Hi,
I just had to work a 10 hours to fix some horrible Windows XP
activation loop on my laptop PC.
It was started by trendmicro.de online scanner trying to delete
the winlogon.exe file and then there was always a bluecreen
on bootup and not coming out of this loop.
So I am really sick now of the Windows XP crap with all
its activation hurdles and annoying big installation files...
More than 50.000 Files on drive C:
what a f..ck this is...
I am going now to switch to Linux for sure.
I have enough of it now...
Turning your back on the "Beast of Redmond" will be the best thing you will
have done in computing for many a long day.
Ubuntu is well spoken of, and so is Debian, although the latter is said to
be less easy to deal with.
Paul.
Check whether you multiple copies of winlogon.exe If yes then your Pc is infected.
Troj/Madr-B is a backdoor Trojan which allows a remote intruder to access and control the computer via IRC channels.
When first run the Trojan copies itself as winlogon.exe to the folders <WINDOWS>\system\ and <WINDOWS>\system32\wins\ with the read-only and hidden attributes set and creates the following registry entries, so that winlogon.exe is run automatically each time Windows is started: [/b]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Winlogon = <WINDOWS>\system\winlogon.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Winlogon = <WINDOWS>\system32\wins\winlogon.exe
Each time the Trojan is run it tries to connect to a remote IRC server and join a specific channel using a random nickname. The Trojan then runs continuously in the background, listening on the channel for commands to execute.
Recovery
Summary Description Recovery
This section tells you how to remove the threat.
Please follow the instructions for removing Trojans.
Windows NT/2000/XP/2003
In Windows NT/2000/XP/2003 you will also need to edit the following registry entries. The removal of these entries is optional in Windows 95/98/Me. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Winlogon = <WINDOWS>\system\winlogon.exe
and delete it if it exists.
Each user has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entry:
HKU\[code number]\Software\Microsoft\Windows\
CurrentVersion\Run\Winlogon = <WINDOWS>\system32\wins\winlogon.exe
and delete it if it exists.
Close the registry editor and reboot your computer.
Hi Harti,
here are some Linux user groups in Berlin:
Titel: Berliner Linux User Group
Beschreibung: Zweiwoechentliches Treffen von Linux-Begeisterten (und
solchen die es werden wollen). Die Dauer ist auf ca. 2h
festgesetzt. In den ersten 60-90 min ist ein Vortrag zu
einem vorher vereinbarten Thema geplant, die restliche
Zeit dient zur Information und zum Erfahrungsaustausch.
Treffen: Jeden 2. und 4. Mittwoch im Monat um 18:00 Uhr.
Humboldt-Universitaet zu Berlin, Institut fuer Informatik,
Berlin-Mitte, Lindenstrasse 54a, Raum 326.
Zu erreichen: U-Bahn Linie 2, Station Spittelmarkt,
hinter Ebbinghaus.
Infos: WWW: http://www.informatik.hu-berlin.de/Themen/Linux/BeLUG/
Email: linux@informatik.hu-berlin.de
fr@hoshi.in-berlin.de
==========================================
Berlin - Charlottenburg
BWDG - Berlin Web & Design Group
Mit dem speziellen Interesse an WebDesign und Multimediaanwendungen unter Linux
Treffen: Wird auf der Webseite bekanntgegeben !
WWW: www.bwdg.de
Email: info@bwdg.de
Telefon: 0172-3801606
Fax: 03032531084
=============================
Die Linux Usergroup Berlin
http://www.pro-linux.de/lugs/de/LUG-Berlin.html
Parallel finden jeden 2. Mittwoch die Einsteigertreffen seit 1999 statt, wo sich Neueinsteiger gegenseitig bei ihren Problemen helfen k?nnen.
Unsere Webseiten sind unter http://www.belug.org, http://www.belug.de und http://www.belug.net erreichbar.
==============================
I suggest you go for Ubuntu.
In the German magazine "easy LINUX" Ausgabe 03/2007, Juli-September, there is a DVD with Ubuntu 7.04.
