Re: Windows shutdown
From: james davidson (jimdavidson1_at_earthlinl.net)
Date: 09/08/03
- Next message: jim davidson: "Re: Windows shutdown"
- Previous message: theJayMyister: "security tweaks"
- In reply to: Doug Knox MS-MVP: "Re: Windows shutdown"
- Next in thread: Doug Knox MS-MVP: "Re: Windows shutdown"
- Reply: Doug Knox MS-MVP: "Re: Windows shutdown"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 7 Sep 2003 23:07:20 -0700
1. In Task Manager, I find CDAC11BA.EXE and CDANTSRV.EXE
AND CAN SELECT END PROCESS TO GET RID OF THEM. YOU SAID
TO OPEN TASK MANAGER TO ELIMINATE ALL THREE PROCESSES ?
2. FROM REGEDIT, THE SYSTEM VALUE IN THE RIGHT PANE OF
HKEY_LOCAL MACHINE------------\RUN SHOWS DCOMX.EXE IN THE
DATA LISTING. IT DOES NOT SHOW UP READILY IN THE
Windows/System32 folder.
3. IN START SERVICES.MSC, I FIND C-DillaCdac11BA AND C-
DillaSrv. How do I eliminate these ?
Which order of progression should I take in elimination
of these files and what should be my next step ?
>-----Original Message-----
>James,
>
>I was looking over your Startup log file again. 3 more
entries come to
>light.
>
>In running Processes:
>
>CDAC11BA.EXE C:\WINDOWS\System32
\drivers\CDAC11BA.EXE
>CDANTSRV.EXE C:\WINDOWS\System32
\DRIVERS\CDANTSRV.EXE
>
>These two strike as unusual because I don't have a
single EXE file in the
>system32\drivers folder. Since there are no startup
entries for these, that
>I can see, I'm assuming that they're being run as a
Service. Also both file
>names have been associated with C-Dilla:
>http://www.privacyandspying.com/privacy-c_dilla.html
>
>Loading from
>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
ion\Run
>
>system dcomx.exe
>
>This file is definitely a virus (my apologies for
missing it). Several
>virus's use this file name. Here's one:
>
>http://www.f-secure.com/v-descs/rpc.shtml
>
>Open Task Manager, go to the Processes and highlight
these 3 processes,
>individually and select End Process.
>
>Then open REGEDIT and go to
>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
ion\Run and delete
>the "system" value in the right pane. Next do a find
for dcomx.exe
>(probably in the Windows\System32 folder and delete it.
>
>Then you'll need to go to Start, Run and enter
SERVICES.MSC and see if you
>can find anything associated with the first 2 files
mentioned. If not,
>download
http://www.dougknox.com/xp/utils/xp_homeservices.zip
The EXE
>inside will scan your system for running processes and
all running services.
>Reboot the computer and run this utility. Post the
results here.
>--
>Doug Knox, MS-MVP Windows XP/ Windows Smart Display
>Win 95/98/Me/XP Tweaks and Fixes
>http://www.dougknox.com
>--------------------------------
>Associate Expert
>ExpertZone -
http://www.microsoft.com/windowsxp/expertzone
>--------------------------------
>Please reply only to the newsgroup so all may benefit.
>Unsolicited e-mail is not answered.
>
>"james davidson" <jimdavidson1@earthlink.net> wrote in
message
>news:32d901c37596$d8398ba0$a301280a@phx.gbl...
>> While closing down WindowsXP I get the following
message.
>> "The system cannot end the selected task because SHADOW
>> is not allowing it to run. Press ok to End Task Shadow
or
>> cancel to leave it running.
>
>
>.
>
- Next message: jim davidson: "Re: Windows shutdown"
- Previous message: theJayMyister: "security tweaks"
- In reply to: Doug Knox MS-MVP: "Re: Windows shutdown"
- Next in thread: Doug Knox MS-MVP: "Re: Windows shutdown"
- Reply: Doug Knox MS-MVP: "Re: Windows shutdown"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
