Has anyone heard of a program or virus that will prevent msconfig or regedit from being opened? My computer is in otherwise fine condition, but I periodically do a check of the registry to see what is running on startup and to my surprise, right after I opened either program, it spontaneously shut itself off. It will stay up on the screen for all of a second, then just...disappear...
Anyone got any ideas about this one? I've run two virus scanners and Adaware, which didn't help. (Running Win98, btw)
EDIT: I also dled a registry editor which helped me see what was going on in the "run" part, but there was nothing there that shouldn't have been there.
Whatinthe...(registry problem)
15 posts •
Page 1 of 1
Whatinthe...(registry problem)
BOOSTER: Hey, No.1! Where's my cake?!
SNIFIT 1: Booster, Sir! There's a 70% chance the object you're standing on is a cake.
BOOSTER: What? THIS thing's a cake?
You have the power to say anything you want, so why not say something positive?
- Frank Capra
(in response to an interview question "Do you have a pet peeve having to do with this biz?")
People who write below their abilities in order to crank out tons of books and make a buck. Especially Christian authors who do that. Outsiders judge us for it, and make fun of us for it, and it makes Jesus look bad. We of all artists on earth should be the most concerned with doing our best possible work at all times. We of all people should write with all our hearts, as if writing for the Lord and not for men.
- Athol Dickson
Avatar by scarlethibiscus from LJ.
-
inkhana - Posts: 3670
- Joined: Fri May 30, 2003 10:00 am
- Location: meh.
That sounds like a very peculiar problem. Are you sure one of your anti-virus programs hasnt gone haywire on you itself? lol This might sound like a really stupid thing to be asking, but today I couldnt get firefox to work right, and my firewall had it on the 'restricted programs' list! No jokin, squire! 
http://www.pureloveclub.com || http://www.catholic.com
http://www.ocremix.org || http://www.pandora.com
Avg post count: <1/mo.
http://www.ocremix.org || http://www.pandora.com
Avg post count: <1/mo.
-
JediSonic - Posts: 1359
- Joined: Thu Oct 16, 2003 12:33 pm
- Location: The Bible Belt :D
If you restart in safe mode, does that help?
"you're a doctor.... and 27 years.... so...doctor + 27 years = HATORI SOHMA" - RoyalWing, when I was 27
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan
I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan
I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
-
shooraijin - Posts: 9927
- Joined: Thu Jun 26, 2003 12:00 pm
- Location: Southern California
Haven't tried it yet (actually didn't think of it... ) I'll try it after I finish reading messages.
) I'll try it after I finish reading messages. BOOSTER: Hey, No.1! Where's my cake?!
SNIFIT 1: Booster, Sir! There's a 70% chance the object you're standing on is a cake.
BOOSTER: What? THIS thing's a cake?
You have the power to say anything you want, so why not say something positive?
- Frank Capra
(in response to an interview question "Do you have a pet peeve having to do with this biz?")
People who write below their abilities in order to crank out tons of books and make a buck. Especially Christian authors who do that. Outsiders judge us for it, and make fun of us for it, and it makes Jesus look bad. We of all artists on earth should be the most concerned with doing our best possible work at all times. We of all people should write with all our hearts, as if writing for the Lord and not for men.
- Athol Dickson
Avatar by scarlethibiscus from LJ.
-
inkhana - Posts: 3670
- Joined: Fri May 30, 2003 10:00 am
- Location: meh.
OK, I tried it. It does not occur in safe mode. However, when I came back to normal mode, it was doing it again (thus killing my hopes that it might miraculously iron itself out...
)
)BOOSTER: Hey, No.1! Where's my cake?!
SNIFIT 1: Booster, Sir! There's a 70% chance the object you're standing on is a cake.
BOOSTER: What? THIS thing's a cake?
You have the power to say anything you want, so why not say something positive?
- Frank Capra
(in response to an interview question "Do you have a pet peeve having to do with this biz?")
People who write below their abilities in order to crank out tons of books and make a buck. Especially Christian authors who do that. Outsiders judge us for it, and make fun of us for it, and it makes Jesus look bad. We of all artists on earth should be the most concerned with doing our best possible work at all times. We of all people should write with all our hearts, as if writing for the Lord and not for men.
- Athol Dickson
Avatar by scarlethibiscus from LJ.
-
inkhana - Posts: 3670
- Joined: Fri May 30, 2003 10:00 am
- Location: meh.
This is going to sound odd at first, but have you recently installed anything new? If so, my guess is that one of your system files got updated that might somehow affect how MSConfig and RegEdit behave. I'm not totally sure if that's the solution, but it's all I think of at the moment. (And depending on how you answer, I may refer you to a wonderful little program called System File Checker that comes with Windows 98.)
