Re: msconfig and trojans.

James Egan wrote: 
On Thu, 15 Dec 2005 16:14:46 GMT, Dave <dave@xxxxxxxxxxxxxxxxxx>
wrote:


I just wanted to confirm that if a program is unchecked in msconfig (and does not load itself on startup so the boc becomes checked) and is also not in the registry after I have deleted it, that presumably, it does not load on start-up. 



msconfig isn't a comprehensive list. Look at autoruns
http://www.sysinternals.com/Utilities/autoruns.html

Also, some malware uses companion processes to make it hard to close
down. If you close down one of the processes, its companion
immediately restarts it. Similarly, if you have not stopped all the
running processes and uncheck the boxes in msconfig or autoruns, you
may well find that they are immediately re-checked by the running
processes. For that reason it is advisable to run Process Explorer
http://www.sysinternals.com/Utilities/ProcessExplorer.html
to ensure all unwanted processes are terminated before unchecking any
startup boxes.


Jim.

Thank you.

The problem I had was that despite deleting the entries from msconfig and regedit, the entires (which looked like Japanese characters) kept returning. I dealt with it by putting msconfig in diagnostic mode then deleting from the registry which seemed to have worked. Having looked through the two utlities you suggested, I cannot see any start-up processes or autoruns that would cause a concern.

However, on a possibly related point, google.com just gave the following error message which I understand suggests a DDoS attack is occuring:

"...we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected.

We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software."

Now, I am actually using a proxy to connect to google. Therefore, are other people using the same proxy to invoke a DDoS, or do I still have a problem (ZoneAlarm Pro, Ad-Aware, Spybot, and a couple of other AV products revealed no problems).

I have tried www.google.com several more times with no problems.
.

Relevant Pages

  • Re: CF Service Packs impacting registry auto start functionality?
    ... what is probably going on is that something in the startup code ... for SP2 is counting on an OS capability being up-and-running, but, at the ... the new problem is about the registry loosing ... our software fails to load at all. ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: removing programs from startup in xp
    ... >>programs I didn't want to load when the computer was turned on. ... >>when restarting the computer about returning the program to startup. ... > Then I guess when I run Norton one click check-up, it fixes the registry ... It is not a good idea to use System Configuration Utility (msconfig) ...
    (microsoft.public.windowsxp.newusers)
  • Accessing "Documents & Settings" from Hard Drive Backup
    ... I have a computer that has a virus on it and after a while showed me at the ... startup "Stop C0000218 The registry cannot load Hive" So I put the ...
    (microsoft.public.windowsxp.accessibility)
  • uuespo.exe wants to load IE
    ... A file, uuespo.exe keeps wanting to load at startup with IE, even ... though I deleted any entries of the file in the registry and deleted ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Starp up sequence
    ... >> RunServicesOnce ... >> User Profile Startup Folder ... >> the programs specified in the Computer Configuration setting just before ... >> AppInit_DLLs Registry value. ...
    (microsoft.public.windowsxp.customize)