Discussion in 'Computers & IT' started by EarlyMon, Jan 6, 2012.
Nah, the best fix is to install Gentoo FTW!
Already checked all of those by hand.
Although - I did use msconfig to bring up the fab four - and did not check to see if a .cmd file existed at c:\ - hmmmmm.
And I need to double-check if I really got to starup in programs....
I have a simpler solution.
I only run Windows in a virtual machine, and before doing anything new, I make a copy of the VM image.
If things go south, I blow away the working copy and go back to my checkpoint.
I know - Windows provides ways to do that.
My way is quicker and gives me no grief, just costs disk space - and that I can afford. Wasted time, I can't.
We could always go back to punch cards.
I'm picturing a vBulletin environment created by punch cards and someone creating a new thread...."Someone sent me a message card and when I fed it into the machine it froze the system, does anyone know of any good card extractor that I can use to fix this thing?? "
With the recent flooding in Thailand and the soaring prices of HDs, we may very well have to go back to punch cards....
Life was easier with punch cards.
I never thought the day would come when I'd say that.
Life was easier without electricity....
I have never been bothered. I look through registries several times a week and never even look to see if the keys I'm looking at are being referenced or not. It's completely irrelevant.
I'm the same way. You leave the orphaned keys alone and nothing will happen. You start trying to remove stuff and you're much more likely to make things worse as there is no way in the world to make things better. Registry cleaners are snake oil. The people who use them break their computers sometimes beyond repair which does make more work for me and keeps me in business. I hate cleaning up stupidity is all.
The registry key is benign. Removing it is the equivalent of having risky elective surgery. There's no justification for it. You could use my computer all day and have no idea if there were orphaned keys or malware related keys.
IE starts up when her computer starts up? Like as soon as she logs in? The first places I would look would be running MSConfig and looking at start up items. It sounds like you've done that.
I would go old school and delete her profile. Create a brand new user account. Give it admin priviliges. Log off and have her log in with the new account. Go into the C drive and copy her documents, desktop, and Internet favorites to the new profile after confirming the problem doesn't exist with the new profile. If it does, then the problem is with the default user profile.
Cleaning up stupidity can be fun, though. Especially when I get to say "if you had come to me before trying all of this yourself, we could have saved it - now, I gotta format...."
Yeah, it's called Bart's PE and / or Ultimate Boot CD....
The problem with a plug in is the same as with these - they are only effective if the plug-in receptacle is actually functioning (and with these, you need either a working CD/DVD/BD ROM, or else a working USB, depending upon implementation). The good thing is that we do have test benches and the like to be able to test hardware - I try to keep spare parts handy so I can test things, but some things I cannot - for example, I have a Core i7 965 EE CPU - and the only mobo that will run that is the mobo it is in now. Same with the DDR3 RAM I have.
The HDs, Optical drives, etc. I can test by using another system - and I always have 1 spare optical (although it is IDE, and this mobo has no IDE, but I have a second spare optical that is SATA) and multiple ways to get USB working so long as the mobo's south bridge is not hosed.
it's beside the point though - we have various tools, but novice users aren't savvy enough to use them - and yet I see all over the Internet advice on what tools to use, how to fix things yourself, etc. etc. ad nauseum.
That's what really gets my goat (pun intended).
MSCONFIG checks the startup folder.
As I think about it more, it's probably a service that's running that's starting it. I'd bet if he went into MSCONFIG and disabled all non-Microsoft services it would fix the problem. It would break a ton of stuff no doubt, but it would be simple enough to look through the list of services and re-enable the ones you wanted/needed.
You didnt need to, I was always going to mention it in my first response
The advice on given on the Internet gets me too. A fair share of it is bad. Not just bad, but horrible. At best, it makes no difference at all. At worst, it makes things far, far worse. The average user (not just the novice) has no clue at all which advice is good and which is bad. Often times they don't even have a clue what the problem is, just the symptoms.
Side note - I was just at my mom's house. She has SEVEN toolbars in IE. SEVEN!!
If it's a service, then it's masquerading as a Microsoft service and not being caught on scan.
