Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

It's Blank....


  • Please log in to reply
15 replies to this topic

#1 stevealmighty

stevealmighty

    Bleepin' WormBreath


  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate NY
  • Local time:11:27 AM

Posted 22 February 2006 - 08:12 AM

This is in my startup menu, and it's blank. I've seen similar "blank" items in startup menus, but don't know what they are for/do and I can't search for them cuz they're blank (duhhhh)!

Here's a screen shot of what it looks like. Any help with this?

Thanks!

Posted Image
War produces veterans, wounded both physically and mentally. They have sacrificed for us.....and it is now our job to help these veterans, as they have already helped us in ways we will never know, in ways that we cannot fathom, and in ways that we take granted every day.
Posted Image

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:27 PM

Posted 22 February 2006 - 08:25 AM

Its prob a mess up in some program. Download autoruns and right click on that entry and delete it. Or run hijackthis and fix it from there.

#3 stevealmighty

stevealmighty

    Bleepin' WormBreath

  • Topic Starter

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate NY
  • Local time:11:27 AM

Posted 22 February 2006 - 10:46 AM

Is there a way to make it appear so that it shows what it is? I'd hate to disable something important like virus protection or a firewall or something that's legitimate.
War produces veterans, wounded both physically and mentally. They have sacrificed for us.....and it is now our job to help these veterans, as they have already helped us in ways we will never know, in ways that we cannot fathom, and in ways that we take granted every day.
Posted Image

#4 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:11:27 AM

Posted 22 February 2006 - 11:52 AM

Hold your cursor over the little "notch" immediately to the left of Location. It will turn into a two headed arrow and drag it to the left. It will allow you to see that full string. If you don't recognize the file that is at the far right of the string you can search it in this DB.

Edited by Leurgy, 22 February 2006 - 11:54 AM.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:27 PM

Posted 22 February 2006 - 12:24 PM

As the command portion is blank it is probably not starting any program at all.

#6 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:11:27 AM

Posted 22 February 2006 - 12:29 PM

Hmmmm. Now you've got me curious. :thumbsup:

Bet ya a donut it does.

Edited by Leurgy, 22 February 2006 - 12:37 PM.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#7 stevealmighty

stevealmighty

    Bleepin' WormBreath

  • Topic Starter

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate NY
  • Local time:11:27 AM

Posted 22 February 2006 - 01:47 PM

See, I figured that it was a spyware/adware program that listed as blank so that you wouldn't know what it was and wouldn't disable it at startup. Looks like I was way off...kinda like that time I thought I had a tape worm, but come to find out I was just hungry. LOL!!!!!

So, if spyware/adaware (for example, let's say "Spyaxe") isn't in the startup menu, then why (how) does it startup when windows starts up?
War produces veterans, wounded both physically and mentally. They have sacrificed for us.....and it is now our job to help these veterans, as they have already helped us in ways we will never know, in ways that we cannot fathom, and in ways that we take granted every day.
Posted Image

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:27 PM

Posted 22 February 2006 - 02:23 PM

There are a ton of registry keys that a piece of malware can use to startup when windows starts. Is this just for understanding or do you have a particular piece of malware starting and you cant figure out how?

#9 stevealmighty

stevealmighty

    Bleepin' WormBreath

  • Topic Starter

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate NY
  • Local time:11:27 AM

Posted 22 February 2006 - 02:30 PM

There are a ton of registry keys that a piece of malware can use to startup when windows starts. Is this just for understanding or do you have a particular piece of malware starting and you cant figure out how?


A combination of the two I guess....I was fixing someones computer, and they had they're desktop hijacked (for lack of a better term). It was a black box that said his computer was infected and should download some program to fix it. I couldn't change the desktop no matter what I did. In their start up menu, there was a blank startup item. I unchecked it, ran a few programs, worked on it for an hour or 2, and then it was fixed. I just don't know exactly what I did to fix the desktop, but everything is back to normal now. They're computer was really infected (adaware found almost 200 things!), not to mention Spyaxe, spysherrif, and some other program that was causing popups. I was hoping to find out what the blank one was so that if I see it again in the future that I could know exactly what it was and remove the program, instead of just disabling it at startup.
War produces veterans, wounded both physically and mentally. They have sacrificed for us.....and it is now our job to help these veterans, as they have already helped us in ways we will never know, in ways that we cannot fathom, and in ways that we take granted every day.
Posted Image

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:27 PM

Posted 22 February 2006 - 02:35 PM

Ahh..well those infections use a combination of startup entries to infect you. The little icon on the task bar that looks like microsoft alerts telling you are infected uses the SharedTaskScheduler key.

