CWS MSConfig removal

[Guest]

Hi,
What is the direct method of removing this pest: CWS MSConfig.
Nothing in Google search can give me the answer.

TIA,

 

[Gerry]

http://us.trendmicro.com/us/products/personal/CWShredder/


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Guest]

Thank you Gerry -- but it cannot kill that parasite. It always come back when ever I use
Run command and I've to use CWS Shedder to disable the pest. What I wanted is to
remove it from my system and stayed clean forever. YES, I hope some one can direct
me to the infected file and remove or delete it. --Rino

 

[Gerry]

Install and run HijackThis:
Download HijackThis (Freeware)
http://www.whatthetech.com/hijackthis/

Finally run HijackThis and post the HijackThis log to the HijackThis
forum here:
http://aumha.net/

You will need to register with Aumha to be able to post.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Guest]

Thank you Gerry I should follow your suggestion because self-diagnose is not 100% a cure. --Rino

 

[PA Bear]

cf. http://aumha.net/viewtopic.php?t=30624

Why are you STILL running WinXP without SP2 or any post-SP2 critical
updates installed? You told me in Aug-07 that the machine had been
fully patched: http://aumha.net/viewtopic.php?t=28418

Protect Your PC!
http://www.microsoft.com/athome/security/computer/default.mspx

Learn how to protect your PC by taking three simple steps
http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973-4DA5-9836-602954130D38

 

[Gerry]

Bear

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Gerry]

Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Gerry]

Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Gerry]

Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Gerry]

Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[PA Bear]

One reply would have sufficed, Gerry. <eg>

I didn't send Rino anywhere.

That O4 entry and others in the log are most likely indications of a
Zlob/Vundo/RBOT infection...and they probably brought some "friends" along
with them.

Rino is still running an unpatched version of WinXP Gold and a very
undependable anti-virus application. I tried to assist him a few months
ago: He'd assured me that the machine was fully patched at Windows Update
and was working fine. As you can see from his new HJT log, it isn't. If
chooses to not to practice Safe Hex, I have no time for him and I doubt
anyone else will either.

@Rino: Format & reinstall Windows | Get the machine fully patched at Windows
Update | Install a better anti-virus application plus Windows Defender,
SpywareBlaster, and BOClean | Stop going to risky websites/downloading
freeware.
--
~PAB

Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b

cf. http://aumha.net/viewtopic.php?t=30624

Why are you STILL running WinXP without SP2 or any post-SP2 critical
updates installed? You told me in Aug-07 that the machine had been
fully patched: http://aumha.net/viewtopic.php?t=28418

Protect Your PC!
http://www.microsoft.com/athome/security/computer/default.mspx

Learn how to protect your PC by taking three simple steps
http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973-4DA5-9836-602954130D38

 

[Plato]

Why are you STILL running WinXP without SP2 or any post-SP2 critical

True, one only wants to run XP2.

 

[Guest]

Robear; find my in-line answers:

cf. http://aumha.net/viewtopic.php?t=30624

Why are you STILL running WinXP without SP2 or any post-SP2 critical
updates installed? You told me in Aug-07 that the machine had been
fully patched: http://aumha.net/viewtopic.php?t=28418

The right question is why did Microsoft selling us their WinXP with defects?
Even my SP2 CD refused to install.

Protect Your PC!
http://www.microsoft.com/athome/security/computer/default.mspx

August to now is a long time and many things happened especially Ainti-Spyware
software. I took many invalid one out and my latest I've post in aumba.net.

Learn how to protect your PC by taking three simple steps
http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973-4DA5-9836-602954130D38

YES, your advices are good BUT all I need now is to point me where
CWS MSConfig.exe is hiding. Please do NOT change my topic. TIA.

 

[Guest]

Robear; find my in-line answers:

One reply would have sufficed, Gerry. <eg>

I didn't send Rino anywhere.

That O4 entry and others in the log are most likely indications of a
Zlob/Vundo/RBOT infection...and they probably brought some "friends" along
with them.

On my 1st reboot that "O4" line were gone ;o)
Your probably is all wrong!

