@chaslang - R&R Beta Test - WinXP SP2

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Lev, Oct 7, 2007.

  1. Lev

    Lev MajorGeek

    Pretty smooth sailing, but to be fair, I had most of the tools previously downloaded.

    Attached is the Combofix.log (log.txt) and the MGlogs.zip. I did not attached the AVG Antispyware log as it simply read "Nothing found". I can do so if you want though.

    With the Combofix, one thing to be aware of is what I believe to be a false positive kicked up by Avast during the running of this application. I have attached the Avast warning screenshot for you.

    Comments ...way, WAY simpler and loved it. MGtools is awesome. The whole process was much simpler and quicker for your novice to average PC user.
     
    Last edited: Mar 6, 2008
    Lev, Oct 7, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Thanks for testing this Lev! :)

    You forgot the screen show and this would be good to know about so we can add it to the procedure for users to know about.

    Thanks! This is what I was aiming for and also with the automation, it will make our lifes easier since many things will be automatically done correctly. Thus we won't have to spend so much time posting messages to get things done correctly. ;)

    Comments for you:
    1. Uninstall this 3+ year old version of Spybot:Spybot - Search & Destroy 1.3.1 TX
    2. Uninstall Java(TM) 6 Update 2, reboot and install Sun Java Runtime Environment
    3. Have HJT fix the below unnecessary startups
      • O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0.3\bin\jusched.exe
      • O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Thanks again! :)
     
    chaslang, Oct 8, 2007
    #2
  3. Lev

    Lev MajorGeek

    It's posted below as a thumbnail. Or am I misunderstanding what you need?

    Thanks for the feedback - always helpful. As it happens I updated the Java last night after I got done with the R&R. Good catch on S&D though - missed that one on my home laptop.

    This was all run in normal start up mode, and I usually run in selective, which has Java and Quicktime disabled at start up :)

    Going to get Vista and Win2000 to you soon (just found a machine at work running 2000 ;) )
     
    Lev, Oct 8, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Strange I see it now but the other night from a different PC (not at home), it did not show in the attachments box. I have seen this before with IE6. I'm not sure what causes it but it does happen that the attachments box will be empty in IE, and if you simply load FireFox the attachment shows up.


    You do not need to and should not use selective startup. Why are you using it?

    Thanks this will be good as I have only had Vista feedback from one person and we need more.
     
    chaslang, Oct 8, 2007
    #4
  5. Lev

    Lev MajorGeek

    The fact I uploaded it in FF carry any weight? :confused


    When I unchecked items in normal start up, it automatically went to selective.... :confused

    np :)
     
    Lev, Oct 8, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No! It is some kind of bug/corruption that occurs to IE on some PCs. It is not malware and I still have never found a fix (at least not without trying a reinstall of IE).


    But I repeat my question and I'm looking for specifics, why do you need to uncheck items and what items are you referring too?
     
    chaslang, Oct 8, 2007
    #6
  7. Lev

    Lev MajorGeek

    At risk of having been doing it incorrectly all these years, here goes....and I had another couple of PMs from others who have been doing it the same way and are also curious as to what they should be doing.

    So normal start up mode has things like
    • O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0.3\bin\jusched.exe
    • O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    set to start on boot up. If you un-check them through msconfig OR through using CCleaner options on start up, next time you boot up it auto goes into selective start up mode. It isn't something I choose, it is just the result of the changes.

    So my question is how should I be disabling these kind of things on start up that does not then put me in selective mode?
     
    Lev, Oct 9, 2007
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    See what I posted in message number 2. ;) You never need these. Just remove them.

    Never use msconfig for this unless you just need to disable something as a temporary solution while debugging a problem. CCleaner is not recommend to be used for controlling startups since there is no backup. HijackThis creates backups of what it fixes and you can always restore them if you change your mind later (as long as you don't delete the backups).

    If you need to control what items load sometimes and not other times and you don't want to permanently fixed like with HijackThis, use a startup manager intended for this purpose. Like this: Startup CPL
     
    chaslang, Oct 10, 2007
    #8
  9. Lev

    Lev MajorGeek

    Fixed, thank you Chas. And just so you know, had a couple of comments about how useful this thread has been to others who have benefited from the startup cpl tip, so a big thank you there :)
     
    Lev, Oct 10, 2007
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. We aim to please! ;)
     
    chaslang, Oct 11, 2007
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds