 Questions With Startup Entires |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
BleepingComputer.com > Bleeping Computer Applications and Guides > Windows Startup Programs Database  |
 Dec 1 2007, 11:03 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 30-November 07 Member No.: 173,560  |
Thanks Name: Quick Time Task Filename: qttask.exe Location: c:\program files\quicktime\qttask.exe Name: SunJavaUpdate Filename: jusched.exe Location: c:\program files\java\jre1.5.0_11\bin\jusched.exe Name: MSMSGS, Windows Messenger Filename: msmsgs.exe Location: c:\program files\messenger\msmsgs.exe The filename and location are the same for this entry , but it appears in several differnet names Name: text/webviewhtml, CDBurn, PostBootReminder, shell32.dll, Taskbar and Start Menu, {0D2E74C4-3C34-11d2-A27E-00C04FC30871}, {24F14F01-7B1C-11d1-838f-0000F80461CF}, {24F14F02-7B1C-11d1-838f-0000F80461CF}, {66742402-F9B9-11D1-A202-0000F81FEDEE} Filename: shell32.dll Location: c:\windows\system32\shell32.dll The filename and location are the same for this entry , but it appears in several differnet names Name: Microsoft Web Publishing Wizard 1.52, NewMeeting 3.01, Windows Messenger 4.7 Filename: advpack.dll Location: c:\windows\system32\advpack.dll The filename and location are the same for this entry , but it appears in several differnet names Name: Themes Setup, Windows Desk Update Filename: regsvr32.exe Location: c:\windows\system32\regsvr32.exe Name: Sendmail service Filename: sendmail.dll Location: c:\windows\system32\sendmail.dll Name: Kernel32 Filename: kernel32.dll Location: c:\windows\system32\kernel32.dll Name: wininet Filename: wininet.dll Location: c:\windows\system32\wininet.dll Name: logonui.exe Filename: logonui.exe Location: c:\windows\system32\logonui.exe I have also found several entries that may match one on your database, i usually see a few maybe several that match, however one entry will note " This infection should not be confused with the legitimate file found at C:\Windows\System32\userinit.exe." If it seems to be the legitimate file do I ignore it? Here are a few listed this way. Name: C:\WINDOWS\system32\userinit.exe Filename: userinit.exe Location: c:\windows\system32\userinit.exe Name: Explorer.exe Filename: explorer.exe Location: c:\windows\explorer.exe Name: ctfmon.exe Filename: ctfmon.exe Location: c:\windows\system32\ctfmon.exe Name: Eventlog Filename: services.exe Location: c:\windows\system32\services.exe If I do need to handel these would the nest step be disableing and deleting them in safe mode? Thanks |
 |
 
|
|
Dec 2 2007, 01:31 PM
Post
#2
|
|
 Bleep Bleep! Group: Admin Posts: 29,873 Joined: 24-January 04 From: USA Member No.: 3 |
These are all legit. You not only need to compare the names and filenames, but where the file is located.
-------------------- Lawrence
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th January 2009 - 03:09 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.