Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Starting Problem


  • Please log in to reply
10 replies to this topic

#1 okwrangler

okwrangler

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 30 December 2017 - 04:14 PM

First, I am not very computer savvy. 

 

About two weeks ago, I tried to track a package and installed some kind of unwanted junk on my computer.  I finally got that cleared off my computer, but in the process I have created another problem.

 

Now when I start my computer, a screen comes up that has two small icon boxes on it.  Beneath one box it says "okwrangler", beneath the other box it says "administrator".  When I click on the okwrangler square, it takes me to a new site, when I click on the administrator box, it takes me to my normal MSN site.

 

Is there any way I can get rid of the okwrangler box and just go back to the way my computer was before I n

messed it up?

 

Thank you


Edited by hamluis, 01 January 2018 - 07:12 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:07 AM

Posted 30 December 2017 - 05:00 PM

The simplest thing to do is to try a 'System restore'. This will restore your computer to the condition it was in at the time of the restore point you select.

 

Click 'Start - Control Panel - Recovery'. Then  choose to do a 'System restore'. The restore panel will open. It may show only one restore point, the latest, and if this is not from before the time the problem started then click the button 'Other restore points' and select one that is definitely from before this all started. Then click 'Restore'. You will get a couple of warnings, accept them, the restore will start. Do NOT interrupt it, just let it run until it is finished. This shouldn't take longer than about ten minutes and usually it will ask you to re-boot. If it doesn't, re-boot any way.

 

If that doesn't fix the problem. post back.

 

Chris Cosgrove



#3 okwrangler

okwrangler
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 30 December 2017 - 07:44 PM

Howdy Chris"

 

Thank you for replying, I really appreciate it.

 

At least I tried something I have never done before - I played in the recovery section.  Thank you for that. but it didn't appear to work.  It asked me for a specific incident and I tried to put in December 1, 2017 as the restore point, but the computer kept listing the restore point as 12/30/2017.  What did I do wrong?



#4 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:07 AM

Posted 31 December 2017 - 05:11 PM

Sorry, but you can't just plug a date into 'System restore' and generate a restore point, all you can do is use the ones stored on the system. I imagine the one dated December 30th was the last one.

 

Below and to the left of the 'Choose a restore point' box is a button 'More restore points' or something like that. If you click on this you will see a list of all the available restore points. If there are no more listed restore points, then you are out of luck, all you have is the latest one. I can't check the wording because I am away from home and using a laptop running Linux.

 

See if you have any others listed and, as I said, choose one from before you started having this problem. If you don't have any earlier points then you may have to go at it a different way. I would download, install and run Malwarebytes. It is very good at finding and removing 'Potentially unwanted programs'. It is a free downlnoad from BC -

 

https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

 

But check for older restore points first.

 

Chris Cosgrove



#5 okwrangler

okwrangler
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 31 December 2017 - 08:09 PM

I really want to thank you for trying to help.  Especially with you being away from home.  I hope this trip is a fun one and not a work one.

 

Yes, I found that box, but there is nothing in it.  Well, we tried,

 

Thank you again



#6 joseibarra

joseibarra

  • Members
  • 1,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:09:07 PM

Posted 01 January 2018 - 01:14 AM

When you look for Restore Points you should hope to see them like this with several Restore Points listed:

 

[attachment=201006:Untitled.jpg]

 

If you have no Restore Points I would consider that another problem that you should look into and there could be an explanation for that - but I would fix it if it needs fixing.

 

Do you know the name of this package tracking software you installed and are you able to describe how you cleared it off your computer...  from Programs and Features (aka Add/Remove Programs) or something else?  The software maker may have a certain way to uninstall/remove their stuff from your system.

 

Sometimes uninstalling things will leave behind unwanted startup items that can cause these popups when you restart since the software has been removed but the startup item has been left behind.

 

You can download from Microsoft Autoruns and use it to find the startup item, disable it, then when you are sure things are good you can delete the startup item entirely so your startup is not sloppy.

 

Read through this description and report back your findings:

 

 

It might be easy to get rid of the error message by doing something like disabling the startup item in msconfig (if you can even find it), but I suggest you fix the problem and not just fix the symptom of the problem by just eliminating the startup message.

I would also not recommend that you start poking around in the registry unless you have a backup since there is no "undo" or "quit without saving" option in regedit.  If you make a mistake, that's it.

Those ideas offer "quick" and sometimes risky relief of the symptom, but may not actually fix the problem.  I would also be wary of ideas that begin with the words "try".  You do not need to try things, you need to do things.

Here are comprehensive instructions that will keep you safe and resolve your issue the "right" way.

Describe your current antivirus and anti malware situation:  McAfee, Norton, Spybot, AVG, Avira!, MSE, Defender, ZoneAlarm, PC Tools, Comodo, etc.

 

These messages at startup could be related to some program that has been uninstalled and did not do a good job of cleaning up after itself leaving behind leftover startup entries in your configuration.

 

Another possibility is malware that was set to run at startup but the referenced file(s) has been deleted after a malware scan leaving behind a registry entry or startup item pointing to a file that does not exist.  

It could be from a malicious software removal or an uninstalled application.  The entry may have a curious looking name since it was probably generated at random when the malware was installed. If you search your system for the referenced file, you may not even find it.

Windows is trying to load this file but cannot locate it since the file was mostly likely removed during a scan for malicious software.  However, an associated orphaned startup parameter or registry entry remains and is telling Windows to load the file when you boot up or login.

