Jump to content

Jamin4u

Honorary Members
  • Posts

    63
  • Joined

  • Last visited

Posts posted by Jamin4u

  1. You could undo the system restore and run the system file checker.

    sfc /scannow
    /Scannow: Scans all protected system files immediately and replaces incorrect versions with correct Microsoft versions. This command may require access to the Windows installation source files.

    Are you sure your system is clean?

  2. Does anyone know how I can restore msconfig to my system? I'm running Windows Vista Home Premium 32-Bit on a Dell XPS.

    System restore monitors .exe files. I would do a restore to the point just before msconfig.exe was removed.

  3. All good! :D

    Malwarebytes' Anti-Malware 1.33

    Database version: 1724

    Windows 6.0.6001 Service Pack 1

    2/3/2009 9:18:28 PM

    mbam-log-2009-02-03 (21-18-28).txt

    Scan type: Quick Scan

    Objects scanned: 45511

    Time elapsed: 1 minute(s), 7 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

  4. Malwarebytes' Anti-Malware 1.33

    Database version: 1723

    Windows 6.0.6001 Service Pack 1

    2/3/2009 9:08:44 PM

    mbam-log-2009-02-03 (21-08-36).txt

    Scan type: Quick Scan

    Objects scanned: 45440

    Time elapsed: 1 minute(s), 13 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 1

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\Windows\System32\msconfig.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761567479698088846184908485707820196

    1788468807971747215708970]

  5. I like Sysinternal's Autoruns as well. It works like Mike Lin's Startup Control Panel.

    When disabling an item, it's removed from Msconfig > Startup so the system runs in normal startup.

    Then you can Re-enable it by checking the box from within the program.

    I read that Marcin intends to rewrite the code for StartUpLite. I look forward to it's completion.

    However, I'm still bewildered by the fact that I can't Re-enable items as indicated in the program.

    Thank you for your time and effort exile360.

    Malwarebytes Rocks!!!

  6. t2647_1.JPG

    If I click on Re-enable disabled items it just opens Msconfig.

    It would be helpful if someone who has used the program, or a developer would add some support.

    I think StartUpLite is great for listing unnecessary items, but I think I will use another program to disable them.

    Thanks

  7. Ah, for that, all you must do is run MSCONFIG and select the option for Normal Startup, it should put everything back the way it was before you ran StartupLite.

    Msconfig is in Normal startup and all of the items that I disabled using StartUpLite are gone.

    I have used Mike Lin's Startup Control Panel in XP which removes an item from Msconfig startup, but it can be re-enabled by checking the box within Startup Control Panel.

    I have also used CCleaners startup tool in Vista which disables items but leaves them in Msconfig startup with a cleared box. I can re-enable it within CCleaner.

    I don't see any way to re-enable an item within StartUpLite.

    Am I missing something or do I need to use system restore or Erunt?

    Nice read DaChew.

    Thanks

  8. That's because it doesn't use the same method as MSCONFIG to disable startups. It uses the deletion of startup keys in the registry.

    If thats the case, then how am I to use MSCONFIG to Re-enable the items I disabled? (as stated in the program)

    t2635_Capture.JPG

  9. I used StartUpLite to disable all of the unnecessary startup entries the program found.

    If I look in MSCONFIG under Startup, the items are not there. It appears they have been deleted instead of disabled.

    Why did StartUpLite delete all of the entries instead of disabling them?

  10. Thanks for the response. :)

    The reason I ask is a friend didn't run it as administrator.

    When the scan started it was working (spinning cursor) for the first 15 seconds, and then the time started advancing.

    It didn't show any items found until the end of the scan.

    Seven items were removed from active memory, the registry and so on. (Rapid Antivirus)

    This is not what I experience on my Vista system. Maybe it was because of the infection.

    I did tell her to reboot, update, and rescan running as administrator.

    No items found. :)

  11. I have questions as to what the MBAM real time protection actually does. What does it detect, and does it scan files/registry as they are edited/written? (I haven't actually experienced an attack with the real time protection on yet). What about the ever infamous IE exploits? What about an infected flash drive that tries to auto run a virus installer file?

    I asked the same question and this is how Marcin explained it to me.

    This was in August and may have changed since then.

    http://www.malwarebytes.org/forums/index.p...ost&p=24648

  12. Well, the problem was a few bad eggs decided to ruin this for the rest of the members. They were continuously editing posts and tweaking their HijackThis logs or other logs.

    Thanks for explaining the problem to us Marcin.

    I'm not even going to admit how many times I normally have to edit a post to get it the way I wanted it...

    I'm with you on this one. I use spell check and try to state only facts. But sometimes I need to correct myself so I don't misinform or confuse someone.

    I've also seen where long time members have gotten a bug up their $%@ and logged in and came back and edited or deleted posts.

    Nice to know long time members are as human as new members.

    There are ways around it.

    The only alternative I've come up with is to set up a fair editing guideline.

    If any member doesn't follow the guideline they are warned.

    If they continue, then it could result in their posting privileges being suspended, removed or membership deleted and banned.

    Editing for malicious reasons is as bad as the malware we all hate.

  13. What's stopping them from joining and posting their own logs? Second hand is usually of no use to anyone.

    I think he simply wanted to report it without running a /developer scan, then joining the forum to post it.

    So I offered to post it for confirmation of a FP, and felt it may help prevent someone from fixing something they shouldn't.

    I now know that nothing can be done without the preferred first hand input.

  14. Posting to increase post count will be considered spam and dealt with as such. You have 2 minutes to edit a post, proof read before hitting send.

    I was only joking and not trying to increase my count.

    Why have such limitations on editing a post?

    If a member wants to edit their post, I think they should be able to do so regardless of how many posts they have.

    sincerely,

    Jamin4u

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.