 New Startup Entry, Is this malware? I have been hijacked |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post. - BleepingComputer Management |
BleepingComputer.com > Bleeping Computer Applications and Guides > Windows Startup Programs Database  |
 Feb 21 2007, 03:12 PM
Post
#1
|
|
|
Member  Group: Members Posts: 60 Joined: 21-February 07 Member No.: 113,174  |
HKLM\System\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"SsiEfr.e" [file not found] I was told to check your forum on this. The original Hijack entry has disappeared from my log without my fixing it. Also, I have tried to uninstall my HP all-in-one as it caused me many problems after I got a new printer. It won't uninstall and still appears in the startup menu. Thanks This post has been edited by marlajm: Feb 21 2007, 04:04 PM |
 |
 
|
|
Feb 22 2007, 12:46 PM
Post
#2
|
|
 Bleep Bleep! Group: Admin Posts: 29,367 Joined: 24-January 04 From: USA Member No.: 3 |
You should ask about your hp printer in the hardware section. I try to stay away from the questions so I do not give the wrong answer
 As for the SsiEfr.e entry; it is related to SpySweeper and though legitimate is not necessary to have. Are you still using SpySweeper? -------------------- Lawrence
|
|
|
|
|
Feb 22 2007, 10:19 PM
Post
#3
|
|
|
Member Group: Members Posts: 60 Joined: 21-February 07 Member No.: 113,174 |
I just started using Spy Sweeper again. I did find, on my own, Windir32.exe....command under Hkey_local_machine\SOFTWARE\microsoft....
It's in the startup.... I continued a search and found limewire there and maybe some other stuff I supposedly eliminated. I also saw two ad addresses and about:blank fly by on the bottom address as my home page was loading when I signed on. Bad? |
|
|
|
|
Feb 23 2007, 11:00 AM
Post
#4
|
|
|
Bleep Bleep! Group: Admin Posts: 29,367 Joined: 24-January 04 From: USA Member No.: 3 |
If you are using spysweeper then there is no harm keeping that entry in the Boot Execute key. As for the other malware, I suggest you either post a HijackThis log in the HJT forum or you can try the Am I infected forum which may give a quicker answer (but not logs are allowed there).
Windir32.exe is definitely not something you want on your system. http://www.bleepingcomputer.com/startups/w....exe-11732.html -------------------- Lawrence
|
|
|
|
|
Feb 23 2007, 01:23 PM
Post
#5
|
|
|
Member Group: Members Posts: 60 Joined: 21-February 07 Member No.: 113,174 |
Many thanks for your kind attention.
Windir32.exe doesn't show up in the HJT, nor does the limewire I keep trying to remove. It is a command line item-- HKEY_LOCAL_MACHINE_SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Windows DLL Services Configuration command Windir32.exe item windir32.exe There is also messenger in the background, realplayer hideat boot time, quicktime hide at boot time. Somehow these don't seem like ok startup items. Am I paranoid? Thanks. I have been trying to get help elsewhere also but items like these are not showing up on regular scans of most kinds. Thanks for your help. This post has been edited by marlajm: Feb 23 2007, 01:32 PM |
|
|
|
|
Feb 26 2007, 12:20 PM
Post
#6
|
|
|
Bleep Bleep! Group: Admin Posts: 29,367 Joined: 24-January 04 From: USA Member No.: 3 |
No they wouldn't. Those are showing up there because at some point they were disabled using the Msconfig.exe utility.
-------------------- Lawrence
|
|
|
|
|
Mar 17 2007, 11:18 PM
Post
#7
|
|
|
Member Group: Members Posts: 60 Joined: 21-February 07 Member No.: 113,174 |
Well, I finished with the original tech support group that was helping me and it seems as if all my antispyware, antivirus has been disabled, even though they look as though they might be working. I evidently have something new, involving a keylogger, and probably need to reinstall. I jest checked a list of my startup entries against your lists and hit a run of unknowns. Thoughts?
|
|
|
|
|
Mar 18 2007, 05:25 PM
Post
#8
|
|
|
Bleep Bleep! Group: Admin Posts: 29,367 Joined: 24-January 04 From: USA Member No.: 3 |
At this point I would post a Hijackthis log using the instructions here:
http://www.bleepingcomputer.com/forums/topic34773.html One of our HJT team members will then help determine what is going on with your computer. -------------------- Lawrence
|
|
|
|
|
Mar 18 2007, 06:45 PM
Post
#9
|
|
|
Member Group: Members Posts: 60 Joined: 21-February 07 Member No.: 113,174 |
The Hijack Log doesn't show much although the combo scan is a bit more revealing in that it shows some suspicious files. There are some telltale created files, although the folders often are most oftem but not always empty.
I used IceSword and it showed a lot more in the startup, registry, and processes (?) than anything else I have used. I just don't know what to get rid of and how. I want to keep whatever it is from reinstalling. And actually, I would love to find out what it is. It seems to be changing most of my modified dates to June 5, 2005. Also, I fear I will reinstall my problems, even from disk. I need the best detective you have! : ) I have backed up files to CD but this thing is so bad I fear I will not be able to use any of it for fear of recontaminating my machine. Thanks |
|
|
|
|
Mar 18 2007, 08:01 PM
Post
#10
|
|
|
Bleep Bleep! Group: Admin Posts: 29,367 Joined: 24-January 04 From: USA Member No.: 3 |
This forum is really not the place for your problem. I see that you posted a log here:
http://www.techsupportforum.com/security-c...installing.html I did not read through the whole log, but was it not cleaned to your satisfaction? I would continue with cleaning your infections as suggested in that log. If you are still having a problem please post a new log here with a link to this topic so people know your history. -------------------- Lawrence
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2008 - 08:51 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.