It is a live DVD so you can take a look before deciding to install. Your computer must be set in the BIOS to boot from CD before hard disk, then the live DVD will load and you can try out Ubuntu without installing it on your computer. Of course, your drive must be one that can read DVD.
Regards, Earl
Good for you Stefan.
I'd encourage you to try an user-friendly distribution first, like Ubuntu/Kubuntu, PCLinuxOS, Mandriva... and although some "hardcore" distributions may be harder to understand or configurate at first, some are doing efforts to ease things for the newcomers, like Debian, which now allows to start the installation process from within Windows itself.
Many thanks for all your help and tips.
Please open up a new topic over here in this board and post about your favourite backup-process and
software to prevent failure of a Windows XP installation.
Surely there are programs, that still dont exist under Linux, so me and probably many other people too would still need for the first time a dual boot setup
or using 2 PCs.
I am really looking forward to use a very slim linux disti like Damn Small Linux DSL with Firefox, Thunderbird for my daily online work, that is very fast and boots up in 10 seconds from the HD or USB stick and easy to maintain and backup and for all the other work being done offline use a bigger disti with lots of programs.
What do you think about this ?
I run 4 hard drives.
1) OS
2) Data Drive
3) Backup OS
4) Backup Data
I partition the OS drive so that its a bit safer as well,
so that the OS could if needed, be erased and all the
major data would be fine.
I do not backup the drives using Raid. Because if you do that, and you
get a virus.. it would clone the virus to the backup drives.
I manually backup entire HDs every month or so. Anything that new and very
important, I will also manually backup to the backup drives.
I do not use Dvds or other physical media, because its more costly,
very slow.. and they can get scratched etc.
HDs do fail however. You must keep them ultra cool for them to last
a long time. 1" space between each drive and a fan blowing air
between them.
I lost like 3 drives before because I didnt have good cooling. The bottom
drives heat would rise and cook the upper drives to early deaths. With new
cooling via a custom case mod.. Ive not lost a drive yet - and its been years.
Good luck
Good. Damn Small Linux is a Debian-derived light distribution, so it's a great choice to start with.
Quote from: hartiberlin on September 15, 2007, 06:21:07 AM
Hi,
I just had to work a 10 hours to fix some horrible Windows XP
activation loop on my laptop PC.
It was started by trendmicro.de online scanner trying to delete
the winlogon.exe file and then there was always a bluecreen
on bootup and not coming out of this loop.
So I am really sick now of the Windows XP crap with all
its activation hurdles and annoying big installation files...
More than 50.000 Files on drive C:
what a f..ck this is...
I am going now to switch to Linux for sure.
I have enough of it now...
Herzlichen Gl?ckwunsch und willkommen in der Linux-Welt! Wurde allerh?chste Zeit. ;D
Gru?
Norbert
Quote from: stanis on September 15, 2007, 11:07:10 AM
Check whether you multiple copies of winlogon.exe If yes then your Pc is infected.
Troj/Madr-B is a backdoor Trojan which allows a remote intruder to access and control the computer via IRC channels.
When first run the Trojan copies itself as winlogon.exe to the folders <WINDOWS>\system\ and <WINDOWS>\system32\wins\ with the read-only and hidden attributes set and creates the following registry entries, so that winlogon.exe is run automatically each time Windows is started: [/b]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Winlogon = <WINDOWS>\system\winlogon.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Winlogon = <WINDOWS>\system32\wins\winlogon.exe
Each time the Trojan is run it tries to connect to a remote IRC server and join a specific channel using a random nickname. The Trojan then runs continuously in the background, listening on the channel for commands to execute.
Recovery
Summary Description Recovery
This section tells you how to remove the threat.
Please follow the instructions for removing Trojans.
Windows NT/2000/XP/2003
In Windows NT/2000/XP/2003 you will also need to edit the following registry entries. The removal of these entries is optional in Windows 95/98/Me. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Winlogon = <WINDOWS>\system\winlogon.exe
and delete it if it exists.
