Autoexec.nt Disappears from system

[Guest]

I have an interesing problem that occours all too frequently. On several
occasions, when trying to load or run 16-bit games and apps, a msg window
appears saying Autoexec.nt not suitable for running this program, and low and
behold, I look in my protected recycle bin and there it is discarded...how
this happens is far beyond me, and i hope to get a little help if possible
please. thanks

 

[Guest]

greetings!

you might have adware and spyware. a particular file is called
"windupdate.*" (NOT "winupdate.*"). this file removes the autoexec.nt file
each time you start up. first, find and delete windupdate. then, using
windows explorer, find "autoexec.nt " in C:\windows\repair folder. right
click to copy it. open C:\windows\system32 and paste the file there.

to confirm, START=>RUN=>COMMAND. if you get a command prompt in DOS, you're
rockin' and rollin'.....

check for adware and spyware weekly (at least)!

 

[Topgunner]

greetings!

you might have adware and spyware. a particular file is called

"windupdate.*" (NOT "winupdate.*"). this file removes the
autoexec.nt file
each time you start up. first, find and delete windupdate.
then, using
windows explorer, find "autoexec.nt " in C:windowsrepair
folder. right
click to copy it. open C:windowssystem32 and paste the file
there.

to confirm, START=>RUN=>COMMAND. if you get a command prompt
in DOS, you're
rockin' and rollin'.....

check for adware and spyware weekly (at least)!

I have the exact same problem on Win 2000 professional and it is very
frustrating. Something is deleting autoexec.nt--I have run 3 spyware
programs and two anti-virus programs to no avail. I have checked file
associations to no avail. I have used a workaround which works but
does not satisfy my intellect. The workaround is to copy autoexec.nt
to the winnt\system32 folder and change the little bugger’s
attributes to "read only" before he can go awol!! It works!

 

[David Candy]

Autoexec.nt. There is something deleting it for many people at boot or shutdown. Hopefully auditiong will show what program or virus is doing it. Most people can't use auditing so noone know what it is. Auditing records access to something (what you specify it to) in Windows. It's off by default because it slows down the computer and often noone cares.

1. Turn on auditing (this turns it on but nothing is being audited)
2. Set auditing for just this file (else you'll get millions of messages to sort through if you audit everything).


1. You must enable Auditing for the machine (in Local Security Policy - see Help).

2. You must specify what to audit. You do this the same place you set permissions (click Advanced).

Then you can read it in the Event Viewer


Audit object access
Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy

Description
Determines whether to audit the event of a user accessing an object-for example, a file, folder, registry key, printer, and so forth-that has its own system access control list (SACL) specified.

If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when a user successfully accesses an object that has a SACL specified. Failure audits generate an audit entry when a user unsuccessfully attempts to access an object that has a SACL specified. To set this value to no auditing, in the Properties dialog box for this policy setting, select the Define these policy settings check box and clear the Success and Failure check boxes.

Note that you can set a SACL on a file system object using the Security tab in that object's Properties dialog box.

Default: No auditing.



Then set auditing for your drives in the Drives Properties - Security - Advanced - Auditing

You have to turn it on then set what is to be audited.

This is what a audit for a printer looks like

Object Open:
Object Server: Spooler
Object Type: Document
Object Name: http://smh.com.au/news/opinion/webdiary/index.html?from=lhsnav
Handle ID: 9487952
Operation ID: {-,-}
Process ID: 1020
Image File Name: C:\WINDOWS\system32\spoolsv.exe
Primary User Name: SERENITY$
Primary Domain: WORKGROUP
Primary Logon ID: (0x0,0x3E7)
Client User Name: David Candy
Client Domain: SERENITY
Client Logon ID: (0x0,0xE179)
Accesses: READ_CONTROL
%%6949
Privileges: -
Restricted Sid Count: 0
For more information, see Help and Support Center at

Big companies have programs that look through these logs. You can use a spreadsheet.

 

[Ramesh [MVP]]

Would like to see which virus is causing the problem this time.

--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org


"David Candy" <.> wrote in message Autoexec.nt. There is something deleting it for many people at boot or shutdown. Hopefully auditiong will show what program or virus is doing it. Most people can't use auditing so noone know what it is. Auditing records access to something (what you specify it to) in Windows. It's off by default because it slows down the computer and often noone cares.

