Please help interpret this report

Discussion in 'Computer Security' started by anikya, May 12, 2004.

  1. anikya

    anikya Guest

    This is a report generated by CWShredder. I've removed all the
    coolwebsearch pests, but what should I make of the following?

    Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (336268 bytes, RA)
    Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
    UserInit Registry value: HKLM\..\WinLogon [UserInit]
    C:\WINDOWS\system32\userinit.exe,
    Registry value: DefaultPrefix (should be http://) [] http://
    Registry value: WWW Prefix (should be http://) [www] http://
    Registry value: Mosaic Prefix (should be http://) [mosaic] http://
    Registry value: Home Prefix (should be http://) [home] http://
    Found Win.ini file: C:\WINDOWS\win.ini (2649 bytes, A)
    Found System.ini file: C:\WINDOWS\system.ini (1608 bytes, A)

    anikya
     
    anikya, May 12, 2004
    #1
    1. Advertising

  2. anikya

    *Vanguard* Guest

    anikya said in news:mBfoc.449999$Ig.322750@pd7tw2no:
    > This is a report generated by CWShredder. I've removed all the
    > coolwebsearch pests, but what should I make of the following?
    >
    > Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (336268
    > bytes, RA)


    You have a large hosts file. The default is to just list 127.0.0.1 to
    "localhost". If you have other entries in this file, perhaps you added
    them by merging in a hosts file used to block spam sites. Just open the
    file using notepad.exe to see what you have inside that file.

    > Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe


    That's your shell, the GUI that you see and called your Desktop. Look
    in Task Manager and you'll see an instance of explorer.exe always
    running even when you have no instance of Windows Explorer open. It's
    your GUI shell.

    > UserInit Registry value: HKLM\..\WinLogon [UserInit]
    > C:\WINDOWS\system32\userinit.exe,


    Windows logon initialization.

    > Registry value: DefaultPrefix (should be http://) [] http://
    > Registry value: WWW Prefix (should be http://) [www] http://
    > Registry value: Mosaic Prefix (should be http://) [mosaic] http://
    > Registry value: Home Prefix (should be http://) [home] http://


    It says it found the good value it expected to find.

    > Found Win.ini file: C:\WINDOWS\win.ini (2649 bytes, A)
    > Found System.ini file: C:\WINDOWS\system.ini (1608 bytes, A)


    These files still have some functionality so it simply reports their
    size. They are carryovers from Windows 3.1 to provide some backward
    compatibility. Some old 16-bit programs may still expect to find their
    settings in those .ini files. Windows 95 and later automatically move
    many but not all of the entries in these .ini files into the registry.
    You'll need to actually look inside the .ini files to note if anything
    nasty put itself in there.

    My win.ini is 703 bytes big and my system.ini is 227 bytes big, so they
    are smaller than yours but then all programs installed are NT-based
    Windows compatible.
     
    *Vanguard*, May 12, 2004
    #2
    1. Advertising

  3. anikya

    anikya Guest

    "*Vanguard*" <> ¦b¶l¥ó
    news: ¤¤¼¶¼g...
    > anikya said in news:mBfoc.449999$Ig.322750@pd7tw2no:
    > > This is a report generated by CWShredder. I've removed all the
    > > coolwebsearch pests, but what should I make of the following?
    > >
    > > Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (336268
    > > bytes, RA)

    >
    > You have a large hosts file. The default is to just list 127.0.0.1 to
    > "localhost". If you have other entries in this file, perhaps you added
    > them by merging in a hosts file used to block spam sites. Just open the
    > file using notepad.exe to see what you have inside that file.
    >
    > > Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe

    >
    > That's your shell, the GUI that you see and called your Desktop. Look
    > in Task Manager and you'll see an instance of explorer.exe always
    > running even when you have no instance of Windows Explorer open. It's
    > your GUI shell.
    >
    > > UserInit Registry value: HKLM\..\WinLogon [UserInit]
    > > C:\WINDOWS\system32\userinit.exe,

    >
    > Windows logon initialization.
    >
    > > Registry value: DefaultPrefix (should be http://) [] http://
    > > Registry value: WWW Prefix (should be http://) [www] http://
    > > Registry value: Mosaic Prefix (should be http://) [mosaic] http://
    > > Registry value: Home Prefix (should be http://) [home] http://

    >
    > It says it found the good value it expected to find.
    >
    > > Found Win.ini file: C:\WINDOWS\win.ini (2649 bytes, A)
    > > Found System.ini file: C:\WINDOWS\system.ini (1608 bytes, A)

    >
    > These files still have some functionality so it simply reports their
    > size. They are carryovers from Windows 3.1 to provide some backward
    > compatibility. Some old 16-bit programs may still expect to find their
    > settings in those .ini files. Windows 95 and later automatically move
    > many but not all of the entries in these .ini files into the registry.
    > You'll need to actually look inside the .ini files to note if anything
    > nasty put itself in there.
    >
    > My win.ini is 703 bytes big and my system.ini is 227 bytes big, so they
    > are smaller than yours but then all programs installed are NT-based
    > Windows compatible.


    ____________________________________

    Thank you, thank you, thank you.
    My host file is huge...it's one from Soybot.

    I just learned that this machine did indeed have it's first breath in
    pre-windows days.

    anikya
     
    anikya, May 12, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Doc Holliday
    Replies:
    5
    Views:
    772
    Ron Bandes
    Dec 28, 2003
  2. Igor Mamuziæ
    Replies:
    3
    Views:
    6,648
    Igor Mamuziæ
    Dec 21, 2004
  3. charlie

    Interpret this please

    charlie, Mar 23, 2006, in forum: Computer Security
    Replies:
    8
    Views:
    762
    David H. Lipman
    Mar 28, 2006
  4. Pam
    Replies:
    0
    Views:
    664
  5. =?Utf-8?B?cmxtYXJy?=

    Blue Screen Crash ... Please interpret

    =?Utf-8?B?cmxtYXJy?=, Nov 11, 2006, in forum: Windows 64bit
    Replies:
    8
    Views:
    495
Loading...

Share This Page