[color=RoyalBlue]@)}~`,~ [/color]Carry this rose in your signature as thanks to Inkhana, for all she has done for us in the past.Even though she is no longer a moderator, she has done an awful lot for us while she was and she deserves thanks. ^_^
- TheMelodyMaker
- Posts: 1904
- Joined: Sun Jul 20, 2003 10:13 pm
I think the fact it works in safe mode proves something is hooking into your system, actually. I've seen a system infected with W32.Bugbear that killed off Norton AntiVirus as it was running (fortunately I *could* start up msconfig and see that there was something hooking into run= ).
"you're a doctor.... and 27 years.... so...doctor + 27 years = HATORI SOHMA" - RoyalWing, when I was 27
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan
I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan
I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
-
shooraijin - Posts: 9927
- Joined: Thu Jun 26, 2003 12:00 pm
- Location: Southern California
Yeah, what made me initially suspicious was the fact that I couldn't get into regedit (ok...so I forget about MSconfig at times... ) and then I remembered msconfig and tried to run it, to get the same thing...and they're the ONLY programs affected. As far as recent installations...*thinks*...it's possible Dad put something in. Me...I only remember taking stuff out this morning...but I think it was after I'd spotted the problem and I was trying to free up memory.
The strange thing is...I can see the "run" area (I can't remember what they call it when you're referring to the registry...a key or something) but there's nothing there that I don't recognize.
) and then I remembered msconfig and tried to run it, to get the same thing...and they're the ONLY programs affected. As far as recent installations...*thinks*...it's possible Dad put something in. Me...I only remember taking stuff out this morning...but I think it was after I'd spotted the problem and I was trying to free up memory. The strange thing is...I can see the "run" area (I can't remember what they call it when you're referring to the registry...a key or something) but there's nothing there that I don't recognize.
BOOSTER: Hey, No.1! Where's my cake?!
SNIFIT 1: Booster, Sir! There's a 70% chance the object you're standing on is a cake.
BOOSTER: What? THIS thing's a cake?
You have the power to say anything you want, so why not say something positive?
- Frank Capra
(in response to an interview question "Do you have a pet peeve having to do with this biz?")
People who write below their abilities in order to crank out tons of books and make a buck. Especially Christian authors who do that. Outsiders judge us for it, and make fun of us for it, and it makes Jesus look bad. We of all artists on earth should be the most concerned with doing our best possible work at all times. We of all people should write with all our hearts, as if writing for the Lord and not for men.
- Athol Dickson
Avatar by scarlethibiscus from LJ.
-
inkhana - Posts: 3670
- Joined: Fri May 30, 2003 10:00 am
- Location: meh.
*thinks hard* Hmm... this is a tough one. It's too bad one can't selectively choose which Windows drivers & components to load on startup the same way one can do it with the DOS drivers & TSRs (pressing F8 or holding CTRL while the computer boots). Or maybe there is and I just don't know about it. If there was some way to do that, I'd suggest trying it.
[color=RoyalBlue]@)}~`,~ [/color]Carry this rose in your signature as thanks to Inkhana, for all she has done for us in the past.Even though she is no longer a moderator, she has done an awful lot for us while she was and she deserves thanks. ^_^
- TheMelodyMaker
- Posts: 1904
- Joined: Sun Jul 20, 2003 10:13 pm
Yeah...-_-;; That would really help...
I guess what it boils down to is that somewhere there's a file being initialized and I can't find where this is happening...
I'm going to do some more searching around and see what I can find.
EDIT: Well well well...I dled a program called "Process Explorer" and it showed me all kinds of files I didn't know were running. So I was able to separate and kill the process, then search the registry for the file. Now everything is fine! It seems it was a spybot that was the problem.
I guess what it boils down to is that somewhere there's a file being initialized and I can't find where this is happening...
I'm going to do some more searching around and see what I can find.
EDIT: Well well well...I dled a program called "Process Explorer" and it showed me all kinds of files I didn't know were running. So I was able to separate and kill the process, then search the registry for the file. Now everything is fine! It seems it was a spybot that was the problem.
BOOSTER: Hey, No.1! Where's my cake?!
SNIFIT 1: Booster, Sir! There's a 70% chance the object you're standing on is a cake.
BOOSTER: What? THIS thing's a cake?
You have the power to say anything you want, so why not say something positive?
- Frank Capra
(in response to an interview question "Do you have a pet peeve having to do with this biz?")
People who write below their abilities in order to crank out tons of books and make a buck. Especially Christian authors who do that. Outsiders judge us for it, and make fun of us for it, and it makes Jesus look bad. We of all artists on earth should be the most concerned with doing our best possible work at all times. We of all people should write with all our hearts, as if writing for the Lord and not for men.
- Athol Dickson
Avatar by scarlethibiscus from LJ.
-
inkhana - Posts: 3670
- Joined: Fri May 30, 2003 10:00 am
- Location: meh.
