[Ham-Computers] RE: "Disappearing" Desktop

Hsu, Aaron (NBC Universal) aaron.hsu at nbcuni.com
Thu Nov 30 17:05:37 EST 2006 

You could run an "in-place"  installation of Windows XP.  This would require you to have a bootable WinXP CD from which to re-install XP.  Specific details are here:

  http://support.microsoft.com/kb/315341

This would allow you to keep the programs you currently have installed, but it will also keep any malware that's installed.  Note that an in-place reinstallation of WinXP requires you to also re-install all Windows Updates as existing updates will be replaced by the original files on the CD.

Does the system boot properly in Safe Mode?  If so, then the "core" components of WinXP are fine and some other service is causing the problem.  Isolating the faulty service is not easy and requires you to use the Recovery Console to selectively disable/re-enable services until the culprit is found.  Even then, you may still have something else lurking based on your description of the "1.exe" file.

BTW, too many people have a false sense of security because they're running the "latest version" of Spybot or AdAware.  No spyware sensor is 100% foolproof.  In fact, most are about 80% at best.  Spybot and Ad-Aware are now in the lower percentage categories - there are many commercial products that do better (Webroot Spy Sweeper is highly rated).

Also realize that many spyware apps mimic the filenames of "good" files.  LSSAS.EXE is a legitimate Windows file (related to security), but it should only be found in the WINDOWS\SYSTEM32 folder (or the DLLCACHE folder).  Found anywere else and it's most likely spyware or a virus mimicing the legitimate filename.  Same goes for CSRSS.EXE and any other legit filename.  Knowing where the file is *supposed* to be helps identify if it's legit or not.

73 & GL

  - Aaron, NN6O


-----Original Message-----
Sent: Thursday, November 30, 2006 1:15 PM
Subject: [Ham-Computers] "Disappearing" Desktop

Greetings to the list.


My desktop has "disappeared." When I boot-up, all I visually get is wallpaper (Win XP default wallpaper) and must resort to clicking on new task in task manager to run anything. (IE, Mozilla, Notepad, etc.)

Prior to all of this happening, my virus scanner mistakenly identified csrss.exe as a virus, so I kept clicking ignore when it prompted me on what to do. About that time, I noticed that winlogon.exe was using
40-95 % of the cpu according to task manager. I tried to reboot normally, but had to resort to killing the power. I doubt it's a RAM issue as I'm running 1 gig with 128 megs dedicated to video.

I can't run system restore at present, as I'm in the process of removing arm32 & a mysterious file called "1.exe"

Any suggestions shy of running a factory restore? I'd rather not as I'd have to re-register a ton of software. I've tried all of the usual tricks like safe mode & chkdsk /f but nothing seems to be working.

My system is: Compaq Presario SR1403WM, Win XP Home SP2 w/ all current updates. AVG, Zone Alarm, Ad-Aware, & Spybot.


Thanks in advance for any help.


Paul W5PDA

More information about the Ham-Computers mailing list