CWS MSConfig removal

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,
What is the direct method of removing this pest: CWS MSConfig.
Nothing in Google search can give me the answer.

TIA,
 
Thank you Gerry -- but it cannot kill that parasite. It always come back when ever I use
Run command and I've to use CWS Shedder to disable the pest. What I wanted is to
remove it from my system and stayed clean forever. YES, I hope some one can direct
me to the infected file and remove or delete it. --Rino


"Gerry" <gerry@nospam.com> wrote in message news:uNa21UoPIHA.4656@TK2MSFTNGP03.phx.gbl...
> http://us.trendmicro.com/us/products/personal/CWShredder/
>
>
> --
>
>
>
> Hope this helps.
>
> Gerry
> ~~~~
> FCA
> Stourport, England
> Enquire, plan and execute
> ~~~~~~~~~~~~~~~~~~~
>
> < < Rino > > wrote:
> > Hi,
> > What is the direct method of removing this pest: CWS MSConfig.
> > Nothing in Google search can give me the answer.
> >
> > TIA,
>
>
 
Install and run HijackThis:
Download HijackThis (Freeware)
http://www.whatthetech.com/hijackthis/

Finally run HijackThis and post the HijackThis log to the HijackThis
forum here:
http://aumha.net/

You will need to register with Aumha to be able to post.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

< < Rino > > wrote:
> Thank you Gerry -- but it cannot kill that parasite. It always come
> back when ever I use Run command and I've to use CWS Shedder to
> disable the pest. What I wanted is to
> remove it from my system and stayed clean forever. YES, I hope some
> one can direct
> me to the infected file and remove or delete it. --Rino
>
>
> "Gerry" <gerry@nospam.com> wrote in message
> news:uNa21UoPIHA.4656@TK2MSFTNGP03.phx.gbl...
>> http://us.trendmicro.com/us/products/personal/CWShredder/
>>
>>
>> --
>>
>>
>>
>> Hope this helps.
>>
>> Gerry
>> ~~~~
>> FCA
>> Stourport, England
>> Enquire, plan and execute
>> ~~~~~~~~~~~~~~~~~~~
>>
>> < < Rino > > wrote:
>>> Hi,
>>> What is the direct method of removing this pest: CWS MSConfig.
>>> Nothing in Google search can give me the answer.
>>>
>>> TIA,
 
Thank you Gerry I should follow your suggestion because self-diagnose is not 100% a cure. --Rino


"Gerry" <gerry@nospam.com> wrote in message news:#cbg4hpPIHA.5264@TK2MSFTNGP02.phx.gbl...
> Install and run HijackThis:
> Download HijackThis (Freeware)
> http://www.whatthetech.com/hijackthis/
>
> Finally run HijackThis and post the HijackThis log to the HijackThis
> forum here:
> http://aumha.net/
>
> You will need to register with Aumha to be able to post.
>
> --
>
>
>
> Hope this helps.
>
> Gerry
> ~~~~
> FCA
> Stourport, England
> Enquire, plan and execute
> ~~~~~~~~~~~~~~~~~~~
>
> < < Rino > > wrote:
> > Thank you Gerry -- but it cannot kill that parasite. It always come
> > back when ever I use Run command and I've to use CWS Shedder to
> > disable the pest. What I wanted is to
> > remove it from my system and stayed clean forever. YES, I hope some
> > one can direct
> > me to the infected file and remove or delete it. --Rino
> >
> >
> > "Gerry" <gerry@nospam.com> wrote in message
> > news:uNa21UoPIHA.4656@TK2MSFTNGP03.phx.gbl...
> >> http://us.trendmicro.com/us/products/personal/CWShredder/
> >>
> >>
> >> --
> >>
> >>
> >>
> >> Hope this helps.
> >>
> >> Gerry
> >> ~~~~
> >> FCA
> >> Stourport, England
> >> Enquire, plan and execute
> >> ~~~~~~~~~~~~~~~~~~~
> >>
> >> < < Rino > > wrote:
> >>> Hi,
> >>> What is the direct method of removing this pest: CWS MSConfig.
> >>> Nothing in Google search can give me the answer.
> >>>
> >>> TIA,
>
>
 
