How does malware launch at startup?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
A friend's computer has over the past few months become very sluggish on
her DSL internet downloads. I strongly suspect spyware or other such
malware.

I use a program called Startup Control Panel. It has five tabs,
corresponding to all the places - Startup (user), Startup (common),
HKLM/run, HKCU/run, and Run Once - that can launch programs at startup.
It lets me enable or disable any of the programs listed under each tab.

Problem is, I don't see anything suspicious. Where do malware programs
hide so programs like Startup CP can't find them?

Thanks,

Ray

Re: How does malware launch at startup?


| A friend's computer has over the past few months become very sluggish on
| her DSL internet downloads. I strongly suspect spyware or other such
| malware.

| I use a program called Startup Control Panel. It has five tabs,
| corresponding to all the places - Startup (user), Startup (common),
| HKLM/run, HKCU/run, and Run Once - that can launch programs at startup.
| It lets me enable or disable any of the programs listed under each tab.

| Problem is, I don't see anything suspicious. Where do malware programs
| hide so programs like Startup CP can't find them?

| Thanks,

| Ray

There are many more load points in the Registry.

It can chain as an EXE off of USERINIT.EXE or EXPLORER.EXE or as a DLL via
AppInit during
the Winlogon process.
It can load as a DLL via Winlogon/notify
It can be loaded at a device driver or NT Service.

That's just a few.  There are many loading points.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: How does malware launch at startup?

Ray K wrote:
Quoted text here. Click to load it

So are you GeorgeWBush or RayK? Why did you post twice?

Have you tried anything besides Startup CP? It sounds like you need more
tools. If you browse through alt.privacy.spyware, you'll find a
terrific, well-updated FAQ that will give you a long list of tools and
techniques for keeping your friend's system clean.

I, and many others, use SuperAntiSpyware, AdAware, Spybot S&D,  and MBAM
on a regular basis to keep the systems in my house clean. I also have
used them at friends' houses to clean up their infections. This is on
top of AntiVirus software, some purchased, some free.

If you do a little reading and experimenting, you should be able to
resolve any issues that you find.

RB

Re: How does malware launch at startup?

Rube Bumpkin wrote:
Quoted text here. Click to load it

I just noticed that the illustrious DHL also answered your post. Go back
and look for other posts by him. I've never seen him be wrong. I, on the
other hand, am wrong, or maybe just misinformed or mistaken, on a
regular basis ;-)

RB

Re: How does malware launch at startup?

Ray K wrote:
Quoted text here. Click to load it
Thanks David, Rube, and Wolf for the excellent suggestions. The problem
right now is that some of the suggested programs require an internet
connection to download the latest updates. At her home, she's uses DSL.
Now that I'm troubleshooting it in my home, with a cable connection, I
have to install in her computer my Optonline software.

And to make things more complicated, her computer still uses Windows ME,
which some of those programs don't work with. I am going to "upgrade"
her computer to W2K.

So far, all I have done is run Crap Cleaner. My plan is as follows:

1. Install W2K
2. Connect her computer to my cable
3. Download W2K SP4 and 60 hot fixes
4. Try your other suggestions.

It's going to be a long, tedious day today.

Ray



Re: How does malware launch at startup?

Ray K wrote:

Quoted text here. Click to load it

I do not know of any cable internet service that requires one to install
any software. They all seem to offer crap, though, and try to make you
believe you need it. Just don't install it.

Your router, network card, and OS should handle it all.

--
   -bts
   -Friends don't let friends drive Windows

Re: How does malware launch at startup?


| Thanks David, Rube, and Wolf for the excellent suggestions. The problem
| right now is that some of the suggested programs require an internet
| connection to download the latest updates. At her home, she's uses DSL.
| Now that I'm troubleshooting it in my home, with a cable connection, I
| have to install in her computer my Optonline software.

| And to make things more complicated, her computer still uses Windows ME,
| which some of those programs don't work with. I am going to "upgrade"
| her computer to W2K.

| So far, all I have done is run Crap Cleaner. My plan is as follows:

| 1. Install W2K
| 2. Connect her computer to my cable
| 3. Download W2K SP4 and 60 hot fixes
| 4. Try your other suggestions.

| It's going to be a long, tedious day today.

| Ray


Thee is NO upgrade path from WinME to Win2K.  You'll have to wipe the PC and
install Win2K
from scratch.

