Worm removed, but irritant messages remain

S

Sadat

Hi

I removed W32.Rontokbro@mm worm recently using Symantec tool. Now I can see
folder options, have access to both registries regedt32 and regedit and in
general no problems.

But everytime I log on or restart, the message "Windows cannot find
C:\WINDOWS\KesenjanganSocial.exe. Make sure you typed the name correctly and
then try again..." still keeps popping up. Symantec website simply advises
to ignore and close the message.

When I type msconfig, I can still see br5403on.exe listed as a start up
item. I can't see the file when I go to the path listed. Is there any
solution to stop this popup permanently?

Regards,
Sadat
 
G

Guest

Sadat said:
Hi

I removed W32.Rontokbro@mm worm recently using Symantec tool. Now I can see
folder options, have access to both registries regedt32 and regedit and in
general no problems.

But everytime I log on or restart, the message "Windows cannot find
C:\WINDOWS\KesenjanganSocial.exe. Make sure you typed the name correctly and
then try again..." still keeps popping up. Symantec website simply advises
to ignore and close the message.

When I type msconfig, I can still see br5403on.exe listed as a start up
item. I can't see the file when I go to the path listed. Is there any
solution to stop this popup permanently?

Regards,
Sadat
Click to expand...

Hi Sadat,
This the Orphans left behind try to remove from the start up by doing the
following:
"AutoRuns for Windows v8.61 By Mark Russinovich and Bryce Cogswell"
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx
You can use the Tool above to remove the entry from the Start Up and from
the Registry if it is there is a key in the registry.
Run a scan for malwares from here:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org ; for Spybot S&D

Run Disk Clean up and Defrag in Safe Mode

HTH.
nass
===
www.nasstec.co.uk
 
E

Elmo

Sadat said:
Hi

I removed W32.Rontokbro@mm worm recently using Symantec tool. Now I can see
folder options, have access to both registries regedt32 and regedit and in
general no problems.

But everytime I log on or restart, the message "Windows cannot find
C:\WINDOWS\KesenjanganSocial.exe. Make sure you typed the name correctly and
then try again..." still keeps popping up. Symantec website simply advises
to ignore and close the message.

When I type msconfig, I can still see br5403on.exe listed as a start up
item. I can't see the file when I go to the path listed. Is there any
solution to stop this popup permanently?

Regards,
Sadat
Click to expand...

The reference to the malware was not removed from the registry.

Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3,
type the name of the file into the search pane. Click "Find Next", and
when located, delete the reference to the file. Press F3 to continue
the search.

You can click File, Export, and save the entry to the Desktop, attach
the file to a post in this thread; someone might note whether it's safe
to delete first. If you remove it and there's a problem, double-click
the .reg file you exported to the Desktop and it'll be added to the
registry again. You can create a restore point before editing the
registry too.
 
P

Patrick Keenan

Sadat said:
Hi

I removed W32.Rontokbro@mm worm recently using Symantec tool. Now I can
see folder options, have access to both registries regedt32 and regedit
and in general no problems.

But everytime I log on or restart, the message "Windows cannot find
C:\WINDOWS\KesenjanganSocial.exe. Make sure you typed the name correctly
and then try again..." still keeps popping up. Symantec website simply
advises to ignore and close the message.

When I type msconfig, I can still see br5403on.exe listed as a start up
item. I can't see the file when I go to the path listed. Is there any
solution to stop this popup permanently?

Regards,
Sadat
Click to expand...

You can't see the file but you can see in msconfig where the *reference to
it* is located. In msconfig, on the startup tab, there are three columns,
Item, Command, and Location.

You need to go there and remove the reference to the file. It may be as a
shortcut in the startup folder or in some place in the registry.

HTH
-pk
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Desktop ? and Common window 1
blaster worm 1
Trojan Horse Peacomm ... morphing into a bugger 4
Corrupt registry? CONFIG\SYSTEM missing or corrupt 7
** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22] 28
System 32 folder opens on start up 2
XP SP1 slow to start up 11
Blank Pages on Virus & Window Patches Pages 1

Top