Bear

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
PA Bear wrote:
> cf. http://aumha.net/viewtopic.php?t=30624
>
> Why are you STILL running WinXP without SP2 or any post-SP2 critical
> updates installed? You told me in Aug-07 that the machine had been
> fully patched: http://aumha.net/viewtopic.php?t=28418
>
> Protect Your PC!
> http://www.microsoft.com/athome/security/computer/default.mspx
>
> Learn how to protect your PC by taking three simple steps
> http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973-4DA5-9836-602954130D38
 
Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
PA Bear wrote:
> cf. http://aumha.net/viewtopic.php?t=30624
>
> Why are you STILL running WinXP without SP2 or any post-SP2 critical
> updates installed? You told me in Aug-07 that the machine had been
> fully patched: http://aumha.net/viewtopic.php?t=28418
>
> Protect Your PC!
> http://www.microsoft.com/athome/security/computer/default.mspx
>
> Learn how to protect your PC by taking three simple steps
> http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973-4DA5-9836-602954130D38
 
Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
PA Bear wrote:
> cf. http://aumha.net/viewtopic.php?t=30624
>
> Why are you STILL running WinXP without SP2 or any post-SP2 critical
> updates installed? You told me in Aug-07 that the machine had been
> fully patched: http://aumha.net/viewtopic.php?t=28418
>
> Protect Your PC!
> http://www.microsoft.com/athome/security/computer/default.mspx
>
> Learn how to protect your PC by taking three simple steps
> http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973-4DA5-9836-602954130D38
 
Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
PA Bear wrote:
> cf. http://aumha.net/viewtopic.php?t=30624
>
> Why are you STILL running WinXP without SP2 or any post-SP2 critical
> updates installed? You told me in Aug-07 that the machine had been
> fully patched: http://aumha.net/viewtopic.php?t=28418
>
> Protect Your PC!
> http://www.microsoft.com/athome/security/computer/default.mspx
>
> Learn how to protect your PC by taking three simple steps
> http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973-4DA5-9836-602954130D38
 
Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
PA Bear wrote:
> cf. http://aumha.net/viewtopic.php?t=30624
>
> Why are you STILL running WinXP without SP2 or any post-SP2 critical
> updates installed? You told me in Aug-07 that the machine had been
> fully patched: http://aumha.net/viewtopic.php?t=28418
>
> Protect Your PC!
> http://www.microsoft.com/athome/security/computer/default.mspx
>
> Learn how to protect your PC by taking three simple steps
> http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973-4DA5-9836-602954130D38
 
One reply would have sufficed, Gerry. <eg>

I didn't send Rino anywhere.

That O4 entry and others in the log are most likely indications of a
Zlob/Vundo/RBOT infection...and they probably brought some "friends" along
with them.

Rino is still running an unpatched version of WinXP Gold and a very
undependable anti-virus application. I tried to assist him a few months
ago: He'd assured me that the machine was fully patched at Windows Update
and was working fine. As you can see from his new HJT log, it isn't. If
chooses to not to practice Safe Hex, I have no time for him and I doubt
anyone else will either.

@Rino: Format & reinstall Windows | Get the machine fully patched at Windows
Update | Install a better anti-virus application plus Windows Defender,
SpywareBlaster, and BOClean | Stop going to risky websites/downloading
freeware.
--
~PAB


Gerry wrote:
> Bear
>
> I sent him to you lot! Why are you sending him back?
>
> What is this item in the latest log?
> O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
> "C:\WINDOWS\System32\mnrfmuxa.dll",b
>
> PA Bear wrote:
>> cf. http://aumha.net/viewtopic.php?t=30624
>>
>> Why are you STILL running WinXP without SP2 or any post-SP2 critical
>> updates installed? You told me in Aug-07 that the machine had been
>> fully patched: http://aumha.net/viewtopic.php?t=28418
>>
>> Protect Your PC!
>> http://www.microsoft.com/athome/security/computer/default.mspx
>>
>> Learn how to protect your PC by taking three simple steps
>> http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973-4DA5-9836-602954130D38
 