You need to remove the referenced entry so Windows stops trying to load or run the file. It may or may not be in the registry but you can find it.

 

Autoruns (see below) will find the item no matter where it is.  

If you just locate and uncheck the item in msconfig, that disables the item but does not remove the reference to the bogus startup item from your computer.   The msconfig program is not a startup manager, it is a troubleshooting tool.  Disabling things in msconfig to put a stop to the messages and thinking your problem is resolved is short sighted and leaves behind a sloppy Windows configuration.  Merely disabling the display of a startup error message should not count as a "solution" to the problem.

If you are comfortable editing the registry you can search for and remove the reference directly from there or remove it using a popular third party tool called Autoruns.  The problem may not always be found in the registry though.

Before making any changes to your registry by hand or with third party tools, be sure to make a manual System Restore point just in case. There is no undo or quit without saving option in regedit.

You can use Autoruns to find the leftover startup item no matter where it is hiding.  Autoruns does not install anything on your computer.  It will display all of the startup locations where the reference might be so you can disable it or delete it completely.  Here is the download link for Autoruns:

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Launch Autoruns.exe (or Autoruns64.exe for 64-bit systems), maximize the window so you can see everything and wait for it to finish populating the list of entries.

When Autoruns is finished scanning your system, it will say "Ready" at the bottom left corner.  Autoruns can be a little intimidating at first if you have never see it before since it displays a lot of information.  You are really only interested in a couple sections.

Items that show up in a shrimpy color are "unsigned" entries which are usually not a problem.  The manufacturer just did not bother to digitally "sign" their files appropriately.

Items that show up in a yellow color are entries that point to a file, path, location that does not exist so they are suspicious since they probably don't make sense any more. You can choose to delete the yellow ones but sometimes they come back.  They probably have nothing to do with your issues since they don't "do" anything.

The problem item is usually in the system startup or user startup entries so click the Logon tab and see if the startup item is there.

Scroll through the list and look for a startup entry related to the file(s) in the error message.

If you don't find it in the Logon tab, look for it in the Everything tab.

You can also click File, Find to search the Logon or Everything tab for all or part of the name of the item.

Right-click on the offending entry and choose to delete it.  If you are not sure what it is, you can just disable it, reboot and if the issue is resolved, then delete the offending entry.  

If you don't see it in Autoruns you may have to edit the registry and remove the item from the Startup folder there.   Autoruns should display the same information though.


The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#7 ranchhand_

ranchhand_

  • Members
  • 1,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:07:07 PM

Posted 01 January 2018 - 11:35 AM

 

I tried to track a package and installed some kind of unwanted junk

Sounds like you have leftover unwanted PUPs or Adware on your computer; a couple of easy things to try that might help:
 

 

Download JRT; after that, download  ADWcleaner
Run them both, and let them delete anything they find. They are easy to use and will not harm anything, but are very powerful for removing junkware.

After that, download, install and run Malwarebytes; use the default settings. Let it remove anything it finds. After you are done, remove it using Control Panel/Uninstall A Program.

Post back with how it goes.
 


Edited by ranchhand_, 01 January 2018 - 11:39 AM.

Help Requests: If there is no reply after 3 days I remove the thread from my answer list. For further help PM me.


#8 okwrangler

okwrangler
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 02 January 2018 - 02:50 AM

Hello there there Jose:

 

I did read you reply and I did try some of it.  But when you talked about being careful about what I delete, I did become very careful.  One problem that I have is I will do something and then I am not able to clean up my mistake

 

I don't remember what the name of the original was.  I typed in"Track My Computer" in and a site came up.  It said download this and I did.  That started everything/

 

I just typed in "Track My Computer" and I could not find the site..

.

I did run "Auutoruns" and I got a whole list of things.  I did find the funny icon that is on my screen, but I did not delete it because I was afraid it would just delete the icon and not fix the problem.

 

I do thank you for helping me, and Iwill go back through the information you sent me and see if there is anything else I can try.

 

Thank you again.



#9 okwrangler

okwrangler
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 02 January 2018 - 02:56 AM

Howdy Ranchhand:

 

I tried for over thirty minutes trying to load JRT and ADWcleaner and could not get it to load, It was then I realized that I already had it installed on my computer.  I ran it and it cleared four sites off my computer, but it did not fix the problem.

 

Thank you for helping me.



#10 joseibarra

joseibarra

  • Members
  • 1,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:09:07 PM

Posted 02 January 2018 - 03:15 AM

Good that you found it with Autoruns and it does show sometimes too much information but for your issue you are only interested in a couple of the tabs.

 

Start with the Logon tab to see if you can find the startup item, it not check the Everything tab.

 

While looking at a tab you can enter something like okwrangler in the Filter box followed by the Enter key to narrow things down.

 

Unfortunately I am unable to include screenshots wince they for some reason moved your topic to the Am I infected forum.

 

In Autoruns you can disable a startup item by unchecking the box to the far left of the suspicious item - that does not uninstall anything.

 

Then restart your system and see if the issue has been resolved.

 

When you are satisfied the issue is resolved go back to Autoruns, right click the suspicious item and choose Delete.

 

Then restart your system again to be sure the adjustment "sticks".


The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#11 okwrangler

okwrangler
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 03 January 2018 - 12:24 PM

Hello Jose:

 

Well. I tried. I did get back in it, but I just don;t see what I am suppose to be looking.  The everything tab shows everything, and when I sort for okwrangler, it shows nothing.

 

Thank you, Thank you for working with me,






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users