1. Turn on auditing (this turns it on but nothing is being audited)
2. Set auditing for just this file (else you'll get millions of messages to sort through if you audit everything).


1. You must enable Auditing for the machine (in Local Security Policy - see Help).

2. You must specify what to audit. You do this the same place you set permissions (click Advanced).

Then you can read it in the Event Viewer


Audit object access
Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy

Description
Determines whether to audit the event of a user accessing an object-for example, a file, folder, registry key, printer, and so forth-that has its own system access control list (SACL) specified.

If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when a user successfully accesses an object that has a SACL specified. Failure audits generate an audit entry when a user unsuccessfully attempts to access an object that has a SACL specified. To set this value to no auditing, in the Properties dialog box for this policy setting, select the Define these policy settings check box and clear the Success and Failure check boxes.

Note that you can set a SACL on a file system object using the Security tab in that object's Properties dialog box.

Default: No auditing.



Then set auditing for your drives in the Drives Properties - Security - Advanced - Auditing

You have to turn it on then set what is to be audited.

This is what a audit for a printer looks like

Object Open:
Object Server: Spooler
Object Type: Document
Object Name: http://smh.com.au/news/opinion/webdiary/index.html?from=lhsnav
Handle ID: 9487952
Operation ID: {-,-}
Process ID: 1020
Image File Name: C:\WINDOWS\system32\spoolsv.exe
Primary User Name: SERENITY$
Primary Domain: WORKGROUP
Primary Logon ID: (0x0,0x3E7)
Client User Name: David Candy
Client Domain: SERENITY
Client Logon ID: (0x0,0xE179)
Accesses: READ_CONTROL
%%6949
Privileges: -
Restricted Sid Count: 0
For more information, see Help and Support Center at

Big companies have programs that look through these logs. You can use a spreadsheet.

 

[David Candy]

Me too as I refuse to answer this till I know the cause.

--
----------------------------------------------------------
http://www.uscricket.com
Would like to see which virus is causing the problem this time.

--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org


"David Candy" <.> wrote in message Autoexec.nt. There is something deleting it for many people at boot or shutdown. Hopefully auditiong will show what program or virus is doing it. Most people can't use auditing so noone know what it is. Auditing records access to something (what you specify it to) in Windows. It's off by default because it slows down the computer and often noone cares.

1. Turn on auditing (this turns it on but nothing is being audited)
2. Set auditing for just this file (else you'll get millions of messages to sort through if you audit everything).


1. You must enable Auditing for the machine (in Local Security Policy - see Help).

2. You must specify what to audit. You do this the same place you set permissions (click Advanced).

Then you can read it in the Event Viewer


Audit object access
Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy

Description
Determines whether to audit the event of a user accessing an object-for example, a file, folder, registry key, printer, and so forth-that has its own system access control list (SACL) specified.

If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when a user successfully accesses an object that has a SACL specified. Failure audits generate an audit entry when a user unsuccessfully attempts to access an object that has a SACL specified. To set this value to no auditing, in the Properties dialog box for this policy setting, select the Define these policy settings check box and clear the Success and Failure check boxes.

Note that you can set a SACL on a file system object using the Security tab in that object's Properties dialog box.

Default: No auditing.



Then set auditing for your drives in the Drives Properties - Security - Advanced - Auditing

You have to turn it on then set what is to be audited.

This is what a audit for a printer looks like

Object Open:
Object Server: Spooler
Object Type: Document
Object Name: http://smh.com.au/news/opinion/webdiary/index.html?from=lhsnav
Handle ID: 9487952
Operation ID: {-,-}
Process ID: 1020
Image File Name: C:\WINDOWS\system32\spoolsv.exe
Primary User Name: SERENITY$
Primary Domain: WORKGROUP
Primary Logon ID: (0x0,0x3E7)
Client User Name: David Candy
Client Domain: SERENITY
Client Logon ID: (0x0,0xE179)
Accesses: READ_CONTROL
%%6949
Privileges: -
Restricted Sid Count: 0
For more information, see Help and Support Center at

Big companies have programs that look through these logs. You can use a spreadsheet.