Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange notices and start up processes


  • Please log in to reply
10 replies to this topic

#1 Wanganmr8

Wanganmr8

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 15 February 2011 - 08:01 AM

Decided to look at my start up programs, to speed my boot up.

I noticed these strange programs named in Chinese Characters. I did a quick google search, and found not much, but it seemed to be a small issue. I ticked the programs and I turned them off at start up.



NOW,


everytime I start up, I get a error, with the same program name in it. I checked, and to my surprise, the program is back! With a different name, but in the same location.


I tried to look for the location, but with no success I gave up.



Now, I have suspicion that the program might be some strange keylogger of sort. Or I might just be paranoid, and blaming my current loss on this program. ( as my loss comes to me a a HUGE surprise.)



Any help would be nice, I will attack s JPEG of the program list in my MSCONFIG start up list.

Attached Files



BC AdBot (Login to Remove)

 


#2 Wanganmr8

Wanganmr8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 03 June 2011 - 01:19 AM

Bump : I still have these issues. I just recently got back from overseas with the navy. I am back with my computer. I was able to find this much out:

http://www.geekstogo.com/forum/topic/100581-krepper-trojan-hard-to-kill%26nbsp%3Bresolved/

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:30 AM

Posted 03 June 2011 - 08:15 AM

How about a look in Add/Remove Programs...and the Start/All Programs listing...for these questionable programs?

It would also help to see the complete path of the programs, if you are going to show entries from Msconfig.

Louis

#4 Wanganmr8

Wanganmr8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 03 June 2011 - 04:31 PM

In the picture is a shows the full location. Also there is no program I know of that shows up as this.


In the link I posted, someone says it is a keylogger or something along those lines.

#5 pacificdenizen

pacificdenizen

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 04 June 2011 - 08:24 AM

I have a Chinese program disabled at startup too, on an Acer Aspire desktop (Vista machine).

I did a search a while back, and some people on tech boards were saying it was associated with Acer. Very strange. I disabled it but was still a bit concerned.

http://www.google.com/#sclient=psy&hl=en&source=hp&q=chinese+characters+startup+program+acer&aq=f&aqi=&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=a91b69f6bd0a7737&biw=975&bih=550

#6 Wanganmr8

Wanganmr8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 04 June 2011 - 02:47 PM

I have a Chinese program disabled at startup too, on an Acer Aspire desktop (Vista machine).

I did a search a while back, and some people on tech boards were saying it was associated with Acer. Very strange. I disabled it but was still a bit concerned.

http://www.google.com/#sclient=psy&hl=en&source=hp&q=chinese+characters+startup+program+acer&aq=f&aqi=&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=a91b69f6bd0a7737&biw=975&bih=550



I still have them, I hope someone will be able to help us. I wish to get this over with.

#7 petewills

petewills

  • Members
  • 1,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:06:30 AM

Posted 04 June 2011 - 09:33 PM

Could you clear up a couple of points.

(How is your drive partitioned. Msconfig reflects Drive E as the boot. Just curious on this one.)

1. What's your OS.

2. As previously asked by Hamluis, what is shown in msconfig i.e. what are the full entries at the end of the 2 lines with WindowsNT\Current Version\ - Windows:R...... and Windows:Lo..... (move the bar to display the full wording).

3. Finally, what is the exact error message you are getting on startup.

#8 Wanganmr8

Wanganmr8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 05 June 2011 - 02:40 PM

Yes, it is drive E. I only have drive E.


OS: Windows Xp 32 Servpack 3

If you look, it says WindowsNT\CurrentVersion\Windows:Run and WindowsNT\CurrentVersion\Windows:Load

I get Error Messages saying that those programs are unable to start up/find. It shows in in Chinese, so I do not know what it is exactly saying, other than the english parts. I tried taking SS of it, but I can not as I get multiple errors and I can only take a SS of one, not all of them.


Thank you for the help :)

Edited by Wanganmr8, 05 June 2011 - 02:40 PM.


#9 petewills

petewills

  • Members
  • 1,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:06:30 AM

Posted 05 June 2011 - 08:04 PM

When did you last run an antimalware program (e.g. Malwarebytes or SuperAntiSpyware) and a full system AntiVirus scan.
--------------------------------------------------------

Download Autoruns for Windows v10.07

http://technet.microsoft.com/en-us/sysinternals/bb963902

run autoruns.exe and when 'Ready' appears at bottom left, click on 'Logon' Tab.

Are there any strange entries there, if so, untick and reboot. (or post SS, if unsure).

As to the file path in msconfig, we couldn't move the bar on the .jpg !!! hence the request for the full path.

If you don't mind looking in the Registry, run regedit:

What appears in the Right hand column when you select 'Windows:Run' and 'Windows:Load' in the Left hand column

at path: HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion

SS of each would be useful, whatever the result.

Backup Registry first, even though NO changes are being made.

ERUNT Registry Backup and Restore for Windows NT/2000/2003/XP

http://www.larshederer.homepage.t-online.de/erunt/

Edited by petewills , 05 June 2011 - 08:49 PM.


#10 Wanganmr8

Wanganmr8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 09 June 2011 - 01:10 AM

Hello, I did a scan on both malwarebytes and Avast anit virus not to long ago. No threat was found.

I will update with my reg as soon as I get back into town on my own computer. Thanks and I am sorry for the late reply!

#11 Wanganmr8

Wanganmr8
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 11 June 2011 - 12:07 PM

Thank you so much, AutoRunsc fixed the issue~ Thank you again :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users