Each user has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entry:
HKU\[code number]\Software\Microsoft\Windows\
CurrentVersion\Run\Winlogon = <WINDOWS>\system32\wins\winlogon.exe
and delete it if it exists.
Close the registry editor and reboot your computer.
Hi,
many thanks for this info.
I just scanned my PC again and I have just:
winlogon.bak
in addition to
winlogon.exe both in the windows/system32 folder.
If I use STRG ALT DEL to see the running tasks,
it also displays winlogon.exe
but I can not shut this down.
Is WinXP needing this task for normal use or how
can I disable it ?
Under services ?
Does anyone have a good list of the lowest possible services
that a single user WinXP machine only needs to run ,
when using just DSL for Internet and using a Fritzbox router
and in another place only a DSL Modem via PPPOE ?
I want to disable all the services I really don?t need to run
in the background.
I already tried this some time ago and if you don?t
have save a registry backup, I had disabled too many
services and the PC did not run anymore...
so one has to be really cautious about this..
Also what is the best software firewall under WinXP ?
Is the free version of Zonealarm still preferred ?
Or is Sygate better ?
It must a Firewall, which is very easy to configure,
not like Zonealarm Pro, which has 1000 options...
Which service controls the Winlogon.exe
file in the WinXP running services control menu ?
Is it needed for normal Internet surfing ?
Quote from: hartiberlin on September 16, 2007, 07:30:05 PM
Which service controls the Winlogon.exe
file in the WinXP running services control menu ?
Is it needed for normal Internet surfing ?
Winlogon.exe is a necessary process - it relates to logging in to Windows XP. It has nothing to do with Internet surfing.
Quote from: hartiberlin on September 16, 2007, 07:11:11 PM
Also what is the best software firewall under WinXP ?
I find that the best firewall is just the one that comes with Windows XP.
Hi Stefan;
To check all the system files in WinXP go to Start/Run and type in...
sfc /scannow (keep this command handy)
Quote
When you run System File Checker it looks to see if any protected files have been overwritten. If so, it grabs the correct version of the file from the Dllcache or the Windows installation source files, and then replaces the incorrect file. SFC also checks and repopulates the cache folder.
Unquote
Here are some other goodies
********************************
The best firewall is no firewall in the computer. Just use the one that's in the high speed modem or router. This stops them before they get to your computer. Just type in the address of the modem or router and you will get into the interface for setting it up. See your modem manual.
********************************
For controlling what is installed in WinXP I use XPlite located at http://www.litepc.com/
You can install all or remove any portion of Windows XP using XPlite, and therefore leave out all the Windows programs that cause all the back door crap in the first place, plus much more. Then you install the third party programs you really use.
Also some powerful tools I use;
********************************
REGSUPREME PRO at http://jv16.org
Best 17$ you'll ever spend.
This program I've used since many many years under W98 and now under WinXP.
Best registry cleaner, fixer and for remiving long time vestiges of long ago removed software, plus let's you quicly remove strat-up programs tha have been installed by programs.
In my start-up list, all I have is one entry for my super dupper sound card and that's it. I run over 60 programs on my computer and none are hoggy my CPU at start up.
********************************
TASKINFO at http://www.iarsn.com/
Very powerful program to spot what's active, what's idle n case you feel there is any program running in the background that should not be running at all.
********************************
AD-AWARE SE at http://lavasoft.com/
If you keep this updated, it will save you much hassles with spyware.
********************************
ZTREEWIN at http://ztree.com/
The is the best file managing program ever. It is powerfull because it enable you to see files without open them, link them to an editor and you can edit even binaries. Very powerful when working at low level.
********************************
ULTRAEDIT at http://ultraedit.com
This is the best editor you can have (not for word processing or desktop publishing) to edit text, work in programming like Perl or CGI or others and will keep the programming language conventions, editing binaries. Small prgram but huge usefullnes, simple and slim.
