Re: HKLM trojan?
From: Joe Starin (joenotmestarin_at_spamme.not)
Date: 12/20/04
- Next message: jmbu: "StartPage malfunction"
- Previous message: David H. Lipman: "Re: W2k3 - lsass shutdown problem"
- In reply to: David H. Lipman: "Re: HKLM trojan?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 20 Dec 2004 17:12:53 -0500
Thanks, David, for your advice and registry primer. I'll run ScanDefrag
agaain to see if there's anything more to the message or the string. I'm a
regular Ad-Aware user, running updated versions every week in safe mode.
I'll also try the trendmicro stuff. Running ME, by the way. Joe Starin
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:uz3J2yi5EHA.3908@TK2MSFTNGP12.phx.gbl...
> HKLM refers to what is known as a "hive" in the Windows Registry and is an
acronym for
> HKey Local Machine
>
> The string...
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
>
> Refers to a branch of the "HKey Local Machine" hive that runs programs.
It is not in any
> way shape or form a program in itself.
> Under this branch would be a key, or leaf, that loads a program. However,
your post does
> not point to a key under that hive's branch.
>
> You left out two important parts. What the program that is to run and
what the OS you are
> running a Defrag.
>
> In the mean time, perform the following steps...
>
> 1) Download the following three items...
>
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>
> Latest Trend signature files.
> http://www.trendmicro.com/download/pattern.asp
>
> Adaware SE (free personal version v1.05)
> http://www.lavasoftusa.com/
>
> Create a directory.
> On drive "C:\"
> (e.g., "c:\New Folder")
> or the desktop
> (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
>
> Download SYSCLEAN.COM and place it in that directory.
> Download the Trend Pattern File by obtaining the ZIP file.
> For example; lpt307.zip
>
> Extract the contents of the ZIP file and place the contents in the same
directory as
> SYSCLEAN.COM.
>
> 2) Update Adaware with the latest definitions.
> 3) If you are using WinME or WinXP, disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> 4) Reboot your PC into Safe Mode and shutdown as many applications as
possible.
> 5) Using both the Trend Sysclean utility and Adaware, perform a Full
Scan of your
> platform and clean/delete any infectors/parasites found.
> (a few cycles may be needed)
> 6) Restart your PC and perform a "final" Full Scan of your platform
using both the
> Trend Sysclean utility and Adaware
> 7) If you are using WinME or WinXP,Re-enable System Restore and
re-apply any
> System Restore preferences, (e.g. HD space to use suggested 400 ~
600MB),
> 8) Reboot your PC.
> 9) If you are using WinME or WinXP, create a new Restore point
>
> * * * Please report back your results * * *
>
> Dave
>
>
>
>
> "Joe Starin" <joenotmestarin@spamme.not> wrote in message
> news:OEXSwmi5EHA.4004@tk2msftngp13.phx.gbl...
> | Hello, Group. The past two times when running my ScanDafrag program,
before
> | it reboots to run I get a ScanDefrag message that says "the following
> | program is scheduled to run next time Windows restarts and may conflict
with
> | ScanDefrag...." That program is
> | HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx. A Google
search
> | turned up a bunch of hits.One (Sophos AV site) talked about the HKLM
that's
> | a trojan called Troj/Kronos-A. I suspect that my program is legit,
although
> | I just started getting this "may conflict" message and I've used
ScanDefrag
> | for years. Any advice appreciated. Thanks to all the generous gurus
who've
> | saved our PCs this year. And happy holidays from Ohio USA. Joe Starin
> |
> |
>
>
- Next message: jmbu: "StartPage malfunction"
- Previous message: David H. Lipman: "Re: W2k3 - lsass shutdown problem"
- In reply to: David H. Lipman: "Re: HKLM trojan?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
