Windows cannot find "logon.exe"
in [Windows XP]
|
Prev: FAT32 CRC implementation
Next: [SPAM]
From: Registered_User on 8 Nov 2009 22:59 if you can research and follow directions, then you can edit your registry. honestly, you should get in the habit of re-installing windows and all of your programs once or twice a year. face it, windows sucks. the message you are getting about missing logon.exe... somehow at some point in time, your pc got infected. a file named logon.exe was created and hidden in your filesystem. at the same time, one of your registry entries was modified, to make your shell call on this new file named "logon.exe", along with the required "explorer.exe". once your antivirus got the definitions for this particular infection, it found the "logon.exe" file and deleted it or put it in the vault. your antivirus will not edit your registry... so now that the file is gone, every time you start your computer, when the shell starts, it still looks for that file. start -> run -> regedit. search for logon.exe there will be an entry named "Shell". double click to open it. the data for this will contain "Explorer.exe Logon.exe". simply remove the word "logon.exe", close, and you're done. ** DO NOT DELETE "Explorer.exe" IT IS THE HEART OF WINDOWS AND IS REQUIRED FOR IT TO OPERATE ** (if you don't believe me, then just open task manager and kill the process "explorer.exe" and see what happens. don't worry you won't hurt anything, you'll just have to do a manual reboot..) this issue can pertain to other variants of viruses/crapware, just using a different name. i have seen many different viruses use the shell to start the infected file during boot. If this is too difficult of a task to do to fix the problem, or just trying to find it in MSCONFIG (cause it ain't there... it's ONLY in the registry), then maybe it's time you switch to linux. since you don't know windows, then it would be super easy for you to learn on linux and be safer and faster.
From: Jose on 9 Nov 2009 09:36 On Nov 8, 10:59 pm, Registered_User <Registered_User. 41d...(a)no.email.invalid> wrote: > if you can research and follow directions, then you can edit your > registry. honestly, you should get in the habit of re-installing > windows and all of your programs once or twice a year. face it, windows > sucks. > > the message you are getting about missing logon.exe... somehow at some > point in time, your pc got infected. a file named logon.exe was created > and hidden in your filesystem. at the same time, one of your registry > entries was modified, to make your shell call on this new file named > "logon.exe", along with the required "explorer.exe". once your > antivirus got the definitions for this particular infection, it found > the "logon.exe" file and deleted it or put it in the vault. > > your antivirus will not edit your registry... so now that the file is > gone, every time you start your computer, when the shell starts, it > still looks for that file. > > start -> run -> regedit. > > search for logon.exe > > there will be an entry named "Shell". double click to open it. the > data for this will contain "Explorer.exe Logon.exe". simply remove the > word "logon.exe", close, and you're done. > > ** DO NOT DELETE "Explorer.exe" IT IS THE HEART OF WINDOWS AND IS > REQUIRED FOR IT TO OPERATE ** (if you don't believe me, then just open > task manager and kill the process "explorer.exe" and see what happens. > don't worry you won't hurt anything, you'll just have to do a manual > reboot..) > > this issue can pertain to other variants of viruses/crapware, just > using a different name. i have seen many different viruses use the > shell to start the infected file during boot. If this is too difficult > of a task to do to fix the problem, or just trying to find it in > MSCONFIG (cause it ain't there... it's ONLY in the registry), then maybe > it's time you switch to linux. since you don't know windows, then it > would be super easy for you to learn on linux and be safer and faster. Should I really get in the habit of re-installing Windows and all my programs once or twice a year? According to systeminfo, my XP Original Install Date is 1/21/2003. I reckon I am in big trouble!