********************************
EUDORA at http://eudora.com
This is the best email client you can have. Use this and junk the rest. You can import your current setup, make many personalities, client lists, the hole works.
********************************
Hope this helps.
Hi Wattsup,
many thanks.
What about Microsoft security updates for the WinXP
operating system, if you have removed
Internet Explorer with XPLite.
Then you can not go to update.microsoft.com
and can not update your operating system with
fixes,
so how do you keep your OS running with the newest fixes ?
I only still use IE for updating WinXP, not anything more...
I use
http://www.xp-antispy.org/
for switching back and forth the system rights to be able to deactive for
instance Active X allowance, etc...
One surefire way to never get a virus, spyware or really anything bad happen to your system is to just run as a Standard User instead of Admin. It may take tweaking with some file permissions. It is better to have XP Pro instead of Home if you are going to do this, though.
I hate it to have more than one user account at my Windows XP.
so it is always the admin account only,
okay, maybe it is a bit unsafer, but you always have the same
user experience and there is no second account, where users
from the Internet might could login into your PC.
Anyway, I just tried to run nthis check and
only get this error message:
C:\WINDOWS>sfc /scannow
Windows File Protection could not initiate a scan of protected system files.
The specific error code is 0x000006ba [The RPC server is unavailable.
].
C:\WINDOWS>
Do I have to enable some services again ?
Ubuntu ROCKS... 6 months in my laptop. So boring not dealing with spyware, viruses, high resources comsuption, etc. You can do all you do with windows. WM2D runs on ubuntu (wine) as well as many others windows programs.
Here you can see one screenshot of my desktop running wm2d at ultraspeed ;)
@Stefan
The only thing I found on the sfc /scannow problem you re having is a Windows Knowledge base information on Windows 2000 but it should also work for XP.
From what I gather, the error is due to a bad Verisgn Certificate.
My computer at the office is still on WIN98 so i cant send yu this certificate but maybe someone else can on their computer and send the certificate to you, here is the complete procedure.
********************************************
When you attempt to use the sfc /scannow command, the command may not work, and you may receive the following error message:
Windows File Protection could not be initiate a scan of protected system files. The specific code is 0x000006ba [The RPC Server is unavailable.].
Back to the top
CAUSE
This behavior can occur if the certificate for VeriSign time stamping has been removed from the computer. This certificate is listed as: "Issued To: No Liability Accepted, (c)97 VeriSign, Inc.".
To determine whether this certificate has been removed from the system, follow these steps: 1. Locate a Windows 2000-based computer that exhibits these symptoms.
2. Click Start, click Run, type mmc, and then click OK.
3. In the Microsoft Management Console, click Console, and then click Add/Remove Snap-in.
4. In the Add/Remove dialog box, click Add.
5. Click Certificates, and then click Add.
6. Click Computer Account, and then click Next.
7. Click Local Computer, and then click Finish.
8. Click Close, and then click OK.
9. In the console tree, double-click Certificates (Local Computer).
10. Double-click Trusted Root Certificate Authorities, and then click Certificates.
11. In the details pane, locate the No Liability Accepted certificate. If the certificate is missing, follow the steps in the "Resolution" section to export the certificate from another workstation and import it.
Back to the top
RESOLUTION
To resolve this behavior, the certificate needs to be restored to the original location. To export the certificate from a Windows 2000-based computer, follow these steps: 1. Locate a Windows 2000-based computer.
2. Click Start, and then click Run.
3. In the Open box, type: MMC.
4. When Microsoft Management Console (MMC) is displayed, click Console, and then click Add/Remove Snap-in.
5. On the Add/Remove window, click Add.
6. When the list of available snap-ins are displayed, click Certificates, and then click Add.
7. Click Computer Account.
8. Click Next.
9. Click Local Computer, and then click Finish.
10. Click Close, and then click OK to close out the Add/Remove Snap-in window.
11. Under Console Root, double-click Certificates (Local Computer).
12. Double-click Trusted Root Certificate Authorities, and then double-click Certificates.
13. In the right pane, the installed certificates are displayed. Scroll down the list until you locate the No Liability Accepted certificate.
