Whatinthe...(registry problem)

The geek forum. PHP, Perl, HTML, hardware questions etc.. it's all in here. Got a techie question? We'll sort you out. Ask your questions or post a link to your own site here!

Whatinthe...(registry problem)

Postby inkhana » Sat Apr 17, 2004 11:46 am

Has anyone heard of a program or virus that will prevent msconfig or regedit from being opened? My computer is in otherwise fine condition, but I periodically do a check of the registry to see what is running on startup and to my surprise, right after I opened either program, it spontaneously shut itself off. It will stay up on the screen for all of a second, then just...disappear...

Anyone got any ideas about this one? I've run two virus scanners and Adaware, which didn't help. (Running Win98, btw)

EDIT: I also dled a registry editor which helped me see what was going on in the "run" part, but there was nothing there that shouldn't have been there.


BOOSTER: Hey, No.1! Where's my cake?!
SNIFIT 1: Booster, Sir! There's a 70% chance the object you're standing on is a cake.
BOOSTER: What? THIS thing's a cake?

You have the power to say anything you want, so why not say something positive?
- Frank Capra

(in response to an interview question "Do you have a pet peeve having to do with this biz?")
People who write below their abilities in order to crank out tons of books and make a buck. Especially Christian authors who do that. Outsiders judge us for it, and make fun of us for it, and it makes Jesus look bad. We of all artists on earth should be the most concerned with doing our best possible work at all times. We of all people should write with all our hearts, as if writing for the Lord and not for men.
- Athol Dickson


Avatar by scarlethibiscus from LJ.
User avatar
inkhana
 
Posts: 3670
Joined: Fri May 30, 2003 10:00 am
Location: meh.

Postby JediSonic » Sat Apr 17, 2004 5:05 pm

That sounds like a very peculiar problem. Are you sure one of your anti-virus programs hasnt gone haywire on you itself? lol This might sound like a really stupid thing to be asking, but today I couldnt get firefox to work right, and my firewall had it on the 'restricted programs' list! No jokin, squire! :lol:
User avatar
JediSonic
 
Posts: 1359
Joined: Thu Oct 16, 2003 12:33 pm
Location: The Bible Belt :D

Postby shooraijin » Sat Apr 17, 2004 5:32 pm

If you restart in safe mode, does that help?
"you're a doctor.... and 27 years.... so...doctor + 27 years = HATORI SOHMA" - RoyalWing, when I was 27
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan

I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
User avatar
shooraijin
 
Posts: 9927
Joined: Thu Jun 26, 2003 12:00 pm
Location: Southern California

Postby inkhana » Sat Apr 17, 2004 5:34 pm

Haven't tried it yet (actually didn't think of it...:lol: ) I'll try it after I finish reading messages.


BOOSTER: Hey, No.1! Where's my cake?!
SNIFIT 1: Booster, Sir! There's a 70% chance the object you're standing on is a cake.
BOOSTER: What? THIS thing's a cake?

You have the power to say anything you want, so why not say something positive?
- Frank Capra

(in response to an interview question "Do you have a pet peeve having to do with this biz?")
People who write below their abilities in order to crank out tons of books and make a buck. Especially Christian authors who do that. Outsiders judge us for it, and make fun of us for it, and it makes Jesus look bad. We of all artists on earth should be the most concerned with doing our best possible work at all times. We of all people should write with all our hearts, as if writing for the Lord and not for men.
- Athol Dickson


Avatar by scarlethibiscus from LJ.
User avatar
inkhana
 
Posts: 3670
Joined: Fri May 30, 2003 10:00 am
Location: meh.

Postby inkhana » Sat Apr 17, 2004 5:46 pm

OK, I tried it. It does not occur in safe mode. However, when I came back to normal mode, it was doing it again (thus killing my hopes that it might miraculously iron itself out...:eyeroll: )


BOOSTER: Hey, No.1! Where's my cake?!
SNIFIT 1: Booster, Sir! There's a 70% chance the object you're standing on is a cake.
BOOSTER: What? THIS thing's a cake?

You have the power to say anything you want, so why not say something positive?
- Frank Capra

(in response to an interview question "Do you have a pet peeve having to do with this biz?")
People who write below their abilities in order to crank out tons of books and make a buck. Especially Christian authors who do that. Outsiders judge us for it, and make fun of us for it, and it makes Jesus look bad. We of all artists on earth should be the most concerned with doing our best possible work at all times. We of all people should write with all our hearts, as if writing for the Lord and not for men.
- Athol Dickson


Avatar by scarlethibiscus from LJ.
User avatar
inkhana
 
Posts: 3670
Joined: Fri May 30, 2003 10:00 am
Location: meh.