Robear; find my in-line answers:

"PA Bear" <PABearMVP@gmail.com> wrote in message news:7899566e-bd37-4625-9e7f-febbd456a7bc@q77g2000hsh.googlegroups.com...
> cf. http://aumha.net/viewtopic.php?t=30624
>
> Why are you STILL running WinXP without SP2 or any post-SP2 critical
> updates installed? You told me in Aug-07 that the machine had been
> fully patched: http://aumha.net/viewtopic.php?t=28418
The right question is why did Microsoft selling us their WinXP with defects?
Even my SP2 CD refused to install.

> Protect Your PC!
> http://www.microsoft.com/athome/security/computer/default.mspx
August to now is a long time and many things happened especially Ainti-Spyware
software. I took many invalid one out and my latest I've post in aumba.net.

> Learn how to protect your PC by taking three simple steps
> http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973-4DA5-9836-602954130D38
YES, your advices are good BUT all I need now is to point me where
CWS MSConfig.exe is hiding. Please do NOT change my topic. TIA.
 
Robear; find my in-line answers:

"PA Bear" <PABearMVP@gmail.com> wrote in message news:#kUxTI3PIHA.2376@TK2MSFTNGP02.phx.gbl...
> One reply would have sufficed, Gerry. <eg>
>
> I didn't send Rino anywhere.
>
> That O4 entry and others in the log are most likely indications of a
> Zlob/Vundo/RBOT infection...and they probably brought some "friends" along
> with them.
On my 1st reboot that "O4" line were gone ;o)
Your probably is all wrong!

> Rino is still running an unpatched version of WinXP Gold and a very
> undependable anti-virus application. I tried to assist him a few months
> ago: He'd assured me that the machine was fully patched at Windows Update
> and was working fine. As you can see from his new HJT log, it isn't. If
> chooses to not to practice Safe Hex, I have no time for him and I doubt
> anyone else will either.
My topic is CWS MSConfig removal -- I didn't ask for more. Please don't say
your last parting words B4 knowing my case. Please do NOT inject unconcluded
human behavior in my thread -- this is all about my PC a victim of malicious invaders.
If you can ONLY blame me then you 're creating 2 victims here.

> @Rino: Format & reinstall Windows | Get the machine fully patched at Windows
> Update | Install a better anti-virus application plus Windows Defender,
> SpywareBlaster, and BOClean | Stop going to risky websites/downloading
> freeware.
Remember the good old saying: "If it isn't broke DO NOT repair it"?
I guaranteed my PC is running fine now except for this last one intruder which entered
long time ago. I've a good protection software now -- thought we could get rid this
elusive one.

To Format & Reinstall especially with a Sony machine using ME O.S. is very uncon-
vinient. I wish Microsoft didn't produced that ME ;o( & get rich with our $$$?
YES, I can do it BUT not now -- wait until only black screen appears.

Sorry; a little late in replying BUT it is better than NEVER ;o) Been very busy
lately doing 10 movie using MM2 and even a 25 minute project took me over
4 hours of rendering into DV tape.

> ~PAB
>
>
> Gerry wrote:
> > Bear
> >
> > I sent him to you lot! Why are you sending him back?
> >
> > What is this item in the latest log?
> > O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
> > "C:\WINDOWS\System32\mnrfmuxa.dll",b
> >
> > PA Bear wrote:
> >> cf. http://aumha.net/viewtopic.php?t=30624
> >>
> >> Why are you STILL running WinXP without SP2 or any post-SP2 critical
> >> updates installed? You told me in Aug-07 that the machine had been
> >> fully patched: http://aumha.net/viewtopic.php?t=28418
> >>
> >> Protect Your PC!
> >> http://www.microsoft.com/athome/security/computer/default.mspx
> >>
> >> Learn how to protect your PC by taking three simple steps
> >> http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973-4DA5-9836-602954130D38
>
 
< < Rino > > wrote:
> Robear; find my in-line answers:
>
> "PA Bear" <PABearMVP@gmail.com> wrote in message news:

7899566e-bd37-4625-9e7f-febbd456a7bc@q77g2000hsh.googlegroups.com...
>> cf. http://aumha.net/viewtopic.php?t=30624
>>
>> Why are you STILL running WinXP without SP2 or any post-SP2 critical
>> updates installed? You told me in Aug-07 that the machine had been
>> fully patched: http://aumha.net/viewtopic.php?t=28418
> The right question is why did Microsoft selling us their WinXP with defects?
> Even my SP2 CD refused to install.
>
>> Protect Your PC!
>> http://www.microsoft.com/athome/security/computer/default.mspx
> August to now is a long time and many things happened especially Ainti-Spyware
> software. I took many invalid one out and my latest I've post in aumba.net.
>
>> Learn how to protect your PC by taking three simple steps
>> http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973

-4DA5-9836-602954130D38
> YES, your advices are good BUT all I need now is to point me where
> CWS MSConfig.exe is hiding. Please do NOT change my topic. TIA.
>
>
>
>

Did you clear your System Restore before using CWShredder to nuke the
pest. If not, it's probably hiding there and replicates itself every
time you nuke it.

Alias
 
I was replying to Gerry, not you.

Just because you had HijackThis fix the O4 entry et. al. does NOT mean that
the files the entries pointed to have been removed. I'm sure the machine is
still very badly infected, which is why you can't install SP2.

1. Format & reinstall Windows.

2. Take care of *everything* on the following webpage before otherwise
connecting the machine to the internet (e.g., to browse/surf, check email,
or chat):

Before You Connect a New Computer to the Internet
http://www.cert.org/tech_tips/before_you_plug_in.html

Security FAQ & Checklist
http://www.dslreports.com/faq/8463
--
~PA Bear


< < Rino > > wrote:
> Robear; find my in-line answers:
<snip>
 
Thanks for responding - Alias.
Can you PLEASE show me how to clear my System Restore? I'll report if we
finally nailed it ;o)

Actually; the mild pest NEVER did any wrong except it bother me whenever I'm
using Run Command & I've to call-in CWShedder all the time to disabled it since
last year. Can I've this coming 2008 a clean PC?

Everybody knows to Format right-away is an over-killed -- not needing a MVP
to tell me that ;o) Cheers Robear ;o)


"Alias" <alias@aliasmail.com> wrote in message news:fk6en2$6d8$1@aioe.org...
> < < Rino > > wrote:
> > Robear; find my in-line answers:
> >
> > "PA Bear" <PABearMVP@gmail.com> wrote in message news:
>
> 7899566e-bd37-4625-9e7f-febbd456a7bc@q77g2000hsh.googlegroups.com...
> >> cf. http://aumha.net/viewtopic.php?t=30624
> >>
> >> Why are you STILL running WinXP without SP2 or any post-SP2 critical
> >> updates installed? You told me in Aug-07 that the machine had been
> >> fully patched: http://aumha.net/viewtopic.php?t=28418
> > The right question is why did Microsoft selling us their WinXP with defects?
> > Even my SP2 CD refused to install.
> >
> >> Protect Your PC!
> >> http://www.microsoft.com/athome/security/computer/default.mspx
> > August to now is a long time and many things happened especially Ainti-Spyware
> > software. I took many invalid one out and my latest I've post in aumba.net.
> >
> >> Learn how to protect your PC by taking three simple steps
> >> http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973
>
> -4DA5-9836-602954130D38
> > YES, your advices are good BUT all I need now is to point me where
> > CWS MSConfig.exe is hiding. Please do NOT change my topic. TIA.
> >
> >
> >
> >
>
> Did you clear your System Restore before using CWShredder to nuke the
> pest. If not, it's probably hiding there and replicates itself every
> time you nuke it.
>
> Alias
 
