Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Msconfig Startup List


  • Please log in to reply
7 replies to this topic

#1 daveward8668

daveward8668

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 02 October 2007 - 12:30 PM

hi all. just a quick query about some strange items that are in my startup list.

had a quick google for the app names but, as they are gibberish nothing came up.

when i tried the start of the file string "hkcu" i found a couple of strange things coming up and was all set fro getting shot of them all but then found a half normal looking one below the rest.

just wondering if you can cast your wise peepers and give me a clue please? ta much.


Posted Image

BC AdBot (Login to Remove)

 


#2 haycg

haycg

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 02 October 2007 - 12:51 PM

To small for me to read.

#3 jwinathome

jwinathome

  • Members
  • 1,360 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, Georgia
  • Local time:02:28 AM

Posted 02 October 2007 - 01:02 PM

At the bottom of the page it says "View in original size", then you can zoom in on that one.

There is some definite questionable stuff listed there.

You might consider going through the...Preparation Guide For Use Before Posting A Hijackthis Log, and then posting a HijackThis log in the forum listed at the bottom of that link.

You should re-enable all entries in MSCONFIG before posting the HJT log though.

Edited by jwinathome, 02 October 2007 - 01:06 PM.


#4 mommabear

mommabear

  • Members
  • 492 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 02 October 2007 - 01:09 PM

I copied the picture to my desktop and zoomed it. It's pretty hard to read but I was able to make out one.

ctfmon.exe is a process belonging to Microsoft Office Suite. It activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office XP Language Bar. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.

Note: ctfmon.exe could also be a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

Determining whether ctfmon.exe is a virus or a legitimate Windows process depends on the directory location it executes or runs from.

http://www.liutilities.com/products/wintas...library/ctfmon/

HKCU means HKEY_CURRENT_USER in the registry, ie ....

HKCU/SOFTWARE/Micr....osft, etc, etc

Your picture cuts off but it looks like a lot of them are related to some software on your computer, but some of them don't look good either.

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:28 AM

Posted 02 October 2007 - 02:10 PM

Possible tools:

TaskList.org - List of Windows Proccesses and Descriptions - http://www.tasklist.org/

Startups - Contents - http://www.pacs-portal.co.uk/startup_content.php

http://www.windowsstartup.com/startupinspector.php

Task List Programs - AnswersThatWork's famous Database of Processes, Startups & Services - http://www.answersthatwork.com/Tasklist_pages/tasklist_n.htm

Louis

#6 daveward8668

daveward8668
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 02 October 2007 - 02:36 PM

thanks for the links folks i'll start looking in a min. im happy enough with most of the entries it was just the gibberish ones which threw me off.

i haven't done a HijackThis log yet but i assume i'll have to re-post in the malware topic?

and i didn't mean to ask bout hkcu either, wee brain fart there. sorry!

#7 WinCrazy

WinCrazy

  • Members
  • 265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ambler, PA USA
  • Local time:01:28 AM

Posted 02 October 2007 - 02:36 PM

Hi daveward8668.

Programs with names obviously made up from random characters that can't even be identified using Google is a sure signe of a current or previous malware infection. jwinathome has the best idea sending you straight to the HijackThis forum! :thumbsup:

Be sure to follow all the instructions there (in order) before posting your log.

FYI - For all legitimate programs, their DLLs and drivers you can make out that there may be abbreviations in each file name, not just random characters.

#8 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:11:28 PM

Posted 02 October 2007 - 02:46 PM

Do what jwinathome said, you have a definite malware infection.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users