Removing items from MSCONFIG after WMF exploit



OK, so, I’m busy killing off running processes and fire up MSConfig to try to keep them from coming back on the next boot. To launch msconfig go to start, run… type in msconfig and click ok. The startup tab is where we’re looking for programs running at startup (makes sense…) This is a bit easier and more straightforward than visiting the run entry in the registry. It does combine a few locations into one place.


That much said, one or two visits I made were in the registry currentversion/run key that msconfig gives a listing for. Anyway, here’s what I found THERE….

There was an entry called system which was set to c:windowswsystem32kernels64.exe and xp_system which is set to c:windowsinet20001winlogon.exe in addition winstall.exe was run from c:winstall.exe

I was able to get rid of kernels64.exe and winstall.exe (they had been killed from memory using task manager.) Winlogon was running (two copies, system process and user process, the user process was coming from the strange directory inet20001 which is not a legit windows directory.)

The process of disabling did take a couple boots and the registry fix to run Task Manager had to be run each time as I tried to “kill” off running processes.

Related Posts

Blog Traffic Exchange Related Posts
  • The latest and greatest in Malware Removals I have started referring to malware more and more lately because the term virus doesn't exactly describe the pests I see on peoples machines and the terms spyware or adware aren't doing justice to some of these pests either. (There are many pieces of what I would consider malware that......
  • Link to Program on Mapped Network Drive not Working - Windows Cannot Access the Specified Path or File Windows XP Home connecting to a file share in a Domain controlled by Windows 2000.... Not quite your recipe for headache free things "just working" I guess, but this is what I've run into. This workstation had a mapped drive connected to a folder on the server which opened in......
  • The junk that you will find in web access logs If you have a website, you likely will look at your logs from time to time to see just who or how many people are visiting your site. I've certainly looked at a lot of logfiles both for my site and for others and thought I'd pass along some things......
Blog Traffic Exchange Related Websites
  • How to Handle Running Up Hills [/caption]The hill. It's one of the most daunting challenges for any avid runner - or workout fanatic, for that matter - and can quickly make mincemeat of your muscles. You really know the kind of shape you're in if you can run up a hill for an extended period of......
  • Treadmill Vs Outdoor Running [/caption] Running outside feels great when you have the breeze cooling you down and the amazing scenery, but what if you just want to listen to music and go for a more organized run? Are there really any differences between running outside and running indoors on a treadmill? The answer......
  • Good Advice on Running for Beginners Running is a sport which is easy to get in to. You do not need a lot of specialized equipment to get started. Running for beginners only requires a good pair of shoes and some good advice. This way you can get started off the right way. The most important......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site