CAA: Christian Anime Alliance

The place for Christians who like anime.
http://navi.flactem.com/

Whatinthe...(registry problem)

http://navi.flactem.com/viewtopic.php?f=35&t=7214

Page 1 of 1

Whatinthe...(registry problem)

PostPosted: Sat Apr 17, 2004 11:46 am
by inkhana
Has anyone heard of a program or virus that will prevent msconfig or regedit from being opened? My computer is in otherwise fine condition, but I periodically do a check of the registry to see what is running on startup and to my surprise, right after I opened either program, it spontaneously shut itself off. It will stay up on the screen for all of a second, then just...disappear...

Anyone got any ideas about this one? I've run two virus scanners and Adaware, which didn't help. (Running Win98, btw)

EDIT: I also dled a registry editor which helped me see what was going on in the "run" part, but there was nothing there that shouldn't have been there.

PostPosted: Sat Apr 17, 2004 5:05 pm
by JediSonic
That sounds like a very peculiar problem. Are you sure one of your anti-virus programs hasnt gone haywire on you itself? lol This might sound like a really stupid thing to be asking, but today I couldnt get firefox to work right, and my firewall had it on the 'restricted programs' list! No jokin, squire! :lol:

PostPosted: Sat Apr 17, 2004 5:32 pm
by shooraijin
If you restart in safe mode, does that help?

PostPosted: Sat Apr 17, 2004 5:34 pm
by inkhana
Haven't tried it yet (actually didn't think of it...:lol: ) I'll try it after I finish reading messages.

PostPosted: Sat Apr 17, 2004 5:46 pm
by inkhana
OK, I tried it. It does not occur in safe mode. However, when I came back to normal mode, it was doing it again (thus killing my hopes that it might miraculously iron itself out...:eyeroll: )

PostPosted: Sat Apr 17, 2004 8:07 pm
by TheMelodyMaker
This is going to sound odd at first, but have you recently installed anything new? If so, my guess is that one of your system files got updated that might somehow affect how MSConfig and RegEdit behave. I'm not totally sure if that's the solution, but it's all I think of at the moment. (And depending on how you answer, I may refer you to a wonderful little program called System File Checker that comes with Windows 98.)

PostPosted: Sat Apr 17, 2004 9:19 pm
by shooraijin
I think the fact it works in safe mode proves something is hooking into your system, actually. I've seen a system infected with W32.Bugbear that killed off Norton AntiVirus as it was running (fortunately I *could* start up msconfig and see that there was something hooking into run= ).

PostPosted: Sun Apr 18, 2004 12:46 am
by inkhana
Yeah, what made me initially suspicious was the fact that I couldn't get into regedit (ok...so I forget about MSconfig at times...:P ) and then I remembered msconfig and tried to run it, to get the same thing...and they're the ONLY programs affected. As far as recent installations...*thinks*...it's possible Dad put something in. Me...I only remember taking stuff out this morning...but I think it was after I'd spotted the problem and I was trying to free up memory.

The strange thing is...I can see the "run" area (I can't remember what they call it when you're referring to the registry...a key or something) but there's nothing there that I don't recognize.

PostPosted: Sun Apr 18, 2004 7:35 pm
by TheMelodyMaker
*thinks hard* Hmm... this is a tough one. It's too bad one can't selectively choose which Windows drivers & components to load on startup the same way one can do it with the DOS drivers & TSRs (pressing F8 or holding CTRL while the computer boots). Or maybe there is and I just don't know about it. If there was some way to do that, I'd suggest trying it.

PostPosted: Sun Apr 18, 2004 8:14 pm
by inkhana
Yeah...-_-;; That would really help...

I guess what it boils down to is that somewhere there's a file being initialized and I can't find where this is happening...

I'm going to do some more searching around and see what I can find.

EDIT: Well well well...I dled a program called "Process Explorer" and it showed me all kinds of files I didn't know were running. So I was able to separate and kill the process, then search the registry for the file. Now everything is fine! It seems it was a spybot that was the problem.

PostPosted: Mon Apr 19, 2004 4:31 am
by shooraijin
What was the name of the process, just in case someone else hits this problem? (See, I told ya something was up to no good! ^^)

PostPosted: Mon Apr 19, 2004 5:54 am
by JediSonic
YAY! Inkhy's comp is fixed ^_^

PostPosted: Mon Apr 19, 2004 9:29 am
by inkhana
system2.exe. It listed itself as something "important" in Process Explorer, but I deleted it and nothing happened to my computer except it started working again...XD (Don't you love my reckless diagnosis style? :P )

PostPosted: Mon Apr 19, 2004 6:31 pm
by madphilb
Got some rough news for you Ink.... did some Googling and I don't like what I've seen.

Several people have reported this sort of thing, not much in the way of web sites (only one real hit and that was a forum), but Google Groups (Usenet Newsgroups) came up with quite a few threads on the issue.

The news doesn't get much better.... from what I've read many of the people who've delt with this have done so via.... um.... innapropriate... spam in newsgroups, though I'm sure it can/does find it's way otherwise onto people's systems.

AVG doesn't seem to spot it, as well as some other Anti-Virus or Spyware programs, though several people have reported the program opening ports out. One person even linked it ot Back Oriface 2000, though I don't know that all of them are the case.

From what I'm reading I've seen the worm W32.Spybot.Worm come up several times... nasty bugger it is too.... it could be a bigger security issue than you thought.

Plug in "regedit" and "msconfig" into the Newgroup search and it seems this is a fairly common thing that no-one has tied directly to anything (lots and lots of threads about this).

You might want to look into CWShredder as it's a program that deals with these less than obvious, hard to kill type worms/virii/torjans/etc.

Be safe out there....

PostPosted: Mon Apr 19, 2004 7:43 pm
by TheMelodyMaker
Glad you got it all figured out, Ink. :thumb:

inkhana wrote:I dled a program called "Process Explorer" and it showed me all kinds of files I didn't know were running.

Excellent]is[/i] such a thing! Where did you get it from? I have a feeling that a program like that may come in handy someday. ^_^
All times are GMT-08:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/