If an item is listed in system config utility.. Does it exsist?

  • Thread starter Thread starter John
  • Start date Start date
J

John

If an item is listed in the System Configuration utility (in this case)
(C:/windows/system32/kavo.exe) and its location:
“software/Microsoft/windows/currentversion/run” Does the file exsist?.

1. I have managed to view hidden files and I can’t see it.
2. An online scanner PreVxCSI found it. Nod32 online scan found and
killed it (and others)
3. Norton couldn’t find it in safe mode.
4. The computer shop spent 6 hours and killed it.
5. Norton say: “removal easy”
6. System restore is turned off
6 Jeeeezzz!
http://www.symantec.com/security_response/writeup.jsp?docid=2007-082706-1742-99&tabid=1
http://www.prevx.com/freescan.asp
http://www.eset.com/onlinescan/
Thanks
John
 
Items listed there are entries in the Registry, in this case.
You can open Regedit, go to the location shown, right-click on the kavo
entry and choose "delete".

"bleepingcomputer" says:
Added by the Troj/Lineag-GLG password-stealing Trojan for the online game
Lineage

Just because the Registry entry is there Does Not mean the program is still
there.
Delete the value in the right-hand pane [DO NOT DELETE the RUN key itself!!
Only the kavo line in the right-hand pane.]
Then reboot.

It should now be gone from msconfig.

"John" wrote:

> If an item is listed in the System Configuration utility (in this case)
> (C:/windows/system32/kavo.exe) and its location:
> “software/Microsoft/windows/currentversion/run†Does the file exsist?.
>
> 1. I have managed to view hidden files and I can’t see it.
> 2. An online scanner PreVxCSI found it. Nod32 online scan found and
> killed it (and others)
> 3. Norton couldn’t find it in safe mode.
> 4. The computer shop spent 6 hours and killed it.
> 5. Norton say: “removal easyâ€
> 6. System restore is turned off
> 6 Jeeeezzz!
> http://www.symantec.com/security_response/writeup.jsp?docid=2007-082706-1742-99&tabid=1
> http://www.prevx.com/freescan.asp
> http://www.eset.com/onlinescan/
> Thanks
> John
>
 
you can use a freeware
called autoruns by
sysinternals and available
at microsoft.com

with it you can explore
the processes, disable
them and modify the
registry at the same time.

the emphasis with this
issue is to explorer the
processes for "each" user
via the menu bar.

--

db ·´¯`·.¸. , . .·´¯`·..><)))º>`·.¸¸.·´¯`·.¸.·´¯`·...¸><)))º>¸.
><)))º>·´¯`·.¸. , . .·´¯`·.. ><)))º>`·.¸¸.·´¯`·.¸.·´¯`·...¸><)))º>


..


"John" <John@falseaddress.com> wrote in message news:470567be$1@clear.net.nz...
> If an item is listed in the System Configuration utility (in this case)
> (C:/windows/system32/kavo.exe) and its location:
> “software/Microsoft/windows/currentversion/run” Does the file exsist?.
>
> 1. I have managed to view hidden files and I can’t see it.
> 2. An online scanner PreVxCSI found it. Nod32 online scan found and killed it
> (and others)
> 3. Norton couldn’t find it in safe mode.
> 4. The computer shop spent 6 hours and killed it.
> 5. Norton say: “removal easy”
> 6. System restore is turned off
> 6 Jeeeezzz!
> http://www.symantec.com/security_response/writeup.jsp?docid=2007-082706-1742-99&tabid=1
> http://www.prevx.com/freescan.asp
> http://www.eset.com/onlinescan/
> Thanks
> John
 
"John" wrote in message news:470567be$1@clear.net.nz...
> If an item is listed in the System Configuration utility (in this
> case)
> (C:/windows/system32/kavo.exe) and its location:
> “software/Microsoft/windows/currentversion/run” Does the file
> exsist?.

<snip>

Nope, just like writing on a piece of paper, recording a house address
doesn't make the house exist. You yourself could use regedit.exe to
add an entry that specified a file but that doesn't mean the file
exists. It means you edited the registry. The registry got updated
by something to create the entry. Could've been left behind after an
uninstall. This happens way too often (i.e., uninstalls are dirty).
 
Back
Top