What was the name of the process, just in case someone else hits this problem? (See, I told ya something was up to no good! ^^)
"you're a doctor.... and 27 years.... so...doctor + 27 years = HATORI SOHMA" - RoyalWing, when I was 27
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan
I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
"Al hail the forum editting Shooby! His vibes are law!" - Osaka-chan
I could still be champ, but I'd feel bad taking it away from one of the younger guys. - George Foreman
-
shooraijin - Posts: 9927
- Joined: Thu Jun 26, 2003 12:00 pm
- Location: Southern California
YAY! Inkhy's comp is fixed ^_^
http://www.pureloveclub.com || http://www.catholic.com
http://www.ocremix.org || http://www.pandora.com
Avg post count: <1/mo.
http://www.ocremix.org || http://www.pandora.com
Avg post count: <1/mo.
-
JediSonic - Posts: 1359
- Joined: Thu Oct 16, 2003 12:33 pm
- Location: The Bible Belt :D
system2.exe. It listed itself as something "important" in Process Explorer, but I deleted it and nothing happened to my computer except it started working again...XD (Don't you love my reckless diagnosis style? )
) BOOSTER: Hey, No.1! Where's my cake?!
SNIFIT 1: Booster, Sir! There's a 70% chance the object you're standing on is a cake.
BOOSTER: What? THIS thing's a cake?
You have the power to say anything you want, so why not say something positive?
- Frank Capra
(in response to an interview question "Do you have a pet peeve having to do with this biz?")
People who write below their abilities in order to crank out tons of books and make a buck. Especially Christian authors who do that. Outsiders judge us for it, and make fun of us for it, and it makes Jesus look bad. We of all artists on earth should be the most concerned with doing our best possible work at all times. We of all people should write with all our hearts, as if writing for the Lord and not for men.
- Athol Dickson
Avatar by scarlethibiscus from LJ.
-
inkhana - Posts: 3670
- Joined: Fri May 30, 2003 10:00 am
- Location: meh.
Got some rough news for you Ink.... did some Googling and I don't like what I've seen.
Several people have reported this sort of thing, not much in the way of web sites (only one real hit and that was a forum), but Google Groups (Usenet Newsgroups) came up with quite a few threads on the issue.
The news doesn't get much better.... from what I've read many of the people who've delt with this have done so via.... um.... innapropriate... spam in newsgroups, though I'm sure it can/does find it's way otherwise onto people's systems.
AVG doesn't seem to spot it, as well as some other Anti-Virus or Spyware programs, though several people have reported the program opening ports out. One person even linked it ot Back Oriface 2000, though I don't know that all of them are the case.
From what I'm reading I've seen the worm W32.Spybot.Worm come up several times... nasty bugger it is too.... it could be a bigger security issue than you thought.
Plug in "regedit" and "msconfig" into the Newgroup search and it seems this is a fairly common thing that no-one has tied directly to anything (lots and lots of threads about this).
You might want to look into CWShredder as it's a program that deals with these less than obvious, hard to kill type worms/virii/torjans/etc.
Be safe out there....
Several people have reported this sort of thing, not much in the way of web sites (only one real hit and that was a forum), but Google Groups (Usenet Newsgroups) came up with quite a few threads on the issue.
The news doesn't get much better.... from what I've read many of the people who've delt with this have done so via.... um.... innapropriate... spam in newsgroups, though I'm sure it can/does find it's way otherwise onto people's systems.
AVG doesn't seem to spot it, as well as some other Anti-Virus or Spyware programs, though several people have reported the program opening ports out. One person even linked it ot Back Oriface 2000, though I don't know that all of them are the case.
From what I'm reading I've seen the worm W32.Spybot.Worm come up several times... nasty bugger it is too.... it could be a bigger security issue than you thought.
Plug in "regedit" and "msconfig" into the Newgroup search and it seems this is a fairly common thing that no-one has tied directly to anything (lots and lots of threads about this).
You might want to look into CWShredder as it's a program that deals with these less than obvious, hard to kill type worms/virii/torjans/etc.
Be safe out there....
PHIL
Member of P.I.E. -- Pictures of Inkhana for Everyone!! Join the fight!!
Member of P.I.E. -- Pictures of Inkhana for Everyone!! Join the fight!!
-
madphilb - Posts: 1057
- Joined: Thu May 29, 2003 1:46 pm
- Location: Sunny St. Pete, FL
Glad you got it all figured out, Ink. 
Excellent]is[/i] such a thing! Where did you get it from? I have a feeling that a program like that may come in handy someday. ^_^
inkhana wrote:I dled a program called "Process Explorer" and it showed me all kinds of files I didn't know were running.
Excellent]is[/i] such a thing! Where did you get it from? I have a feeling that a program like that may come in handy someday. ^_^
[color=RoyalBlue]@)}~`,~ [/color]Carry this rose in your signature as thanks to Inkhana, for all she has done for us in the past.Even though she is no longer a moderator, she has done an awful lot for us while she was and she deserves thanks. ^_^
- TheMelodyMaker
- Posts: 1904
- Joined: Sun Jul 20, 2003 10:13 pm
15 posts •
Page 1 of 1
Who is online
Users browsing this forum: No registered users and 75 guests