Re: msconfig and trojans.

---

• From: Dave <dave@xxxxxxxxxxxxxxxxxx>
• Date: Thu, 15 Dec 2005 19:53:22 GMT

---

Dave wrote:

James Egan wrote:

On Thu, 15 Dec 2005 16:14:46 GMT, Dave <dave@xxxxxxxxxxxxxxxxxx>
wrote:

I just wanted to confirm that if a program is unchecked in msconfig (and does not load itself on startup so the boc becomes checked) and is also not in the registry after I have deleted it, that presumably, it does not load on start-up.

msconfig isn't a comprehensive list. Look at autoruns
http://www.sysinternals.com/Utilities/autoruns.html

Also, some malware uses companion processes to make it hard to close
down. If you close down one of the processes, its companion
immediately restarts it. Similarly, if you have not stopped all the
running processes and uncheck the boxes in msconfig or autoruns, you
may well find that they are immediately re-checked by the running
processes. For that reason it is advisable to run Process Explorer
http://www.sysinternals.com/Utilities/ProcessExplorer.html
to ensure all unwanted processes are terminated before unchecking any
startup boxes.

Jim.

Thank you.

The problem I had was that despite deleting the entries from msconfig and regedit, the entires (which looked like Japanese characters) kept returning. I dealt with it by putting msconfig in diagnostic mode then deleting from the registry which seemed to have worked. Having looked through the two utlities you suggested, I cannot see any start-up processes or autoruns that would cause a concern.

However, on a possibly related point, google.com just gave the following error message which I understand suggests a DDoS attack is occuring:

"...we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected.

We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software."

Now, I am actually using a proxy to connect to google. Therefore, are other people using the same proxy to invoke a DDoS, or do I still have a problem (ZoneAlarm Pro, Ad-Aware, Spybot, and a couple of other AV products revealed no problems).

I have tried www.google.com several more times with no problems.

http://www.spy.org.uk/spyblog/2005/06/stupid_google_virusspyware_cap.html

Google seem to be intent on destroying their $78 billion dollar market capitalisation by blocking innocent users or customers from their search engine. Have you noticed this stupid Google captcha page recently ? Captchas, which require you to visually decode some distorted images of a password and type them into a form before proceeding, are a huge annoyance to partially sighted people and they do not address the fundamental problems of spam or malware etc.

400_virus_Google_Captcha_403.jpg - stupid Google captcha

"A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected."

No our "computer or network" is not infected, and we resent this "guilt by association".

The way that Google has implemented this captcha block is also extremely annoying, given that on several occaisions, having typed the password in correctly, another captcha screen is presented, and then yet another one !

Google seem to be blacklisting by the IP address of our ISP's proxy server, and doing so inconsistently and erratically. Possibly they are confused by the load balancing either at our ISP or on their own systems.

If we re-configure a web browser not to use the proxy server, then our PC's IP Address does not trigger this stupid captcha block.

This is not an anonymous proxy server so it does forward our IP address in the HTTP_VIA or HTTP_X_FORWARDED_FOR headers, which, one would have thought Google would be checking against their blacklist, but apparently not.

.

---

• References:
  • msconfig and trojans.
    • From: Dave
  • Re: msconfig and trojans.
    • From: James Egan
  • Re: msconfig and trojans.
    • From: Dave

• Prev by Date: Re: Removing NAV
• Next by Date: Re: McAfee's effective scanner
• Previous by thread: Re: msconfig and trojans.
• Next by thread: Re: msconfig and trojans.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Id RTFM if they actually GAVE me a FM!! ... > is that Google usually gives an answer quicker than the so-called ... Load the A thing with one. ... Load the A thing from the location referenced as BUM. ... Load the B thing with the loacation referenced as FINGER. ... (alt.comp.lang.borland-delphi) Re: Internet Explorer loading issue ... I have a brand new machine with Windows Vista Business running on it. ... takes around 8-10 seconds to load the homepage, i.e google. ... do you have the Google toolbar selected on that PC? ... (microsoft.public.windows.vista.general) Re: spam alert - tealaden.com ... Actually the "captcha" system is easy to break... ... because the Google ... scrape them off of a Usenet service that does NNTP somewhere rather than ... targetting just tea groups on Google. ... (rec.food.drink.tea) "Still, The Google did not load....." ... But then one gray morning did Internet Explorer 6 no longer load The ... Explorer 6 not load The Google. ... The people did beseech the warrior to aid them. ... (rec.sport.football.college) Re: "Still, The Google did not load....." ... But then one gray morning did Internet Explorer 6 no longer load The ... Explorer 6 not load The Google. ... The people did beseech the warrior to aid them. ... (rec.sport.football.college)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Alt  > alt.comp.anti-virus  > 2005-12