It isn't just SP4, there is also the post SP4 RollUp and the subsequent hotfixes.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: How does malware launch at startup?

David H. Lipman wrote:
Quoted text here. Click to load it
David,

I'm puzzled. Before you posted the above message, I had already started
the installation of W2000 Pro. Before I got to the point that I had to
enter the product ID code, the program gave me the option of an upgrade
or a clean install. Next to the "Upgrade to Windows 2000 (recommended)"
option, it says: "If you upgrade, your current operating system is
replaced, but your existing setting and installed programs are not
changed."

Next to the "Install a new copy of Windows 2000 (clean install)" it does
warn that "you must specify new settings and reinstall your existing
software."

The problem is that I have to have a working internet connection before
going either way.

Any advice?

Ray

Re: How does malware launch at startup?

Ray K wrote:
Quoted text here. Click to load it
I have some advice for you.
1.Make sure you have the ME restore disks in hand before going any
further so if you really screw things up you can put her machine back
the way it was when she bought it.
2.Using a flash drive, make copies of all documents,pics,etc. before
installing w2k.
3.You may need drivers for some of the hardware(video/modem/
etc.)-download them before format/install.

max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is for use in USENET-feel free to use it yourself.

Re: How does malware launch at startup?

rises up angry wrote:
Quoted text here. Click to load it
Good advice, Max. I don't think she ever had restore disks. The computer
was made at a local mom-and-pop shop; the case doesn't even have a
hard-drive activity light. That's how extreme they were in cutting corners.

I started the install before receiving your message. I installed over
ME; I didn't reformat. While the installation took lots of time (mostly
waiting while W2K seemed to be doing nothing), it was otherwise
uneventful. I'm spending too much time updating drivers, but that's
pretty much behind me now.

Ray


Re: How does malware launch at startup?


Quoted text here. Click to load it

Wouldn't hurt to have read his entire post before you responded with this
article link. The system isn't totally compromised at this point. That
article is for worst case scenario's.



--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: How does malware launch at startup?


On Tue, 28 Oct 2008 03:24:26 GMT, Dustin Cook

Quoted text here. Click to load it


Be careful. D doesn't like criticism. You are teetering on the brink
of racist abuse if you persist with such comments.


Jim :)


Re: How does malware launch at startup?

James Egan wrote:
Quoted text here. Click to load it

All Buckweat's concerned about
is selling enough routers to keep chitlins on his plate.

Re: How does malware launch at startup?


Quoted text here. Click to load it

How do you know? How do you know what's on that person's machine?


Re: How does malware launch at startup?


Quoted text here. Click to load it

Well, based on the post, I know the machine is still running; and not
entirely crashing out. So, without further information, I would say it's
not completely compromised. I could be wrong, of course. I'd rather have
a look at the machine before one goes ahead and assumes worst possible
case scenario.


--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: How does malware launch at startup?


Quoted text here. Click to load it

I do not believe thats accurate Dave. I have upgraded from WinME oem to
Win2k Oem, sp4 before.

 
Quoted text here. Click to load it

Which can be applied via windows update...

I don't find the reasoning for an upgrade of this nature to necessarily
be a good idea.. but alas, I'm not the OP and don't know his specific
situation or the computer hardware specs.
 



--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: How does malware launch at startup?




Quoted text here. Click to load it








| I do not believe thats accurate Dave. I have upgraded from WinME oem to
| Win2k Oem, sp4 before.


Quoted text here. Click to load it

| Which can be applied via windows update...

| I don't find the reasoning for an upgrade of this nature to necessarily
| be a good idea.. but alas, I'm not the OP and don't know his specific
| situation or the computer hardware specs.



I think you'll find the Win2K came out just prior to WinME.
This subject matter was thoroughly discussed in the Microsoft WinME NG and there
is no
upgrade path.  Win98 yes, WinME, no.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline