Dismiss Notice

Welcome To CK5!

Registering is free and easy! Hope to see you on the forums soon.

Score a FREE t-shirt and membership sticker when you sign up for a Premium Membership and choose the recurring plan.

Computer types...umm, wtf mates?

Discussion in 'The Lounge' started by thezentree, Feb 1, 2005.

  1. thezentree

    thezentree 3/4 ton status

    Joined:
    Sep 19, 2003
    Posts:
    7,198
    Likes Received:
    0
    Location:
    NC
    I went into my start-up list to disable a few things that I don't use and found an application that is listed on start-up...except it doesn't have a name, and I can't read the whole filename. I'm running XP (home, I think it is). So, what gives? Is there any way that I can find out what this program is?
     
  2. 75-K5

    75-K5 3/4 ton status

    Joined:
    Apr 28, 2002
    Posts:
    5,353
    Likes Received:
    0
    Location:
    Anderson, Indiana
    If you don't know what it is, kill it. It can't be that important. No critical windows components are listed in the startup tab of msconfig, and any important device drivers and other software will have at least a title.
     
  3. Zeus33rd

    Zeus33rd Smarter than you GMOTM Winner

    Joined:
    Mar 14, 2002
    Posts:
    7,324
    Likes Received:
    9
    Location:
    Grass Valley, CA
    75-K5 is right...You don't need to have anything in that list checked. It's all stuff you can start manualy. If you still want to see what the file is, just expand the list to right by clicking and draging the seperator marked by the arrows in this pic-
    [​IMG]
    :D
     
  4. poinzey

    poinzey 1/2 ton status

    Joined:
    Jun 16, 2004
    Posts:
    113
    Likes Received:
    0
    Location:
    Texas
    A general rule of thumb I go by when cleaning students machines here at the university is, if it doesn't have a name, or shows up as boxes, yank it(cause i go through 20-30 machines a day here and only look up the really bad ones...). Also I'd go ahead and download and run a program called Spybot Search and Destroy. If there's one there, there is probably more....:frown1: If on the offchance its a virus it may be harder to clean. PM me if you have a hard time with it. :)
     
  5. thezentree

    thezentree 3/4 ton status

    Joined:
    Sep 19, 2003
    Posts:
    7,198
    Likes Received:
    0
    Location:
    NC
    [​IMG]


    That's what I got. Anyway, it's disabled and I ran Norton, Spybot, Adaware, and CWShredder last night and it still showed up this morning.

    EDIT: I also just went through my list of running applications and there's nothing abnormal there. Weirrrrd...
     
  6. poinzey

    poinzey 1/2 ton status

    Joined:
    Jun 16, 2004
    Posts:
    113
    Likes Received:
    0
    Location:
    Texas
    Sounds like a virus possibly then. Boot into safe mode and run your spyware tools from there. If it still shows up in normal mode after that run a boot scan and check for a virus. I can't think of the site off the top of my head right now, but I use one called corpmb at work to boot and check with.
     
  7. newyorkin

    newyorkin 1 ton status

    Joined:
    May 8, 2001
    Posts:
    16,555
    Likes Received:
    157
    Location:
    Los Estados Unitos
    Man, I would nuke everything in there and lock the perms on that registry key... I don't think I've ever seen a legit use for HKCU's run key...

    If you go into the registry through Regedit, expand HKEY_Current_user->SOFTWARE->Microsoft->Windows->CurrentVersion->Run, you should see the files being run at startup. The unidentified file should be visible there.

    I'm not sure if it's available on home edition, but if you go start->run->"GPEdit.msc" and hit enter, you can bar specific things from running on the machine by their .exe name. Be careful in there though, you can lock yourself out of windows pretty easily without even realizing it... I won't quite tell you more than that about GPEdit...
     
  8. thezentree

    thezentree 3/4 ton status

    Joined:
    Sep 19, 2003
    Posts:
    7,198
    Likes Received:
    0
    Location:
    NC
    Explain further...how/why nuke everything? lock the perms...what?

    Found it, but it's still unnamed. The name is "(Default)" and under the Data column, it says "(value not set)"

    I'm not sure I want to be meddling in such places, considering how inept I am.

    As for rebooting in safe mode and running spy/adware checkers, I will try that. Norton will work too, I assume? And idiot question - what key is it again to boot in safe mode? F3?

    On a side note, I got an email from getabj@hotmail.com today through my uncc.edu email address, and I'm not real sure how it got there, because I don't use that address for subscribing to or registering anything, so I'm thinking it may be some sort of worm. Norton is running right as I type this, but I'm just wondering if anyone has knows anything about this.

    Thanks for the help yall. :cool1:
     
  9. newyorkin

    newyorkin 1 ton status

    Joined:
    May 8, 2001
    Posts:
    16,555
    Likes Received:
    157
    Location:
    Los Estados Unitos
    That key defines what programs will start (in addition to the startup folder in the start menu) when the user logs on. This is different than the run key under HKEY_LOCAL_MACHINE, as that one runs no matter who is logged on.

    To lock up the key, you can right click on it (the "run" folder), go to permissions, and assign full control to "Administrator", but remove it for your account and set your account for "Read". This is assuming the account you log on with is NOT the administrator account (it usually isn't). To be sure what account you're logged on with, go Start->Run->"CMD" <enter>, and once at the dos-like window, type "echo %username%" without quotes. As long as that doesn't return "administrator", you can use the above procedure to change the perms on the key.

    Are you sure you're in "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"? That screenshot showed a whole bunch of stuff that you should see in the right pane of regedit when you have that run key selected. The "Default" entry is legit, every registry key should have an Default/"Value not set" entry.



    If you're not comfortable messing around, staying out of gpedit is a pretty safe idea. IMO, it's sketchy anyway...
     

Share This Page