Removing items from MSCONFIG after WMF exploit
OK, so, I’m busy killing off running processes and fire up MSConfig to try to keep them from coming back on the next boot. To launch msconfig go to start, run… type in msconfig and click ok. The startup tab is where we’re looking for programs running at startup (makes sense…) This is a bit easier and more straightforward than visiting the run entry in the registry. It does combine a few locations into one place.
That much said, one or two visits I made were in the registry currentversion/run key that msconfig gives a listing for. Anyway, here’s what I found THERE….
There was an entry called system which was set to c:windowswsystem32kernels64.exe and xp_system which is set to c:windowsinet20001winlogon.exe in addition winstall.exe was run from c:winstall.exe
I was able to get rid of kernels64.exe and winstall.exe (they had been killed from memory using task manager.) Winlogon was running (two copies, system process and user process, the user process was coming from the strange directory inet20001 which is not a legit windows directory.)
The process of disabling did take a couple boots and the registry fix to run Task Manager had to be run each time as I tried to “kill” off running processes.
Popularity: 1% [?]
Related Posts - The junk that you will find in web access logs If you have a website, you likely will look at your logs from time to time to see just who or how many people are visiting your site. I've certainly looked at a lot of logfiles both for my site and for others and thought I'd pass along some things......
- Remote tech support with anything - would I do it? I've tried to ask myself if I'd trust someone enough to let them run a remote session on my own desktop to solve a problem. I think the answer is "it depends". If you think about it, I do tech support for home users quite a bit and they let......
- Link to Program on Mapped Network Drive not Working - Windows Cannot Access the Specified Path or File Windows XP Home connecting to a file share in a Domain controlled by Windows 2000.... Not quite your recipe for headache free things "just working" I guess, but this is what I've run into. This workstation had a mapped drive connected to a folder on the server which opened in......
Related Websites - Review of Buying a Great Boat by Athur Edmunds When the author of a book is an ex naval architect, you're pretty much guaranteed that you're getting some first class knowledge when it comes to selecting the boat that is right for you. This book did not disappoint in any major way and is truly helpful for those buying......
- How to Regain Momentum After Skipping Runs [/caption]If we're being honest, it's not always easy to keep a consistent running schedule. There are some obsessive-compulsive exercisers who would probably feel miserable if they missed a run, but for the rest of us, we occasionally trip up and find ourselves in need of some momentum. Anyone who's ever......
- Don't Use Free Registry Cleaners! Whatever you do, don't use free registry cleaners software, read this honest report about free registry cleaners to find out the consequences of using free registry cleaners software! Free registry cleaning software will ruin your computer by deleting important registry entries that are essential to run your computer and these......
Similar Posts
- Cleaning up after WMF exploit third party boot disc
- Task Manager Suspicious Processes after WMF exploit
- C:\windows\system32\kernels64.exe not found
- Clever Smitfraud….
- Disinfecting a PC… part 3