msconfig.exe

Discussion in 'Computer Support' started by anon, Mar 28, 2008.

  1. anon

    anon Guest

    Does msconfig every access the internet?

    I think I have a virus/worm that uses the name msconfig. It tries to access
    the internet and my computer slows down for a random period of time. After
    deleting all firewall permissions, I get a message that msconfig.exe is
    trying to access the internet. I denied permission but the virus is still in
    there somewhere. I have also been getting a antivirus message that a Trojan
    horse a.bat has been quarantined. They might be related.

    I have updated Symantec virus definitions and ran a full system scan in the
    safe mode but the problem persists.

    Help..
     
    anon, Mar 28, 2008
    #1
    1. Advertising

  2. anon

    ded Guest

    "anon" <> wrote in message
    news:p...
    > Does msconfig every access the internet?
    >
    > I think I have a virus/worm that uses the name msconfig. It tries to
    > access the internet and my computer slows down for a random period of
    > time. After deleting all firewall permissions, I get a message that
    > msconfig.exe is trying to access the internet. I denied permission but the
    > virus is still in there somewhere. I have also been getting a antivirus
    > message that a Trojan horse a.bat has been quarantined. They might be
    > related.
    >
    > I have updated Symantec virus definitions and ran a full system scan in
    > the safe mode but the problem persists.
    >
    > Help..
    >


    Yes, there is a known windows worm that goes under the name
    of "msconfig.exe", it's been around for some time and all anti-virus
    tools should have it on their database so whatever version of
    Symantec you have should've got it? Spybot Search+Destroy will
    certainly erase it, or....

    On this site you can run a free specific scan for that particular worm:
    http://www.auditmypc.com/process/msconfig.asp
     
    ded, Mar 28, 2008
    #2
    1. Advertising

  3. anon

    chuckcar Guest

    "anon" <> wrote in
    news:p:

    > Does msconfig every access the internet?
    >
    > I think I have a virus/worm that uses the name msconfig. It tries to
    > access the internet and my computer slows down for a random period of
    > time. After deleting all firewall permissions, I get a message that
    > msconfig.exe is trying to access the internet. I denied permission but
    > the virus is still in there somewhere. I have also been getting a
    > antivirus message that a Trojan horse a.bat has been quarantined. They
    > might be related.
    >
    > I have updated Symantec virus definitions and ran a full system scan
    > in the safe mode but the problem persists.
    >

    You did a scan of *all* files on your hard drive(s)? If so, update your
    virus definitions, they are apparently *way* out of date. You need to do
    it at *least* monthly, weekly is better.


    --
    (setq (chuck nil) car(chuck) )
     
    chuckcar, Mar 28, 2008
    #3
  4. anon

    anon Guest

    "chuckcar" <> wrote in message
    news:Xns9A6FB0C6DD254chucknilcar@127.0.0.1...
    > "anon" <> wrote in
    > news:p:
    >
    >> Does msconfig every access the internet?
    >>
    >> I think I have a virus/worm that uses the name msconfig. It tries to
    >> access the internet and my computer slows down for a random period of
    >> time. After deleting all firewall permissions, I get a message that
    >> msconfig.exe is trying to access the internet. I denied permission but
    >> the virus is still in there somewhere. I have also been getting a
    >> antivirus message that a Trojan horse a.bat has been quarantined. They
    >> might be related.
    >>
    >> I have updated Symantec virus definitions and ran a full system scan
    >> in the safe mode but the problem persists.
    >>

    > You did a scan of *all* files on your hard drive(s)? If so, update your
    > virus definitions, they are apparently *way* out of date. You need to do
    > it at *least* monthly, weekly is better.
    >
    >
    > --
    > (setq (chuck nil) car(chuck) )


    I have Symantec Antivirus 10.1. I updated the definitions before running the
    scan. I ran the scan in the safe mode. After loading in normal mode
    msconfig.exe was accessing the internet so I blocked it in my firewall. The
    virus or whatever it is still present, it is prevented from accessing the
    internet for now.
     
    anon, Mar 28, 2008
    #4
  5. anon

    Guest

    "anon" <> wrote:

    >I have Symantec Antivirus 10.1. I updated the definitions before running the
    >scan. I ran the scan in the safe mode. After loading in normal mode
    >msconfig.exe was accessing the internet so I blocked it in my firewall. The
    >virus or whatever it is still present, it is prevented from accessing the
    >internet for now.


    Download and run Process explorer
    http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

    Double click on your msconfig, read it's image (path).

    My Msconfig path is
    E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe -yours maybe:
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

    If yours isn't in that path

    Kill the process, goto the path shown in the image and delete the
    file.

    <Grin you can't access the net> do this first:

    Start | Run <type in>
    taskmgr.exe
    <enter>

    Kill msconfig - then download Process Explorer.
    direct link:
    http://download.sysinternals.com/Files/ProcessExplorer.zip
    --
    Russian billionaire and Chelsea FC owner denies plans to link Alaska and
    Siberia with the world's longest tunnel as it would be too difficult to keep
    a strait bearing - Fark.com http://tinyurl.com/2nwck6
     
    , Mar 28, 2008
    #5
  6. anon

    anon Guest

    <> wrote in message
    news:...
    > "anon" <> wrote:
    >
    >>I have Symantec Antivirus 10.1. I updated the definitions before running
    >>the
    >>scan. I ran the scan in the safe mode. After loading in normal mode
    >>msconfig.exe was accessing the internet so I blocked it in my firewall.
    >>The
    >>virus or whatever it is still present, it is prevented from accessing the
    >>internet for now.