From: skuffer on 15 Nov 2009 20:55 Here is where logon.exe is found in my registry. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Apparently a Trojan named Agent_r.OT The object that AVG finds affected is tdlwsp.dll located ini win\system32 This doesn't seem to have been noted by anyone. Am I safe to edit the "logon.exe" out of the registry entry? Sk
From: Max on 18 Nov 2009 09:43 This solution worked well for me - only note I'd make is I found the logon.exe command under the windowsN => HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/WindowsNT/Current version/Run "LVTravel" wrote: > > > "artsami2" <artsami2(a)discussions.microsoft.com> wrote in message > news:C05D98B9-3E77-4E6D-98CC-FD41539AB4F3(a)microsoft.com... > > Last night my computer got infected by some Trojan virus after listening > > on a > > song. I closed all applications and ran my spyware and anti virus > > programs > > right away. I removed all the infected files to the vault. Now every > > time I > > restart I receive this message " Windows cannot find "logon.exe". Make > > sure > > you typed the name correctly and try again...". I may have moved the > > infected file to the vault. How can I fix this? I didn't get the Windows > > XP > > CD when I bought this computer from surplus. Thank you. > > If this program needs to be removed from startup see the below information: > > Program initiation on startup is controlled by various locations in Windows. > > Using an administrator account start Windows Explorer then go to > 1. Documents and Settings\All Users\Start Menu\Programs\Startup to find the > program that is starting. If located delete the program's shortcut. > > 2. Perform the same for all available ... Settings\username\ . > > If you still haven't found the program click Start, Run, type Regedit and > hit enter. Navigate to > HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Current version/Run and see if > the program is there. > > Some programs are also started in HKEY_CURRENT_USER/..... as continued as > above. > > Still can't find it click the top of the listing (Computer) in Registry > Editor started above. Click Edit, Find and type logon.exe, click Match > whole string only and then click find. It should find any instances of any > key with it's full phrase. Ensure that only the full phrase shows and it is > not part of a phrase (I.e., winlogon.exe.) If full name you can delete the > entire key. > > If you just want to disable it for one time (and also an easier way of > finding where the program is starting from) you can click Start, Run, type > in MSCONFIG and hit enter. Click the startup tab, find the program and undo > it's check box. This should be used for a one time boot only and not a fix > for the startup program. > > To find out where it is started from, find the program and then drag the > sizing line at the top right edge for the location heading to the right. > You can repeatedly drag the sizing line if more space is needed and then a > scroll bar at the bottom will appear. > > Hope this helps, let us know. > > >
From: Max on 18 Nov 2009 09:56
....and and FYI, I found the "explorer.exe logon.exe" under my "Windows NT" directory. I looked and looked under Windows and didn't find it. Then I looked in Windows NT and there is was hidded. Thanks for your posts - they helped me fix my laptop (first time I've been able to do this without "...taking it in") "Registered_User" wrote: > > if you can research and follow directions, then you can edit your > registry. honestly, you should get in the habit of re-installing > windows and all of your programs once or twice a year. face it, windows > sucks. > > the message you are getting about missing logon.exe... somehow at some > point in time, your pc got infected. a file named logon.exe was created > and hidden in your filesystem. at the same time, one of your registry > entries was modified, to make your shell call on this new file named > "logon.exe", along with the required "explorer.exe". once your > antivirus got the definitions for this particular infection, it found > the "logon.exe" file and deleted it or put it in the vault. > > your antivirus will not edit your registry... so now that the file is > gone, every time you start your computer, when the shell starts, it > still looks for that file. > > start -> run -> regedit. > > search for logon.exe > > there will be an entry named "Shell". double click to open it. the > data for this will contain "Explorer.exe Logon.exe". simply remove the > word "logon.exe", close, and you're done. > > ** DO NOT DELETE "Explorer.exe" IT IS THE HEART OF WINDOWS AND IS > REQUIRED FOR IT TO OPERATE ** (if you don't believe me, then just open > task manager and kill the process "explorer.exe" and see what happens. > don't worry you won't hurt anything, you'll just have to do a manual > reboot..) > > this issue can pertain to other variants of viruses/crapware, just > using a different name. i have seen many different viruses use the > shell to start the infected file during boot. If this is too difficult > of a task to do to fix the problem, or just trying to find it in > MSCONFIG (cause it ain't there... it's ONLY in the registry), then maybe > it's time you switch to linux. since you don't know windows, then it > would be super easy for you to learn on linux and be safer and faster. > > > . > |