Rino is still running an unpatched version of WinXP Gold and a very
undependable anti-virus application. I tried to assist him a few months
ago: He'd assured me that the machine was fully patched at Windows Update
and was working fine. As you can see from his new HJT log, it isn't. If
chooses to not to practice Safe Hex, I have no time for him and I doubt
anyone else will either.

My topic is CWS MSConfig removal -- I didn't ask for more. Please don't say
your last parting words B4 knowing my case. Please do NOT inject unconcluded
human behavior in my thread -- this is all about my PC a victim of malicious invaders.
If you can ONLY blame me then you 're creating 2 victims here.

@Rino: Format & reinstall Windows | Get the machine fully patched at Windows
Update | Install a better anti-virus application plus Windows Defender,
SpywareBlaster, and BOClean | Stop going to risky websites/downloading
freeware.

Remember the good old saying: "If it isn't broke DO NOT repair it"?
I guaranteed my PC is running fine now except for this last one intruder which entered
long time ago. I've a good protection software now -- thought we could get rid this
elusive one.

To Format & Reinstall especially with a Sony machine using ME O.S. is very uncon-
vinient. I wish Microsoft didn't produced that ME ;o( & get rich with our $$$?
YES, I can do it BUT not now -- wait until only black screen appears.

Sorry; a little late in replying BUT it is better than NEVER ;o) Been very busy
lately doing 10 movie using MM2 and even a 25 minute project took me over
4 hours of rendering into DV tape.

~PAB

Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b

cf. http://aumha.net/viewtopic.php?t=30624

Why are you STILL running WinXP without SP2 or any post-SP2 critical
updates installed? You told me in Aug-07 that the machine had been
fully patched: http://aumha.net/viewtopic.php?t=28418

Protect Your PC!
http://www.microsoft.com/athome/security/computer/default.mspx

Learn how to protect your PC by taking three simple steps
http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973-4DA5-9836-602954130D38

 

[Alias]

Robear; find my in-line answers:

(e-mail address removed)...
The right question is why did Microsoft selling us their WinXP with defects?
Even my SP2 CD refused to install.

August to now is a long time and many things happened especially Ainti-Spyware
software. I took many invalid one out and my latest I've post in aumba.net.

-4DA5-9836-602954130D38
YES, your advices are good BUT all I need now is to point me where
CWS MSConfig.exe is hiding. Please do NOT change my topic. TIA.

Did you clear your System Restore before using CWShredder to nuke the
pest. If not, it's probably hiding there and replicates itself every
time you nuke it.

Alias

 

[PA Bear]

I was replying to Gerry, not you.

Just because you had HijackThis fix the O4 entry et. al. does NOT mean that
the files the entries pointed to have been removed. I'm sure the machine is
still very badly infected, which is why you can't install SP2.

1. Format & reinstall Windows.

2. Take care of *everything* on the following webpage before otherwise
connecting the machine to the internet (e.g., to browse/surf, check email,
or chat):

Before You Connect a New Computer to the Internet
http://www.cert.org/tech_tips/before_you_plug_in.html

Security FAQ & Checklist
http://www.dslreports.com/faq/8463
--
~PA Bear

Robear; find my in-line answers:

<snip>

 

[Guest]

Thanks for responding - Alias.
Can you PLEASE show me how to clear my System Restore? I'll report if we
finally nailed it ;o)

Actually; the mild pest NEVER did any wrong except it bother me whenever I'm
using Run Command & I've to call-in CWShedder all the time to disabled it since
last year. Can I've this coming 2008 a clean PC?

Everybody knows to Format right-away is an over-killed -- not needing a MVP
to tell me that ;o) Cheers Robear ;o)

 

[Guest]

Just because you had HijackThis fix the O4 entry et. al. does NOT mean that

the files the entries pointed to have been removed. I'm sure the machine is
still very badly infected, which is why you can't install SP2.

NO! I never used HJT for that missing O4 entry. I tried hard to look for it BUT
find none and YES, Jerry reported it correctly. I'm now very happy ;o) with my
fully protected PC. I can forget the SP2, surf and get FREE software worry FREE.
If you're curious again, just trace back what I've said before.

Thanks For Everything's! What A Splendid lesson for me ;o)

 

[PA Bear]

Your headers (Microsoft Outlook Express 6.00.2600.0000) tell us that you
still do not have SP2 installed: You are NOT "fully protected"!