement is for a simple, trouble-free computing environment that just lets them get their stuff done without getting in their way. They typically come to me as a result of a referral from a friend, after their (or more usually their kids') lack of basic digital hygiene has crippled their Windows boxes with all the usual malware.

Usually the first thing I do is clean out all the crap, then set it up the way I advised you to above. Provided the parents don't give their kids admin access, that's enough to keep it working nicely. I'm not advising you to go the cleanup route, because cleaning out crap takes a lot of time and hard-won skill to do properly. If you haven't a lot of experience at cleaning out crap, you will miss some, and it will invite all its little friends back in. That's why I'm telling you you should nuke and pave.

There have been several households where the kids essentially rule the computing roost, and as soon as they find something that doesn't work when run from a limited account (often a game) they will wheedle the admin password out of the parents, abandon the use of their limited account, and in six months the computer is as bad as it ever was again. I call those households the Windows Wastelands, and my standard fix is to set them up as dual-boot Ubuntu boxes. I show the parents how to choose Ubuntu at system startup, make sure they understand that Windows is now a kid-run wasteland and not to use it for anything important, and leave them to it. If they are willing to pay for the time to fix the Windows half one more time I will do that, but I make it clear to parents and kids that I'm not going to prioritize doing that again.

I have now done six installs done this way. I have had one repeat call, made on behalf of the kids, about problems with the Windows half. I have had a couple of calls from people who need help figuring out how to do something with OpenOffice Writer that they already knew how to do in Word; those were resolved in under five minutes. I have spoken face-to-face with all these people since, and Ubuntu itself has caused them zero problems (apart from an inability to understand how it can be free).

2. As far as non-administrator stuff is concerned, that just doesn't seem like it would work (in my limited knowledge of stuff).

My knowledge of stuff is somewhat less limited than yours, and I can assure you it works just fine. Sometimes it needs a bit of technical fiddling though. Online help is available.

All I really do on the computer is the following: utorrent, watch things, look at the internet, use MSOffice (Word, Excel, PP), resize pictures in Paint, and fuck around with Audacity. If I was to go this route, would I just install all my stuffs (FF, Audacity, uTorrent, etc) first under the Administrator account and then just switch to the other one?

When you use your Admin account to install something, it gets installed system-wide (unless you do something clever) and becomes available to all the limited accounts as well.

But really: your requirements pretty much exactly fit the profile of the people Ubuntu was designed for. After you nuke, make Ubuntu your first pave. If you don't like it, revert to plan W.
posted by flabdablet at 3:26 PM on March 4, 2008


As I post this, I've attempted the nuking and reinstallation of WinXP. I'm currently posting from my dad's computer because the new XP isn't recognizing a goddamn thing (except the monitor at 16 colors) and the Dell Resource CD (oh! pop this in and allllll your drivers will appear) ISN'T FUCKING WORKING.
I started this process at 8. I'm currently downloading Ubuntu and am crossing my fingers that it will at least help my shit limp along until tommorow when I don't have my father breathing down my neck. (He thinks I'm giving up too easily.)

I'll post again in a bit if I can get Ubuntu working. Keep your fingers crossed y'all!
posted by sperose at 8:30 PM on March 4, 2008


Post back here if you want more help with that, too. Always happy to welcome another to the throng (there is no cabal; you'll just have to make do with a throng). Or drop me a line - address in profile.
posted by flabdablet at 11:09 PM on March 4, 2008


Thanks flabdablet. I gave it a shot last night, but ithe InfraReader thing didn't work on my dad's computer. I'm going to try it at work (provided I can get the download to work) and/or see if I can get enough drivers together to make the computer usuale, or ask the internet dude at work if I can borrow a copy of his Ubuntu (which I'm pretty sure he already has).

Gah. It's so frustrating!
posted by sperose at 4:50 AM on March 5, 2008


One way to get an idea about how trouble-free your Ubuntu install will be is to try a bootable livecd version first (last time I did a new Ubuntu install, the livecd and the install cd were the same thing). If the sound and video and networking all work off the livecd, that's a very good sign.

(And InfraReader is just one thing that you can use to burn an .iso. Nero, or Alcohol, or at least some other burning suites, can all do it as well. If pops already has a burning program installed, give it a try.)
posted by box at 7:43 AM on March 5, 2008


IT'S ALIVE!

Thanks everyone, I've now managed to completely nuke (I hope). Paving is commencing, with a limited account already set up for me to use as soon as I'm finished. I'm so very excited for all the shinyness.
posted by sperose at 3:09 PM on March 5, 2008


« Older Help me write a winning cover ...   |   I'm driving from Austin to Sal... Newer »
This thread is closed to new comments.