GregHowley.com

Reinstalling Windows XP

September 13, 2004 - -

Yesterday was my birthday, and Linda and I went over my mother's house in Bristol for the day. My brothers were over, as was my father and stepmother. Having my two parents together is a rarity which I very much enjoy, and I thank Linda for engineering the get-together.

While at the house, I hopped online for a moment and learned that my mom's PC was in the evil clutches of what I can only describe as the most terrible trojan I've ever seen. They had already run AdAware and Spybot, neither of which had removed it. Aside from slowing the PC down to a crawl, I noticed in MSIE's status bar that it was continually referencing ads123.com. I did some googling around, and happened across HijackThis!, a powerful tool for use in the purging of such malware demons. But I couldn't access spychecker.com to download it, nor any of the mirrors I found. When I had problems accessing other anti-spyware sites, I began to suspect that downed servers weren't the problem.

I had to enable viewing of system files in order to get to their HOSTS file, which I found to be full of anti-spyware sites, pointing all those URLs to dummy IPs. After clearing out the HOSTS file, I downloaded HijackThis and read the guide. Apparently, HijackThis is capable of removing many files which are not spyware, and even those which may be required for windows to run, so I was very meticulous in removing items. It was complicated by the fact that many of the trojan components were random strings of characters, easily confused with SMSS.exe or spoolsv.exe, which are required processes.

Once I was finished, I removed all the evil malware components. (Not to insinuate that windows itself is anything other than evil) Upon reboot, I selected the admin profile and found that the computer at this point would reboot itself - it would never reach the desktop. Damn. While I initially suspected that I'd removed something I shouldn't have, I now think that perhaps this was part of the trojan - a guard against its removal, or some process or file I'd neglected to repair which was causing windows to search at startup for a malware component I'd removed. Maybe the config.sys? Boot.ini?

So now, starting in safe mode, I could either restore the malware-infected PC, or reinstall the OS. We elected to reinstall. In safe mode, the CD writing drivers weren't up, but thankfully my stepfather had just purchased a 256MB USB 2.0 drive. Very nice. We backed up documents, favorites, address books, etc... and began the reinstall.

My first problem came from the fact that I couldn't boot from the install CD. I'd been hitting F8 on load, which I'd thought would bring you into the BIOS, but the options were only things like starting in safe mode, which at this point I no longer needed. A quick phone call to my friend Rich gave me my answer: F10. (D'oh!)

From there, the format-and-reinstall process was fairly straightforward. After we set up the XP installation, I immediately installed ZoneAlarm, Norton Antivirus, and Firefox. The computer was now running like lightning.

I've got to reinstall my own OS soon.

Comments on Reinstalling Windows XP
 
Comment Mon, September 13 - 10:54 PM by chris
Hey - it works like lightning now Greg. You have mad skills. I think you have actually slain the dragon. Love ya, Mom
 
Comment Tue, September 14 - 10:01 AM by tagger
First off, Happy Birthday. I'll try to get it right next year. I'll try. I forgot Paul's too, but he's a forgiving sort.


Secondly, congratulations on having the guts to bite the bullet and reinstall XP. A tedious chore at best, but sometimes easier and safer than trying to "fix" stuff. We won't comment about mom running without a firewall. :-)


F-10? A Compaq, perhaps?? Oh well, nobody's perfect.


All that said, the "reboot" symptom is indeed part of some malware infestations, but can also be caused be leaving the system properties set to default settings. The default is for the system to reboot automatically if a fatal error happens. If you turn that off, you can sometimes get as far as an error message that can point you to a fix a bit less Draconian than a complete reinstall. On the plus side, reinstalling Windows periodically is never a bad idea and since most users need help with that, it never gets done. Your mom owes you, IMHO.


-- UNK
 
Comment Tue, September 14 - 10:08 AM by Greg

Why yes - it is a Compaq. :-) And as mentioned, I'm about to try a reinstall on my Dell sometime soon. I've got two hard drives, which will make backing up much easier.


I've still got to spend some time and find a decent way to preserve paragraph formatting in longer comments without the user having to type tags into the comment. On that note, I should strip tags out beforehand so as to preserve my XHTML and prevent potential issues with broken formatting and/or security.