I've been though startup with System Configuration Info and diagnostics, as mentioned.
And with Windows Defender.
Only by eventually disabling everything did this stop, but I haven't found the source.
If it stopped when you disabled everything, then the solution is simple. Go to the run line and start "services.msc". Sort the services so you see the ones that are disabled. Go one by one and start those services. When IE pops up, then you'll know which service is causing it and you can go from there.
Appreciate it! I know to diagnose services, that's why I was looking for a remote access approach - plus any other stones to overturn that I've been missing.
I rather not work by using exhaustive search if I can help it.
You could do screen caps and post them here of the services in question - I'll be able to rather quickly identify a not so good one - if three really is one
Also, there is the fact that it could be, as you surmised, a legit service that has been hijacked to do a not so legitimate task....for all we know it could be a task scheduler item that is running BITS....
Well, when I get access to it, if I can't find it, I'll definitely take you up on the offer!
I still think I'd like to know what site it's trying to visit and find that string in the system.
That would seem to be attacking the problem causally.
Wouldn't be exhaustive really. There are some that you know are good services. You can select them all at once and kick them off. If you have no issues, then you can move on to the more suspicious ones.
Use Join.me. It's the easiest remote access tool I know. Mom clicks one link on the home page, runs a small program and gives you a 9 digit number. You type it in and you can see her screen.
I made myself a wicked multiboot USB using YUMI to create the Boot record and a batch script to update the ISO's on it.
UBCD4win, Hiren's, Windows installers... Got the lot on one USB stick hanging from my door access card so I can do almost anything, anytime. Given the drive is still attached/working
Oooh, I'd like to take a crack at that.....please?
Don't need the entire file, just the make / script / batch files - I can build it / them myself lol...
Never thought about integrating them together using YUMI....
And I just bough a new 16 GB USB Flash drive, to boot....
That's called exhaustive search. You search until the mystery is found or the list is exhausted. Opposite of a causal search.
Appreciate the tip on Join.me - I'll check that out as well.
Did you happen to run MBAM? If not I'd recommend it - b/c looking at this post XP AntiVirus 2011 - what a PITA - Malwarebytes Forum this thing is pretty well integrated into the system. Finding the correct file sis gonna take you a while if you don't know what you're looking for, even if you have a general idea where to look - that ST5.tmp file? lol - a visual inspection would have let that fly right past my radar....
Doesn't seem exhaustive to me. Would take less than 30 mins in my mind. I'm used to hunting down computer problems that take 4-5 times as long easily.
I didn't. It was quite invasive. One of the anti-virus sites had a key to enter to get it to shut up, thinking it had been purchased. Then, before taking the next step to complete the final payload launch of useless files, I scanned and cleaned as instructed. That said, it may not have caught everything, who knows.
Basically, its M.O. is to create a lot of useless files and then masquerade as an anti-virus from Microsoft - and you don't get past the main screen in normal mode unless you've made the purchase to enter the key.
How many times have you heard this story? Sister forward an email to mom, contains funny website - site pops up you could be infected. Mom clicks the link - infection begins. That's exactly how she got it.
Well, that's fine, that's your right. But it is a standard term in computer science. It's about creating a list and exhausting it or finding the problem. If you don't find the problem, make a new list, exhaust that or find. Repeat until done. The list is made of possible guesses where to look - however reasonable, it's a guess. No one seems able to tell me how to find which site it was trying to go to. If I had that, I wouldn't need an exhaustive search - just a disk search, aka a causal approach.
Your keys are always in the last place you look. But you start with a guessed list of locations and then begin. You might do that and still not find your keys. So, you repeat the first search to assure yourself if you miss anything. You ask someone where did you see me with my keys last, or have you seen my keys? You are rebuilding the list for exhaustive search.
It seems like exhaustive search in the same way that voltage seems like voltage. It's a defined term.
It's also known as this -
Brute-force search - Wikipedia, the free encyclopedia
Often effective, but time consuming and lacking elegance as a problem solving technique.
Sadly, it seems that I may be stuck with it.