Postby TheMelodyMaker » Sat Apr 17, 2004 8:07 pm

This is going to sound odd at first, but have you recently installed anything new? If so, my guess is that one of your system files got updated that might somehow affect how MSConfig and RegEdit behave. I'm not totally sure if that's the solution, but it's all I think of at the moment. (And depending on how you answer, I may refer you to a wonderful little program called System File Checker that comes with Windows 98.)
[color=RoyalBlue]@)}~`,~ [/color]Carry this rose in your signature as thanks to Inkhana, for all she has done for us in the past.Even though she is no longer a moderator, she has done an awful lot for us while she was and she deserves thanks. ^_^
TheMelodyMaker
 
Posts: 1904
Joined: Sun Jul 20, 2003 10:13 pm

Postby shooraijin » Sat Apr 17, 2004 9:19 pm

I think the fact it works in safe mode proves something is hooking into your system, actually. I've seen a system infected with W32.Bugbear that killed off Norton AntiVirus as it was running (fortunately I *could* start up msconfig and see that there was something hooking into run= ).
"you're a doctor.... and 27 years.... so...doctor + 27 years = HATORI SOHMA" - RoyalWing, when I was 27
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan

I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
User avatar
shooraijin
 
Posts: 9927
Joined: Thu Jun 26, 2003 12:00 pm
Location: Southern California

Postby inkhana » Sun Apr 18, 2004 12:46 am

Yeah, what made me initially suspicious was the fact that I couldn't get into regedit (ok...so I forget about MSconfig at times...:P ) and then I remembered msconfig and tried to run it, to get the same thing...and they're the ONLY programs affected. As far as recent installations...*thinks*...it's possible Dad put something in. Me...I only remember taking stuff out this morning...but I think it was after I'd spotted the problem and I was trying to free up memory.

The strange thing is...I can see the "run" area (I can't remember what they call it when you're referring to the registry...a key or something) but there's nothing there that I don't recognize.


BOOSTER: Hey, No.1! Where's my cake?!
SNIFIT 1: Booster, Sir! There's a 70% chance the object you're standing on is a cake.
BOOSTER: What? THIS thing's a cake?

You have the power to say anything you want, so why not say something positive?
- Frank Capra

(in response to an interview question "Do you have a pet peeve having to do with this biz?")
People who write below their abilities in order to crank out tons of books and make a buck. Especially Christian authors who do that. Outsiders judge us for it, and make fun of us for it, and it makes Jesus look bad. We of all artists on earth should be the most concerned with doing our best possible work at all times. We of all people should write with all our hearts, as if writing for the Lord and not for men.
- Athol Dickson


Avatar by scarlethibiscus from LJ.
User avatar
inkhana
 
Posts: 3670
Joined: Fri May 30, 2003 10:00 am
Location: meh.

Postby TheMelodyMaker » Sun Apr 18, 2004 7:35 pm

*thinks hard* Hmm... this is a tough one. It's too bad one can't selectively choose which Windows drivers & components to load on startup the same way one can do it with the DOS drivers & TSRs (pressing F8 or holding CTRL while the computer boots). Or maybe there is and I just don't know about it. If there was some way to do that, I'd suggest trying it.
[color=RoyalBlue]@)}~`,~ [/color]Carry this rose in your signature as thanks to Inkhana, for all she has done for us in the past.Even though she is no longer a moderator, she has done an awful lot for us while she was and she deserves thanks. ^_^
TheMelodyMaker
 
Posts: 1904
Joined: Sun Jul 20, 2003 10:13 pm

Postby inkhana » Sun Apr 18, 2004 8:14 pm

Yeah...-_-;; That would really help...

I guess what it boils down to is that somewhere there's a file being initialized and I can't find where this is happening...

I'm going to do some more searching around and see what I can find.

EDIT: Well well well...I dled a program called "Process Explorer" and it showed me all kinds of files I didn't know were running. So I was able to separate and kill the process, then search the registry for the file. Now everything is fine! It seems it was a spybot that was the problem.


BOOSTER: Hey, No.1! Where's my cake?!
SNIFIT 1: Booster, Sir! There's a 70% chance the object you're standing on is a cake.
BOOSTER: What? THIS thing's a cake?

You have the power to say anything you want, so why not say something positive?
- Frank Capra

(in response to an interview question "Do you have a pet peeve having to do with this biz?")
People who write below their abilities in order to crank out tons of books and make a buck. Especially Christian authors who do that. Outsiders judge us for it, and make fun of us for it, and it makes Jesus look bad. We of all artists on earth should be the most concerned with doing our best possible work at all times. We of all people should write with all our hearts, as if writing for the Lord and not for men.
- Athol Dickson


Avatar by scarlethibiscus from LJ.
User avatar
inkhana
 
Posts: 3670
Joined: Fri May 30, 2003 10:00 am
Location: meh.

Postby shooraijin » Mon Apr 19, 2004 4:31 am

What was the name of the process, just in case someone else hits this problem? (See, I told ya something was up to no good! ^^)
"you're a doctor.... and 27 years.... so...doctor + 27 years = HATORI SOHMA" - RoyalWing, when I was 27
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan

I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
User avatar
shooraijin
 
Posts: 9927
Joined: Thu Jun 26, 2003 12:00 pm
Location: Southern California

Postby JediSonic » Mon Apr 19, 2004 5:54 am

YAY! Inkhy's comp is fixed ^_^
User avatar
JediSonic
 
Posts: 1359
Joined: Thu Oct 16, 2003 12:33 pm
Location: The Bible Belt :D

Postby inkhana » Mon Apr 19, 2004 9:29 am

system2.exe. It listed itself as something "important" in Process Explorer, but I deleted it and nothing happened to my computer except it started working again...XD (Don't you love my reckless diagnosis style? :P )


BOOSTER: Hey, No.1! Where's my cake?!
SNIFIT 1: Booster, Sir! There's a 70% chance the object you're standing on is a cake.
BOOSTER: What? THIS thing's a cake?

You have the power to say anything you want, so why not say something positive?
- Frank Capra

(in response to an interview question "Do you have a pet peeve having to do with this biz?")
People who write below their abilities in order to crank out tons of books and make a buck. Especially Christian authors who do that. Outsiders judge us for it, and make fun of us for it, and it makes Jesus look bad. We of all artists on earth should be the most concerned with doing our best possible work at all times. We of all people should write with all our hearts, as if writing for the Lord and not for men.
- Athol Dickson


Avatar by scarlethibiscus from LJ.
User avatar
inkhana
 
Posts: 3670
Joined: Fri May 30, 2003 10:00 am
Location: meh.

Postby madphilb » Mon Apr 19, 2004 6:31 pm

Got some rough news for you Ink.... did some Googling and I don't like what I've seen.

Several people have reported this sort of thing, not much in the way of web sites (only one real hit and that was a forum), but Google Groups (Usenet Newsgroups) came up with quite a few threads on the issue.

The news doesn't get much better.... from what I've read many of the people who've delt with this have done so via.... um.... innapropriate... spam in newsgroups, though I'm sure it can/does find it's way otherwise onto people's systems.

AVG doesn't seem to spot it, as well as some other Anti-Virus or Spyware programs, though several people have reported the program opening ports out. One person even linked it ot Back Oriface 2000, though I don't know that all of them are the case.

From what I'm reading I've seen the worm W32.Spybot.Worm come up several times... nasty bugger it is too.... it could be a bigger security issue than you thought.

Plug in "regedit" and "msconfig" into the Newgroup search and it seems this is a fairly common thing that no-one has tied directly to anything (lots and lots of threads about this).

You might want to look into CWShredder as it's a program that deals with these less than obvious, hard to kill type worms/virii/torjans/etc.

Be safe out there....
PHIL

Image
Member of P.I.E. -- Pictures of Inkhana for Everyone!! Join the fight!!
Image
User avatar
madphilb
 
Posts: 1057
Joined: Thu May 29, 2003 1:46 pm
Location: Sunny St. Pete, FL

Postby TheMelodyMaker » Mon Apr 19, 2004 7:43 pm

Glad you got it all figured out, Ink. :thumb:

inkhana wrote:I dled a program called "Process Explorer" and it showed me all kinds of files I didn't know were running.

Excellent]is[/i] such a thing! Where did you get it from? I have a feeling that a program like that may come in handy someday. ^_^
[color=RoyalBlue]@)}~`,~ [/color]Carry this rose in your signature as thanks to Inkhana, for all she has done for us in the past.Even though she is no longer a moderator, she has done an awful lot for us while she was and she deserves thanks. ^_^
TheMelodyMaker
 
Posts: 1904
Joined: Sun Jul 20, 2003 10:13 pm


Return to Computing and Links

Who is online

Users browsing this forum: No registered users and 214 guests