The rest is loaded via standard Run keys. The desktop is changed usually with a program called c:\winstall.exe It puts a bmp in the Windows dir and sets your desktop to that. Then adds policies so that you cant change it back.

#11 stevealmighty

stevealmighty

    Bleepin' WormBreath

  • Topic Starter

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate NY
  • Local time:11:27 AM

Posted 22 February 2006 - 03:25 PM

HA! I figured that. Kinda...I just couldn't give the tecnical reasoning why.

And that little "windows" icon in the taskbar (systray?) that keeps telling you that your computer is infected...well, this computer had 2 of them! OMG it was a pain to get rid of.

Now, malware (spyaxe and similar programs to be more specific) are self installing, right? Will Zone Alarm help to keep these programs out?
War produces veterans, wounded both physically and mentally. They have sacrificed for us.....and it is now our job to help these veterans, as they have already helped us in ways we will never know, in ways that we cannot fathom, and in ways that we take granted every day.
Posted Image

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:27 PM

Posted 22 February 2006 - 03:57 PM

Zonealarm, as a firewall, will only help protect you from programs on the computer trying to access the internet, and from programs on the internet exploiting your Windows services that are visible to the Internet.

If a user visits a web page, and does not have their security tightened down, they will get infected. Also running a program that installs this crap will do it as well regardless of their firewall. Make sure they have a good AV....like avast, kaspersky, or nod32.

#13 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:11:27 AM

Posted 22 February 2006 - 05:07 PM

I'm the only one who seems to talk about this:

For some reason Install on demand is enabled by default in Internet Explorer causing problems such as unauthorized downloads that install without your knowledge. To protect yourself against this situation do this:

In Internet Explorer go to Tools>Internet Options>Advanced and take the check mark from Enable Install On Demand (Internet Explorer) and Enable Install On Demand (Other). The consequence of this will be that you will begin to see Security Warnings when something tries to install on your computer. Unless it is something you want to install (which happens rarely) always say no.

Edited by Leurgy, 22 February 2006 - 05:08 PM.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:27 PM

Posted 22 February 2006 - 05:23 PM

I thought i'd add my two cents here. I had a very similar problem on another computer and another guy actually came up with a fix. I'll try and make it as simple as possible and try not to repeat anything that's already been said. My computer jargon might be a bit hard to understand but bear with me. When you say that you don't want to disable the entry because it might be necessary is void - the entry is benign. Nothing loads - nothing to worry about. (that's just my view). I'm sure you would like to know what it is and i hope this helps. This will involve entering the registry, but not actually changing it at all. If you would like to augment safety by backing up please follow the link here to learn how to do this.

In the registry, you have the various 'run' key. The location of the blank entry in the screenshot you posted is cut off, but let's imagine it is coming from the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run Key. If you access the registry and navigate to the key and click on it you will get a list in the right hand plane of the startup entries. I think the name is set on the left, and the data or path it runs from is on the right. The blank entry in msconfig is the value which has no data listed in the far right column. The name should be there, but the data will be completely blank.

You should be able to tell what the entry then is by the name and determine what program it is. You can look it up using the Bleepin' Startup Database, though even if it does turn up to be your Anti-Virus it won't do any damage to remove it via msconfig. After a reboot the blank entry should be gone. I'm sure that if you 'google' the issue you'll find some info on it. I hope this helps.

David

Edited by D-Trojanator, 22 February 2006 - 05:24 PM.


#15 stevealmighty

stevealmighty

    Bleepin' WormBreath

  • Topic Starter

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate NY
  • Local time:11:27 AM

Posted 23 February 2006 - 01:34 PM

Thanks for all the input, I'll be sure to do this stuff tonight. I'm having "issues" with my computer (which can be viewed on another thread in bleepingcomputer.com HERE). Lag issues to be more specific....not sure if it's related to this topic or not, but I won't say anymore-->I don't want to get caught going "off topic" :thumbsup:

Again, thanks for the help and I'll post back with some (hopefully good) results when I figure everything out! :flowers:
War produces veterans, wounded both physically and mentally. They have sacrificed for us.....and it is now our job to help these veterans, as they have already helped us in ways we will never know, in ways that we cannot fathom, and in ways that we take granted every day.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users