|
|
|
|
|
|||||||
 |
Computer Security - Please help interpret this report |
|
|
Thread Tools | Search this Thread |
05-12-2004, 03:02 AM
|
#1 |
Please help interpret this report
This is a report generated by CWShredder. I've removed all the
coolwebsearch pests, but what should I make of the following? Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (336268 bytes, RA) Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe, Registry value: DefaultPrefix (should be http://) [] http:// Registry value: WWW Prefix (should be http://) [www] http:// Registry value: Mosaic Prefix (should be http://) [mosaic] http:// Registry value: Home Prefix (should be http://) [home] http:// Found Win.ini file: C:\WINDOWS\win.ini (2649 bytes, A) Found System.ini file: C:\WINDOWS\system.ini (1608 bytes, A) anikya anikya |
|
|
|
05-12-2004, 08:02 AM
|
#2 |
|
Posts: n/a
|
Re: Please help interpret this report
anikya said in news:mBfoc.449999$Ig.322750@pd7tw2no:
> This is a report generated by CWShredder. I've removed all the > coolwebsearch pests, but what should I make of the following? > > Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (336268 > bytes, RA) You have a large hosts file. The default is to just list 127.0.0.1 to "localhost". If you have other entries in this file, perhaps you added them by merging in a hosts file used to block spam sites. Just open the file using notepad.exe to see what you have inside that file. > Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe That's your shell, the GUI that you see and called your Desktop. Look in Task Manager and you'll see an instance of explorer.exe always running even when you have no instance of Windows Explorer open. It's your GUI shell. > UserInit Registry value: HKLM\..\WinLogon [UserInit] > C:\WINDOWS\system32\userinit.exe, Windows logon initialization. > Registry value: DefaultPrefix (should be http://) [] http:// > Registry value: WWW Prefix (should be http://) [www] http:// > Registry value: Mosaic Prefix (should be http://) [mosaic] http:// > Registry value: Home Prefix (should be http://) [home] http:// It says it found the good value it expected to find. > Found Win.ini file: C:\WINDOWS\win.ini (2649 bytes, A) > Found System.ini file: C:\WINDOWS\system.ini (1608 bytes, A) These files still have some functionality so it simply reports their size. They are carryovers from Windows 3.1 to provide some backward compatibility. Some old 16-bit programs may still expect to find their settings in those .ini files. Windows 95 and later automatically move many but not all of the entries in these .ini files into the registry. You'll need to actually look inside the .ini files to note if anything nasty put itself in there. My win.ini is 703 bytes big and my system.ini is 227 bytes big, so they are smaller than yours but then all programs installed are NT-based Windows compatible. *Vanguard* |
|
|
|
05-12-2004, 08:00 PM
|
#3 |
|
Posts: n/a
|
Re: Please help interpret this report
"*Vanguard*" <no-> ¦b¶l¥ó news:3fWdncSp0-mUUTzdRVn- ¤¤¼¶¼g... > anikya said in news:mBfoc.449999$Ig.322750@pd7tw2no: > > This is a report generated by CWShredder. I've removed all the > > coolwebsearch pests, but what should I make of the following? > > > > Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (336268 > > bytes, RA) > > You have a large hosts file. The default is to just list 127.0.0.1 to > "localhost". If you have other entries in this file, perhaps you added > them by merging in a hosts file used to block spam sites. Just open the > file using notepad.exe to see what you have inside that file. > > > Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe > > That's your shell, the GUI that you see and called your Desktop. Look > in Task Manager and you'll see an instance of explorer.exe always > running even when you have no instance of Windows Explorer open. It's > your GUI shell. > > > UserInit Registry value: HKLM\..\WinLogon [UserInit] > > C:\WINDOWS\system32\userinit.exe, > > Windows logon initialization. > > > Registry value: DefaultPrefix (should be http://) [] http:// > > Registry value: WWW Prefix (should be http://) [www] http:// > > Registry value: Mosaic Prefix (should be http://) [mosaic] http:// > > Registry value: Home Prefix (should be http://) [home] http:// > > It says it found the good value it expected to find. > > > Found Win.ini file: C:\WINDOWS\win.ini (2649 bytes, A) > > Found System.ini file: C:\WINDOWS\system.ini (1608 bytes, A) > > These files still have some functionality so it simply reports their > size. They are carryovers from Windows 3.1 to provide some backward > compatibility. Some old 16-bit programs may still expect to find their > settings in those .ini files. Windows 95 and later automatically move > many but not all of the entries in these .ini files into the registry. > You'll need to actually look inside the .ini files to note if anything > nasty put itself in there. > > My win.ini is 703 bytes big and my system.ini is 227 bytes big, so they > are smaller than yours but then all programs installed are NT-based > Windows compatible. ____________________________________ Thank you, thank you, thank you. My host file is huge...it's one from Soybot. I just learned that this machine did indeed have it's first breath in pre-windows days. anikya anikya |
|
|
|
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Can we make Java web report just by drag and drop? | freezea | Software | 0 | 08-13-2009 07:06 AM |
| Crystal Report | Koteswarr | Software | 1 | 06-02-2009 12:20 PM |
| changing Crystal report table at run time | rakesh201180 | Software | 1 | 10-22-2008 10:58 AM |
| Microsoft Visio 2007 & Report | imransyed63 | Software | 0 | 08-21-2008 09:35 AM |
| slow crystal report | guptamkomal | Software | 0 | 05-23-2007 01:17 PM |
