msconfig problem 1

[pawz]

hello all, Gracie here.

Have been having 'fun' getting rid of a lot of spyware and trojans,and netsky P from someone's computer. Quite seriously infected. I think its all gone now, but one thing bothers me - and I have come across it before.

Msconfig window doesn't appear until about twenty minutes after you have called it up.
I feel sure this is a legacy of something nasty affecting it, but do not know how to restore it to normality. Also does it mean that something is still lurking or is it a lasting consequence left behind?

Oh, also, the scandisk utilities can't complete checking the C drive either in Nortons Diskdoctor or from the volume properties - tools option. D: completes as normal, but C: is constantly restarting. I can't find any background tasks to be responsible.
I tried 'exefixer', but no go. The OS is win 98 se
thanks as ever

 

[Xemus]

Have you tried opening MSCONFIG and disk checker in safe mode? That will tell you if it's a software problem that's slowing it down.
When Windows boots, but before the Windows 98 logo appears, hit F8 repeatadly. This will bring up a menu, which you should select safe mode.
You didn't say which programs you were using for cleanup, but here's the general concensus on good programs.
Spybot
Ad-aware
Updated Anti-virus with an online check to double verify that you're clean.
Links to all can be found on my links page

http://www.closedsocket.com/links.html

http://www.closedsocket.com

 

[pawz]

yes, tried it in safe mode - same result.

which progs have I been using? Spybot S&D, BulletProof, Pest Patrol, maybe some others - I have been doing this for four days now. It is like one step forward and three back. You name it and this computer has probably got it, and I think I get more each time I connect to the net. Pest Patrol is not working properly and the others don't even see half of what is here.

thanks for your help anyway

 

[diogenes10]

You should probably try adaware in addition to spybot.
On HijackThis, you may need to fix more than just the R lines.
A hosts file (thread760-824960) and a firewall such as zonealarm will give you the ability to block at least some outbound communication.

 

[pawz]

thanks Diogenes. I did get a copy of Ad-Aware and found it useful. The disk checking was restored when I finally got rid of a highjacker ( BetterInternet), which I achieved thanks to advice given on this forum in a thread on BetterInternet. Msconfig still doesn't load for ten minutes or so. Dunno what to do about that, but the machine has gone back to its young owner now, all squeaky clean and ready to be re-infected ( he is a keen Kazaa-ist).

I have HijackThis on my own computer and see that it is used a lot by others, but as yet I have not had a need to use it, so do not know what 'R' lines means. I thought it was simply a tool to identify areas of concern in the registry. Thanks for the link, I shall go there now.

Gracie

 

[diogenes10]

For HijackThis check out jrbarnett's faq in the faq section.

If this is going to be a repeat process for you--dont know how much the system configuration changes but using Ghost to make an image after you get it cleaned up once might help decrease your cleanup time. Also-if I'm understanding correctly, there are some variants of things like coolwebsearch that the good guys do not currently know how to get off systems so there is at least some potential for your user to create damage you cant repair without restore or reinstall.

 

[pawz]

good idea Diogenes, if it comes back and I have to do it all over I will take a copy, though if it turned out to be as infested as the last time I would almost prefer to do a reformat anyway....yes, will take a look at the faq. I had a play with Hijackthis after posting here and now understand about the R listing bit. I suppose the principal use of HJ is to identify possible threats. As it happened I had one turn up last night - something called search assistant. I backed it up and then deleted it and nothing has gone wrong so I guess I did the right thing - but I can see the potential for disaster if the spyware (or whatever) uses a lookalike to a genuine file name to hide behind.

Anyway, thanks again for your advice - appreciated

 

[diogenes10]

Re hijackthis-It goes a little further than just identification, it can also help in fixing things-but you do have to be careful because if you stop or remove essential system processes with it you will crash your system.

While you're looking at tools and preparing for the next time-also take a look at bcastners thread freeware remove ie restrictions. That's another interesting looking tool that it wouldnt hurt to have around. And he's right, in the hijackthis logs ive been looking at as Ive had time, I've been seeing more instances of internet restrictions showing up.

bcastners faq0-4650 is worth looking at and also being sure you have the tools mentioned there-particularly the lspfix.
While I dont think loosing the conection is as prevalent as some of the other problems, it does happen and Ive suggested that program 2-3 times on another site and it has fixed that problem for someone.

Hug your mother.
Backup your registry and data.

 

[pawz]

thanks, will look at Bills FAQ and gather this tool to add to my growing cache. The next time might be upon me already as someone else phoned up today.... sigh.

Gracie