> Just because you had HijackThis fix the O4 entry et. al. does NOT mean that
> the files the entries pointed to have been removed. I'm sure the machine is
> still very badly infected, which is why you can't install SP2.
NO! I never used HJT for that missing O4 entry. I tried hard to look for it BUT
find none and YES, Jerry reported it correctly. I'm now very happy ;o) with my
fully protected PC. I can forget the SP2, surf and get FREE software worry FREE.
If you're curious again, just trace back what I've said before.

Thanks For Everything's! What A Splendid lesson for me ;o)


"PA Bear" <PABearMVP@gmail.com> wrote in message news:#2#r#6NQIHA.5980@TK2MSFTNGP04.phx.gbl...
> I was replying to Gerry, not you.
>
> Just because you had HijackThis fix the O4 entry et. al. does NOT mean that
> the files the entries pointed to have been removed. I'm sure the machine is
> still very badly infected, which is why you can't install SP2.
>
> 1. Format & reinstall Windows.
>
> 2. Take care of *everything* on the following webpage before otherwise
> connecting the machine to the internet (e.g., to browse/surf, check email,
> or chat):
>
> Before You Connect a New Computer to the Internet
> http://www.cert.org/tech_tips/before_you_plug_in.html
>
> Security FAQ & Checklist
> http://www.dslreports.com/faq/8463
> --
> ~PA Bear
>
>
> < < Rino > > wrote:
> > Robear; find my in-line answers:
> <snip>
>
 
Your headers (Microsoft Outlook Express 6.00.2600.0000) tell us that you
still do not have SP2 installed: You are NOT "fully protected"!

< < Rino > > wrote:
>> Just because you had HijackThis fix the O4 entry et. al. does NOT mean
>> that
>> the files the entries pointed to have been removed. I'm sure the machine
>> is still very badly infected, which is why you can't install SP2.
> NO! I never used HJT for that missing O4 entry. I tried hard to look for
> it
> BUT
> find none and YES, Jerry reported it correctly. I'm now very happy ;o)
> with
> my
> fully protected PC. I can forget the SP2, surf and get FREE software worry
> FREE.
> If you're curious again, just trace back what I've said before.
>
> Thanks For Everything's! What A Splendid lesson for me ;o)
>
>
> "PA Bear" <PABearMVP@gmail.com> wrote in message
> news:#2#r#6NQIHA.5980@TK2MSFTNGP04.phx.gbl...
>> I was replying to Gerry, not you.
>>
>> Just because you had HijackThis fix the O4 entry et. al. does NOT mean
>> that
>> the files the entries pointed to have been removed. I'm sure the machine
>> is still very badly infected, which is why you can't install SP2.
>>
>> 1. Format & reinstall Windows.
>>
>> 2. Take care of *everything* on the following webpage before otherwise
>> connecting the machine to the internet (e.g., to browse/surf, check
>> email,
>> or chat):
>>
>> Before You Connect a New Computer to the Internet
>> http://www.cert.org/tech_tips/before_you_plug_in.html
>>
>> Security FAQ & Checklist
>> http://www.dslreports.com/faq/8463
>> --
>> ~PA Bear
>>
>>
>> < < Rino > > wrote:
>>> Robear; find my in-line answers:
>> <snip>
 

Similar threads

P
Trying to play games on Windows XP but games keep crashing
Replies
0
Views
18
PhilipGrimley
P
R
laptop wifi and speakers are not working
Replies
0
Views
21
Reece Bull
R
Α
Windows 8 pro activation
Replies
0
Views
12
'Ανθή Κ.'
Α
K
Microsoft Outlook introduces SMS on Outlook Lite
Replies
0
Views
30
Keerthana_AK
K
E
Camera not found
Replies
0
Views
12
Emmanuel Eko
E
Back
Top