Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Unknown entry in Msconfig

May 16, 2004 10:21AM PDT

I am working on a Dell Dimension 2350, which the customer claims has the Welchia virus. I ran the fix from Symantec and it came up clean. Norton AV auto-protect was disabled and a full scan had not been done.

I am running a scan now and have noticed in Msconfig two entries running which are unidentified (the name is all square boxes) and the locale is a registry entry. This looks suspicious and if anyone has info on this type of action I would appreciate input.

Next stop after NAVs scan will be AVG online, then Spybot and the rest.

Discussion is locked

- Collapse -
Re:Unknown entry in Msconfig
May 16, 2004 4:15PM PDT

You must have administrative rights to run this tool.
Did you use the tool?
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
BEFORE YOU DOWNLOADED AND USE TOOL DID YOU READ "ALL" THE INSTRUCTIONS?
Like disable system restore, Check the Publisher Authenticity confirmation dialog box. Etc Etc Etc...

http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

http://www.pchell.com/virus/welchia.shtml

There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies....
http://www.squarebox.co.uk/javatips.html

Hows your java looking? Is it infected?
http://java.sun.com/webapps/getjava/BrowserRedirect?locale=en&host=www.java.com:80

The MSJVM is outdated (Java 1.1.4 as oppsed to 1.4.2 from Sun, the creator of Java) and shouldn't be used.

Update detection checker @ site 1
http://www.virtualmachine.tk/

And the Unicode on your printer?
http://support.microsoft.com/default.aspx?kbid=212380

Failure of complete removal of the worm will require you to reinstall windows.

Looks like fun, pick whatever you think fits since you know more of the story....

- Collapse -
Re:Unknown entry in Msconfig
May 17, 2004 2:19AM PDT

I would suggest before anything else you run AdAware, the best tool I know for finding suspicious registry entries. It's free too! If it isn't a virus AVG won't find it.

- Collapse -
Re:Re:Unknown entry in Msconfig
May 17, 2004 9:13PM PDT

I'm glad I saw Michael's original post. Here's my question:
After unchecking unwanted start-ups in the msconfig utility, how can I remove that never-ending list of unchecked stuff from the startup tab?

- Collapse -
Re:Unknown entry in Msconfig
May 17, 2004 8:06AM PDT

Michael, I found those entries in my msconfig also and after doing some searching found them in the registry at this location, i just deleted them with no ill effects.

HKLM/SOFTWARE/MICROSOFT/SHARED TOOLS/MSCONFIG/STARTUPREG==highlight=LOAD and RUN

- Collapse -
Re:Re:Unknown entry in Msconfig
May 17, 2004 10:47AM PDT

Housecall picked up Sasser, and Spybot/Adaware picked up a combined 112 items. Cleaned then up and the machines running smoothly.

Thanks for the ideas.

Mike