Guest John Posted October 4, 2007 Posted October 4, 2007 If an item is listed in the System Configuration utility (in this case) (C:/windows/system32/kavo.exe) and its location: “software/Microsoft/windows/currentversion/run” Does the file exsist?. 1. I have managed to view hidden files and I can’t see it. 2. An online scanner PreVxCSI found it. Nod32 online scan found and killed it (and others) 3. Norton couldn’t find it in safe mode. 4. The computer shop spent 6 hours and killed it. 5. Norton say: “removal easy” 6. System restore is turned off 6 Jeeeezzz! http://www.symantec.com/security_response/writeup.jsp?docid=2007-082706-1742-99&tabid=1 http://www.prevx.com/freescan.asp http://www.eset.com/onlinescan/ Thanks John
Guest Script Posted October 4, 2007 Posted October 4, 2007 RE: If an item is listed in system config utility.. Does it exsist? Items listed there are entries in the Registry, in this case. You can open Regedit, go to the location shown, right-click on the kavo entry and choose "delete". "bleepingcomputer" says: Added by the Troj/Lineag-GLG password-stealing Trojan for the online game Lineage Just because the Registry entry is there Does Not mean the program is still there. Delete the value in the right-hand pane [DO NOT DELETE the RUN key itself!! Only the kavo line in the right-hand pane.] Then reboot. It should now be gone from msconfig. "John" wrote: > If an item is listed in the System Configuration utility (in this case) > (C:/windows/system32/kavo.exe) and its location: > “software/Microsoft/windows/currentversion/run” Does the file exsist?. > > 1. I have managed to view hidden files and I can’t see it. > 2. An online scanner PreVxCSI found it. Nod32 online scan found and > killed it (and others) > 3. Norton couldn’t find it in safe mode. > 4. The computer shop spent 6 hours and killed it. > 5. Norton say: “removal easy” > 6. System restore is turned off > 6 Jeeeezzz! > http://www.symantec.com/security_response/writeup.jsp?docid=2007-082706-1742-99&tabid=1 > http://www.prevx.com/freescan.asp > http://www.eset.com/onlinescan/ > Thanks > John >
Guest db ´¯`·.. > Posted October 4, 2007 Posted October 4, 2007 Re: If an item is listed in system config utility.. Does it exsist? you can use a freeware called autoruns by sysinternals and available at microsoft.com with it you can explore the processes, disable them and modify the registry at the same time. the emphasis with this issue is to explorer the processes for "each" user via the menu bar. -- db ·´¯`·.¸. , . .·´¯`·..><)))º>`·.¸¸.·´¯`·.¸.·´¯`·...¸><)))º>¸. ><)))º>·´¯`·.¸. , . .·´¯`·.. ><)))º>`·.¸¸.·´¯`·.¸.·´¯`·...¸><)))º> .. "John" <John@falseaddress.com> wrote in message news:470567be$1@clear.net.nz... > If an item is listed in the System Configuration utility (in this case) > (C:/windows/system32/kavo.exe) and its location: > “software/Microsoft/windows/currentversion/run” Does the file exsist?. > > 1. I have managed to view hidden files and I can’t see it. > 2. An online scanner PreVxCSI found it. Nod32 online scan found and killed it > (and others) > 3. Norton couldn’t find it in safe mode. > 4. The computer shop spent 6 hours and killed it. > 5. Norton say: “removal easy” > 6. System restore is turned off > 6 Jeeeezzz! > http://www.symantec.com/security_response/writeup.jsp?docid=2007-082706-1742-99&tabid=1 > http://www.prevx.com/freescan.asp > http://www.eset.com/onlinescan/ > Thanks > John
Guest VanguardLH Posted October 5, 2007 Posted October 5, 2007 Re: If an item is listed in system config utility.. Does it exsist? "John" wrote in message news:470567be$1@clear.net.nz... > If an item is listed in the System Configuration utility (in this > case) > (C:/windows/system32/kavo.exe) and its location: > “software/Microsoft/windows/currentversion/run” Does the file > exsist?. <snip> Nope, just like writing on a piece of paper, recording a house address doesn't make the house exist. You yourself could use regedit.exe to add an entry that specified a file but that doesn't mean the file exists. It means you edited the registry. The registry got updated by something to create the entry. Could've been left behind after an uninstall. This happens way too often (i.e., uninstalls are dirty).
Recommended Posts