Msconfig problem...

  • Thread starter Thread starter If_Its_Junk
  • Start date Start date
I

If_Its_Junk

maybe

I was working on a friends computer and cleaned out some viruses and a whole
heap of malware/spyware.

There were some items in msconfig startup that I did not recognize and
turned them off. Yet when I rebooted they were all turned back on again. I
also got a message at boot that said something to the effect that my
configuration had changed, and I clicked on the OK button.

How do I get the things I have turned off to stay off?
 
I'm unsure as to why they'd turn back on if you unselected them. However, to
do a test, boot into Safe Mode With Networking Support and try scanning your
system again. Be careful in removing startup items, since as you pointed
out, you're unsure of which ones belong and which do not.

If you're positive that something's spyware or you read about it somewhere,
you can remove the registry key relating to that file while still in Safe
Mode. Most startup applications are stored in the registry under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
To access it, click Start --> Run --> type in "regedit" (without the
quotations).

Just to be sure, save a backup copy of the Run section by clicking File
menu --> Export --> then save the selected branch someplace you'll remember
to look in case things go south.

Remember: the registry contains your system's vital info, so tread carefully
when deleting items in it.

Good luck. Post back if you run into any issues.

--
______________________________________________
Michael Katz
[Microsoft MVP - MSN Client]
"There's no I in 'team' but there is 'me'"
http://msmvps.com/katz

This posting is provided 'AS IS' with no warranties, and confers no rights.
 
Michael Katz said:
I'm unsure as to why they'd turn back on if you unselected them. However, to
do a test, boot into Safe Mode With Networking Support and try scanning your
system again. Be careful in removing startup items, since as you pointed
out, you're unsure of which ones belong and which do not.

If you're positive that something's spyware or you read about it somewhere,
you can remove the registry key relating to that file while still in Safe
Mode. Most startup applications are stored in the registry under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
To access it, click Start --> Run --> type in "regedit" (without the
quotations).

Just to be sure, save a backup copy of the Run section by clicking File
menu --> Export --> then save the selected branch someplace you'll remember
to look in case things go south.

Remember: the registry contains your system's vital info, so tread carefully
when deleting items in it.

Good luck. Post back if you run into any issues.

--
______________________________________________
Michael Katz
[Microsoft MVP - MSN Client]
"There's no I in 'team' but there is 'me'"
http://msmvps.com/katz

This posting is provided 'AS IS' with no warranties, and confers no rights.



If_Its_Junk said:
maybe

I was working on a friends computer and cleaned out some viruses and a
whole
heap of malware/spyware.

There were some items in msconfig startup that I did not recognize and
turned them off. Yet when I rebooted they were all turned back on again. I
also got a message at boot that said something to the effect that my
configuration had changed, and I clicked on the OK button.

How do I get the things I have turned off to stay off?
Click to expand...
Click to expand...
I will check the entries at http://www.sysinfo.org/startuplist.php to see
what is safe to delete and follow your directions. It may be a few days
before I get back to his place to look at his computer again.
 
If_Its_Junk said:
maybe

I was working on a friends computer and cleaned out some viruses and a whole
heap of malware/spyware.

There were some items in msconfig startup that I did not recognize and
turned them off. Yet when I rebooted they were all turned back on again. I
also got a message at boot that said something to the effect that my
configuration had changed, and I clicked on the OK button.

How do I get the things I have turned off to stay off?
Click to expand...

What are the specific items that keep coming back?

What programs did you use to detect and remove the spyware? No single
product gets them all, and you almost always need to run a combination
of several different programs to fully clean up a computer.

Good luck



Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

"The reason computer chips are so small is computers don't eat much."
 
Ron Martell said:
What are the specific items that keep coming back?

What programs did you use to detect and remove the spyware? No single
product gets them all, and you almost always need to run a combination
of several different programs to fully clean up a computer.

Good luck



Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

"The reason computer chips are so small is computers don't eat much."
Click to expand...

I used TrendMicro, Spybot S&D, Adaware, CA's firewall.

It took 2 hours for TM to run and it found and deleted 5 viruses, Spybot
found 93 on the first pass and 23 on the second pass (from Safe Mode)
Adaware found 210 problems. (my friend had absolutely no security so I was
surprised it wasn't worse)

Startup listed Kazaa, Gator, a couple of TFTP files, and some other stuff
that looked suspicious to me so I turned them off, but they showed up turned
on again after I rebooted.

I may have checked Normal Startup instead of Selective before I rebooted -
would that have turned everything back on again?
 
Yes. You must remove the programs from the startup folder and from the
startup section of the registry. If you just want to test, use selective
startup.
 
Ron said:
What are the specific items that keep coming back?

What programs did you use to detect and remove the spyware? No single
product gets them all, and you almost always need to run a combination
of several different programs to fully clean up a computer.

Good luck



Ron Martell Duncan B.C. Canada
Click to expand...

Did you turn of system restore?
 
Back
Top