Solution:
When you run msconfig.exe
You enter cmd-> msconfig.exe
and you get start programs
hen you close msconfig-> you get
restart options. kindly dont restart
Any change to msconfig creates a registry entry that will popup the msconfig diagnostic mode
a) Enable Regedit firstly
Once you have disabled the startup programs, also ensure you have regedit permission, see my another post to enable regeidt with 4 solutions.
http://freewareindia.blogspot.com/2008/07/issues-with-windows-registry.htmlith-windows-registry.html
b) Then in regedit, under windows,
delete the msconfig as startup under run once.
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\Windows\CurrentVersion\ RunOnceMSCONFIG delete it
c) ONLy if you have a worm/Trojan (Likely)
Note if you have SVCHOST.EXE which is generic windows host program. Note if the unauthorized
d) Download the process explorer
http://download.sysinternals.com/Files/ProcessExplorer.zip Process explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
e) Check the processes when you execute the process.
delete all programs that have embedded themselves under start. In my case it was dc.exe, fun.exe, other.exe among a host others. This needs a lot of skill and please refer sites like symantec and refer to guidelines to remove. Quickly delete the exe instances in the process explorer and kill threads. also delete the file themselves using shift + delete. The programs are self replicating worms and can recreate themselves.Example of a guideline http://www.symantec.com/security_response/writeup.jsp?docid=2007-080114-2713-99&tabid=2
f) Ensure you have deleted all startup versions of programs including worms/trojans under msconfig, close msconfig. deleted the msconfig regedit entry, deleted regedit entries.
sometimes, the folder options are disabled cleverly by worm.
Remove them in the startup program registry
Normally your folder options will be disabled by trojan. So change the folder options to show hidden files as well. Then delete these files as well
g) restart your computer
h) Hopefully your msconfig utility is solved.
Now download spydoctor from google pack. check for other malware and quartantine and delete themm from system.Restart
Posts
No comments:
Post a Comment