14. Right-click this certificate, click All Tasks, and then click Export.
15. On the Export Wizard, click Next, click DER encoded Library X.509, and then click Next.
16. In the File name box, enter a file name to save the file (for example, C:\Cert). A .cer extension is added to the file name.
17. Transfer this file to the computer that is receiving the error message.
When the file is transferred to the computer that is receiving the error message, follow these steps to import the file: 1. Click Start, and then click Run.
2. In the Open box, type: MMC.
3. When the MMC starts, click Console, and then click Add/Remove Snap-in.
4. On the Add/Remove Window, click Add.
5. When the list of available snap-ins are displayed, click Certificates, and then click Add.
6. Click Computer Account.
7. Click Next.
8. Click Local Computer, and then click Finish.
9. Click Close, and then click OK to close out the Add/Remove Snap-In window.
10. Under Console Root, double-click Certificates (Local Computer).
11. Right-click Trusted Root Certificate Authorities, click All Tasks, and then click Import.
12. On the wizard, click Next, and then locate the file that you transferred from the other computer. (You may have to change the "Files of Type" field to display the X.509 certificates.)
13. When the file is selected, click Next.
14. Place the certificate in the Trusted Root Certificate Authorities Store, and then click Next.
15. Click Finish. A dialog box is displayed that indicates if the import operation had been successful or not.
16. When the certificate has been transferred, restart the computer, and then observe if the behavior is resolved.
see www.xubuntu.org :D
Get 3 250 gb hds or 160's whatever is in the price range and run raid 5 keep a 4th one spare to rebuild if needed. Make sure you setup your raid array in the hardware bios for it before you install an os whatever it may be. If you still are using windows i recommend setting up a separate computer p3 generation would be fine with a linux distro of your choice and have that make image files of the whole array at whatever interval deemed necessary. As well, if you don't go with the second machine for backup storage and tasking, Id still highly recommend doing the raid 5 array and then using norton ghost to make image backups to another device. Only surefire way to have everything set for machine the way you want it is to make a ghost image after all win updates app installs ect that you would need, do a check disk then a defrag then proceed to make your Pristine image that you can reload on that machine at will, activated and all. The raid takes care of hardware failure if that happens just pop a new drive in and rebuild
Yes, this is great. XP has been around for years (years of de-bugging and fixes) and this is what I run. Can you imagine the crap that VISTA has that will take years to de-bug? No thanks...I am staying with XP and Ubuntu on a dual boot setup.
I like and admire Bill Gates but geeze, if you are supposed to be the best in the business with all of those resources, why do we always seem to get not ready for prime time software releases?
Stefan: The people here have already given you much better advice than I. I will say I run Zonealarm (the free one) and it is fine once you learn to tell it what to do, and, more important, what not to do. Many programs out there have a conflict with zonealarm so you have to be careful. As far as the "firewall" that comes with XP? Useless in my opinion.
Bill
SUSE Linux Enterprise Desktop by Novell is awesome. Why waste so much time trying to custumize, when Novell has done a fantastic job.
@Harti : if you are having so many serious problems with your install of XP .. just wipe out your OS drive partition, and install XP Pro with DEFAULT settings, DONT use XPLite, it will only create headaches if you are not advanced at using it.
Once you have (1) installed, and used a (2) key (if it is a pirate, then just use the crack patches already available on the net.), (3) install all the drivers etc. THEN (4) install SP2 (you can get a copy of this on the net without even going to windows update page).
once that is done, download DirectX, java, flash, etc and install.
About IE, I have found Firefox to have issues with certain sites, IE comes in handy every once in a while.
When you have a chance, try out Novell's SUSE Linux Enterprise Desktop (SUSE LED).
devilzangel
..
I never use the XP activation because it's just stupid to do so. I change components in my PC almost every month. Every time I do that, windows will want to be activated and I'd have to call M$ to activate it. So I'll pass. I bypassed their activation and everything is more then fine.