    >
    > Download and run Process explorer
    > http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    >
    > Double click on your msconfig, read it's image (path).
    >
    > My Msconfig path is
    > E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe -yours maybe:
    > C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    >
    > If yours isn't in that path
    >
    > Kill the process, goto the path shown in the image and delete the
    > file.
    >
    > <Grin you can't access the net> do this first:
    >
    > Start | Run <type in>
    > taskmgr.exe
    > <enter>
    >
    > Kill msconfig - then download Process Explorer.
    > direct link:
    > http://download.sysinternals.com/Files/ProcessExplorer.zip
    > --
    > Russian billionaire and Chelsea FC owner denies plans to link Alaska and
    > Siberia with the world's longest tunnel as it would be too difficult to
    > keep
    > a strait bearing - Fark.com http://tinyurl.com/2nwck6


    Thanks, I deleted the fake msconfig.exe file that was in the
    c:\windows\system32 directory. Now when msconfig is running, it is from the
    correct path.

    I still have a problem though, whenever I reboot msconfig is running. I
    think that whatever was starting the fake msconfig.exe is now running the
    real one. How can I find out what is starting msconfig.exe and get rid of
    it?
     
    anon, Mar 29, 2008
    #6
  7. anon

    Guest

    "anon" <> wrote:

    >Thanks, I deleted the fake msconfig.exe file that was in the
    >c:\windows\system32 directory. Now when msconfig is running, it is from the
    >correct path.
    >
    >I still have a problem though, whenever I reboot msconfig is running. I
    >think that whatever was starting the fake msconfig.exe is now running the
    >real one. How can I find out what is starting msconfig.exe and get rid of
    >it?
    >


    Ironically with Msconfig :)

    But Autoruns is better and shows much more,
    http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    From the same person who gave you Process Explorer

    Unzip to a folder, then run it from there.

    Goto tab "everything" and read each process started. Look odd, google
    it.

    Direct link:
    http://download.sysinternals.com/Files/Autoruns.zip
    --
    Russian billionaire and Chelsea FC owner denies plans to link Alaska and
    Siberia with the world's longest tunnel as it would be too difficult to keep
    a strait bearing - Fark.com http://tinyurl.com/2nwck6
     
    , Mar 29, 2008
    #7
  8. anon

    chuckcar Guest

    "anon" <> wrote in
    news::

    >
    > <> wrote in message
    > news:...
    >> "anon" <> wrote:
    >>
    >>>I have Symantec Antivirus 10.1. I updated the definitions before
    >>>running the
    >>>scan. I ran the scan in the safe mode. After loading in normal mode
    >>>msconfig.exe was accessing the internet so I blocked it in my
    >>>firewall. The
    >>>virus or whatever it is still present, it is prevented from accessing
    >>>the internet for now.

    >>
    >> Download and run Process explorer
    >> http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    >>
    >> Double click on your msconfig, read it's image (path).
    >>
    >> My Msconfig path is
    >> E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe -yours maybe:
    >> C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    >>
    >> If yours isn't in that path
    >>
    >> Kill the process, goto the path shown in the image and delete the
    >> file.
    >>
    >> <Grin you can't access the net> do this first:
    >>
    >> Start | Run <type in>
    >> taskmgr.exe
    >> <enter>
    >>
    >> Kill msconfig - then download Process Explorer.
    >> direct link:
    >> http://download.sysinternals.com/Files/ProcessExplorer.zip
    >> --
    >> Russian billionaire and Chelsea FC owner denies plans to link Alaska
    >> and Siberia with the world's longest tunnel as it would be too
    >> difficult to keep
    >> a strait bearing - Fark.com http://tinyurl.com/2nwck6

    >
    > Thanks, I deleted the fake msconfig.exe file that was in the
    > c:\windows\system32 directory. Now when msconfig is running, it is
    > from the correct path.
    >
    > I still have a problem though, whenever I reboot msconfig is running.
    > I think that whatever was starting the fake msconfig.exe is now
    > running the real one. How can I find out what is starting msconfig.exe
    > and get rid of it?
    >

    That's because you never cleaned the trojan out of your system. This
    *has* to be done the correct way or it just comes back. As I said, you
    *have* to scan *every* file on your hard drive(s). This can and should
    take *hours*. If it doesn't, then you aren't.

    --
    (setq (chuck nil) car(chuck) )
     
    chuckcar, Mar 29, 2008
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ed

    Win 98SE MSCONFIG.EXE

    Ed, Jan 24, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    562
  2. \Oldschool\ Scotty Flamingo

    What are spoolsv.exe and svchost.exe?

    \Oldschool\ Scotty Flamingo, Oct 10, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    3,019
  3. gary

    QUICKEN.EXE & others with EXE

    gary, Jan 18, 2004, in forum: Computer Support
    Replies:
    12
    Views:
    964
    William Poaster
    Jan 19, 2004
  4. *** JD

    msconfig.exe will not close

    *** JD, Aug 13, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    775
    *** JB
    Aug 15, 2004
  5. Morph

    How do i get AVG7 back to msconfig.exe ??

    Morph, Feb 24, 2005, in forum: Computer Information
    Replies:
    2
    Views:
    392
    Morph
    Feb 26, 2005
Loading...

Share This Page