Re: is win32cfg.exe nasty? -found it
From: Yankele Cakker (yankelecakker_at_hotmail.com)
Date: 10/25/03
- Next message: mamabear: "Hijacked home page"
- Previous message: Pete: "forgot password to log in win2kpro"
- In reply to: Yankele Cakker: "is win32cfg.exe nasty?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 25 Oct 2003 11:12:35 GMT
Yankele Cakker <yankelecakker@hotmail.com> wrote in
news:Xns941EA8DC6391Djdmeoe88cnr9f4dj@205.237.233.52:
> I noticed that my win2k system began to run agonizingly slowly. Found
> that it was winlogon which was hogging most of my resources. In the
> registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon] found an entry for Shell for which the value
> was "explorer.exe win32cfg.exe". This didn't look too good to me because
> it corresponded with a "strange" entry in my RunOnce registry key named
> MS38495 for which the value was "win32cfg.exe". If I tried to delete
> this it would reload by itself. Which is where the winlogon came in. So
> I removed the win32cfg part of the Shel entry and just left the
> explorer.exe. When I eliminated all of this stuff, my pc ran fine again.
> I was unable to find anything useful regarding either MS38495 or
> win32cfg.exe in the Knowledge Base or in a search of the Newsgroups.
> Google also had almost nothing. Does anyone have any information about
> this? What does win32cfg.exe do and was I correct in removing it? I seem
> to remember reading somewhere that it was put in by a virus, a worm or
> spyware but I am not quite sure. Any help would be greatly appreciated.
> Thanks.
>
Sorry about cross-posting. I posted this problem in
microsoft.public.security.virus but couldn't find it in my news service so
wasn't sure if it was received. It was indeed and the answer is there. For
those who might be interested, see http://tinyurl.com/sb1s
Cheers.
-- Yankele Cakker My reply e-mail address is correct as is. The courtesy of providing a correct reply address is more important to me than time spent deleting spam. Celeron 500, 256RAM, 20G HD, Cable Gigabyte GA-GF 1280, SB PCI128 Win2k, IE6, OE6, AVG, Kerio
- Next message: mamabear: "Hijacked home page"
- Previous message: Pete: "forgot password to log in win2kpro"
- In reply to: Yankele Cakker: "is win32cfg.exe nasty?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
