Solved

How to delete files in the Startup

Posted on 2008-06-14
4
1,462 Views
Last Modified: 2012-06-21
My Notebook was infected by virus. I run Combofix, and the virus was removed. But in the "Startup" of the MSCONFIG, is still showing the box "19496" that was the virus. Besides that I have deleted other programs, that are still in  the MSCONFIG.
How to remove those entries in the Msconfig  "Startup"?
Startup-System-configuration-Uti.JPG
ComboFix.txt
ComboFix-quarantined-files.txt
0
Comment
Question by:fcirillo
  • 3
4 Comments
 
LVL 7

Accepted Solution

by:
kanlue earned 250 total points
ID: 21786656
while looking into this issue, i found the following link that might help:
---------
http://windowsxp.mvps.org/MSCONFIG.htm

[quote]
--------------------
Locations of the entries in MSConfig
The enabled/checked items are populated from the following registry locations:

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run

-and-

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows
Values named Run & Load

The disabled entries are present in these locations:

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ MSConfig \ startupreg
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ MSConfig \ startupfolder

To remove the entries, start the Registry Editor (regedit.exe) and navigate to the above paths. Backup the key before deleting it.
------------------
[end quote]
0
 

Author Comment

by:fcirillo
ID: 21789866
The virus directory (or file) present in the Msconfig/startup is not in the two disabled entries you have quoted.
Could you tell?
0
 

Author Comment

by:fcirillo
ID: 21821089
Please could you answer?
0
 

Author Closing Comment

by:fcirillo
ID: 31467254
The files are there in the place quoted by kanlue, but inside a folder with different name than the virus
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Website Client Portal Suggestion 3 316
web design software 5 402
Dreamweaver 2000- After Validation 5 348
Convert FO to DOCX 7 875
Have you ever wanted to create graphical elements directly in inDesign? This tutorial will teach you how to have an image bound within text using the pathfinder tool in inDesign CS6. This technique will help decrease the amount of time spent opening…
You can download the files for this tutorial here (https://www.dropbox.com/s/hgztzt9b60kddc9/DPS%20Demo.zip?dl=0). The .indd file in the InDesign files folder is a finished version of the file; you can start from scratch and work toward this. Also, …
Learn how to automatically add page numbers in your next InDesign project. This can be very helpful in multi-page books and magazines that you are designing. Make sure your Pages window visible.:  In the document you wish to add page numbers to. Act…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

1 Experts available now in Live!

Get 1:1 Help Now