Re: strange startup files and win32cfg

From: YoKenny (YKnot_at_home.invalid)
Date: 10/25/03

• Next message: jesodo: "virus email"
• Previous message: Sir_George: "Re: strange startup files and win32cfg"
• In reply to: yankele: "strange startup files and win32cfg"
• Next in thread: yankele: "Re: strange startup files and win32cfg"
• Reply: yankele: "Re: strange startup files and win32cfg"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 24 Oct 2003 18:29:52 -0400

yankele wrote:
> I recently noticed in my RunOnce value in the Win2k
> registry an entry called MS38495 for which the value was
> win32cfg.exe. That file exists in my WINNT/System32
> directory but is not identifiable. If I try to remove the
> entry from the RunOnce listing, it reinstalls itself. I
> have been unable to identify the MS38495 name either in
> the MS Knowledge Base or in the Newsgroups, nor have I
> been able to come up with much for win32cfg.exe. I think I
> remember seeing somewhere that it was a "nasty" file but I
> can't seem to track it down. A search in the registry led
> me to discover that the entry for win32cfg.exe was in the
> following key
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon] where Shell was given the
> value explorer.exe Win32cfg.exe.
> When I deleted that value, I was able to stop the file
> from loading and so far everything seems to be running
> correctly. Am I correct in assuming that such an entry
> should not appear in the Shell value which should be only
> explorer.exe?
> Can anyone tell me what win32cfg.exe is and whether or not
> it is useful to let it run?
> Thanks.

It is amazing what you can find with Google!

http://archives.neohapsis.com/archives/incidents/2001-10/0000.html
http://www.glocksoft.com/trojan_list/WinCrash.htm
http://www.symantec.com/avcenter/venc/data/false.nimda.aris.email.message.html

---

• Next message: jesodo: "virus email"
• Previous message: Sir_George: "Re: strange startup files and win32cfg"
• In reply to: yankele: "strange startup files and win32cfg"
• Next in thread: yankele: "Re: strange startup files and win32cfg"
• Reply: yankele: "Re: strange startup files and win32cfg"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: msconfig - startup question ... But I went one level (folder) deeper into the "Shell" folder, ... the Registry to go pear-shaped. ... > I'm betting you find the disabled entry in the last key. ... (microsoft.public.windowsxp.general) Re: Registry question ... RegMaid.exe Helps Clean Up the Registry ... Microsoft Visual C++, 32-bit Learning Edition, version 6.0 ... RegMaid provides information about entries that are believed to be ... server file entry cannot be found by the system. ... (microsoft.public.windowsxp.general) Re: MS Backup ... Okay, I had to go to bed too:) Now, no cd is nothing to worry about. ... reason you don't have that entry in your registry is because you don't have ... >> msnewsgroups..on the right, then go to the toolbar, click on view>current ... (microsoft.public.windowsxp.basics) Re: Word opens slowly ... See http://support.microsoft.com/?kbid=329820 "How to use Office programs with the Norton AntiVirus Office plug-in" for more information. ... I have done three fresh install, scanning first, then defragging, then cleaning the registry before reinstalling Office. ... HKEY_CLASSES_ROOT\word\10.0 Delete the entire 10.0 entry. ... (microsoft.public.word.application.errors) Re: Multiple references to same component in reference dialog ... the References dialog box. ... This entry will be an orphaned entry in that it no ... Registry Entries Made by an ActiveX Component ... (microsoft.public.vb.general.discussion)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)