Re: MSCONFIG and Startup

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 11/15/02 

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Fri, 15 Nov 2002 14:09:00 -0500

"John" <john@thisismychance.com> wrote in message
news:25c401c28cd7$2f0b6b50$8df82ecf@TK2MSFTNGXA02...
> Does anyone know a good reference place for understanding
> all the cryptic programs that are in the Startup tab in
> MSCONFIG?
>
> There's also a services tab that I'd like to get figured
> out.
>
> In both, I have to figure out what is needed and what is
> not, because some of those little buggers are bogging down
> several computers of mine. They tell me the .exe name and
> where it's installed, but not what the thing does, what
> will happen if I disable it.

That's a little tricky. Your best bet is to use an antivirus and
anti-trojan scanner such as Norton or www.grisoft.com [free AV] and
www.pestpatrol.com to confirm that the programs are not hostile... and also
try searching for the program name in www.google.com, although note that
programs can be renamed by hackers, so that researching by name is not
always reliable.

You can also try right-clicking on the program to get more information on
it, try comparing the file size and date of the program with another
computer running the same version of Windows to try to confirm if it really
is a legitimate file.

There's also a program called STRINGS which I think is from
www.foundstone.com/knowledge that should output any plain text messages
found within the program. While you're there, check out the Vision program
from the same URL to see if any of those programs or other suspicious
programs are using any IP ports to communicate. [both programs free]

The different tabs in MSCONFIG refer to where in the computer the programs
are being started... from an icon in a startup folder somewhere in the user
profiles at c:\documents and settings, from the registry keys that control
installed services, from the Run and other keys in the registry, etc.
MSCONFIG documentation isn't going to tell you what those programs do, it's
a manual process.

Just about all of the programs there can probably be safely disabled. I
don't think any of them should prevent your computer from rebooting, even
into safe mode, so that you can undo the change.

Last, you could try posting the name and full directory path to the file
here and ask us. However, www.google.com should be informative. If google
doesnt find any file of that name, that sounds very suspicious.