 
Comment Wed, September 15 - 1:01 PM by tagger
What might be cool is to fix the archive list so it displays how many comments exist for an item right in the list. You probably have something that notifies you when visitors leave a note, but I thought it might be nice for visitors to see if their replies got replied to without having to pick through the entries one at a time.

Without looking at code, I don't know how much trouble that would be. Between work and driving around, I'm sure you have enough to do in a day -- it's just a thought.

-- UNK
 
Comment Wed, September 15 - 7:58 PM by tagger
Cool! That was quick! It looks fine with both MSIE and Mozilla.

Just one little thing, though . . . the scroll wheel on my mouse doesn't seem to work with this site in Firefox 1.0. It works fine in MSIE on this site, and it works with other sites in Firefox. Odd.
 
Comment Wed, September 15 - 4:59 PM by Greg
Well, tags are no longer allowed, and carriage returns should now come through properly.

I hope to add comment records to the archive soon, but right now I've got to run so as to pick Linda up at the car rental place by 6:30.
 
Comment Wed, September 15 - 9:02 PM by Greg
Weeeeird. The comments sort out of order. Never seen that before. I'll have to look into it.

As far as the Firefox scrolling, I'll check that out too. Right now, I'm about to install the new memory i just got with my birthday money. :-D
 
Comment Thu, September 16 - 10:35 AM by tagger
I did notice the comments sorting out of order, but didn't mention it because I figured it had something to do with the way you post comments (as the Site Owner) as opposed to the way Mere Mortals (regular visitors) make posts.

I suppose it could be something as simple as how date strings are getting parsed.

Something the Web inherited from Unix that I hate is the concept of "failing silently" -- the situation where browsers and other stuff simply ignore code they don't understand. On the bright side, if cuts down on support costs. The down side is that debugging code can be troublesome. I don't know if there's a debug version of Firefox available, but it would be helpful maybe.

As for the scroll wheel problem, in the UNIX/Linux world, I would tell a user to look at his X Config file -- the default is for a two-button mouse with no wheel. I'm thinking about something in the MS mouse driver, but I don't know. The wheel works fine with other sites viewed with Firefox. Your site breaks with Mozilla 1.7 as well. Are you having the same problem?

Could your style sheets be doing any rodent-related tweaking?


 
Comment Thu, September 16 - 10:48 AM by Greg
Here's the scoop on the scroll wheel problem:

bugzilla.mozilla.org/show_bug.cgi?id=97283
 
Comment Thu, September 16 - 11:12 AM by tagger
Uh-huh. If I switch to the "sunset" layout the scroll wheel starts working. It breaks with both "water" and "fallout."

Even though the wheel works w/"sunset", the thingy that lets you scroll up, down and sideways when you click the wheel straight down (autoscroll?) still doesn't work.
 
Comment Thu, September 16 - 12:29 PM by Greg
It's all because in the "water" and "fallout" layouts, the scroll is a div such as this:

<div style="overflow:auto"> (content) <div$gt;

whereas in "sunset", there are no scrolling divs because I planned for no fixed-position elements.

I imagine that Mozilla will fix these issues at some point.
 
Comment Thu, September 16 - 1:50 PM by tagger
The autoscroll works with "Sunset" if using Firefox 1.0 but not with Mozilla 1.7. The wheel works with both versions to scroll up and down if using the "Sunset" layout.

In the other layouts, and when using Firefox, the circular four-arrow cursor appears if you click the wheel, but no scrolling happens.

So, it would appear that you are correct -- We are witnessing evolution at work here.
 
Comment Fri, September 17 - 11:32 AM by Greg
I now suspect that what my mom's computer had was something like Sandboxer.
 
Comment Fri, September 17 - 12:46 PM by tagger
Ouch! That's a bad one. Given how home PCs get used and the lack of a firewall, I would suspect that there was more than one piece of malware fighting for resources.

People where I work are complaining that their "Weatherbug," "Gator" and "AIM" programs keep disappearing. Well, I have to have *something* to do while watching tapes spin at night. :-) They've been warned more than once.

If it keeps up, I'll fire up the old Group Policy editor and start turning things on and off, as well as blocking a few Web sites.