How does malware launch at startup?

  • Thread starter Thread starter Ray K
  • Start date Start date
R

Ray K

A friend's computer has over the past few months become very sluggish on
her DSL internet downloads. I strongly suspect spyware or other such
malware.

I use a program called Startup Control Panel. It has five tabs,
corresponding to all the places - Startup (user), Startup (common),
HKLM/run, HKCU/run, and Run Once - that can launch programs at startup.
It lets me enable or disable any of the programs listed under each tab.

Problem is, I don't see anything suspicious. Where do malware programs
hide so programs like Startup CP can't find them?

Thanks,

Ray
 
Ray said:
A friend's computer has over the past few months become very sluggish on
her DSL internet downloads. I strongly suspect spyware or other such
malware.

I use a program called Startup Control Panel. It has five tabs,
corresponding to all the places - Startup (user), Startup (common),
HKLM/run, HKCU/run, and Run Once - that can launch programs at startup.
It lets me enable or disable any of the programs listed under each tab.

Problem is, I don't see anything suspicious. Where do malware programs
hide so programs like Startup CP can't find them?

Thanks,

Ray

So are you GeorgeWBush or RayK? Why did you post twice?

Have you tried anything besides Startup CP? It sounds like you need more
tools. If you browse through alt.privacy.spyware, you'll find a
terrific, well-updated FAQ that will give you a long list of tools and
techniques for keeping your friend's system clean.

I, and many others, use SuperAntiSpyware, AdAware, Spybot S&D, and MBAM
on a regular basis to keep the systems in my house clean. I also have
used them at friends' houses to clean up their infections. This is on
top of AntiVirus software, some purchased, some free.

If you do a little reading and experimenting, you should be able to
resolve any issues that you find.

RB
 
Rube said:
So are you GeorgeWBush or RayK? Why did you post twice?

Have you tried anything besides Startup CP? It sounds like you need more
tools. If you browse through alt.privacy.spyware, you'll find a
terrific, well-updated FAQ that will give you a long list of tools and
techniques for keeping your friend's system clean.

I, and many others, use SuperAntiSpyware, AdAware, Spybot S&D, and MBAM
on a regular basis to keep the systems in my house clean. I also have
used them at friends' houses to clean up their infections. This is on
top of AntiVirus software, some purchased, some free.

If you do a little reading and experimenting, you should be able to
resolve any issues that you find.

RB

I just noticed that the illustrious DHL also answered your post. Go back
and look for other posts by him. I've never seen him be wrong. I, on the
other hand, am wrong, or maybe just misinformed or mistaken, on a
regular basis ;-)

RB
 
Ray said:
A friend's computer has over the past few months become very sluggish
on her DSL internet downloads. I strongly suspect spyware or other
such malware.

I use a program called Startup Control Panel. It has five tabs,
corresponding to all the places - Startup (user), Startup (common),
HKLM/run, HKCU/run, and Run Once - that can launch programs at
startup. It lets me enable or disable any of the programs listed under
each tab.

Problem is, I don't see anything suspicious. Where do malware programs
hide so programs like Startup CP can't find them?

Thanks,

Ray
Thanks David, Rube, and Wolf for the excellent suggestions. The problem
right now is that some of the suggested programs require an internet
connection to download the latest updates. At her home, she's uses DSL.
Now that I'm troubleshooting it in my home, with a cable connection, I
have to install in her computer my Optonline software.

And to make things more complicated, her computer still uses Windows ME,
which some of those programs don't work with. I am going to "upgrade"
her computer to W2K.

So far, all I have done is run Crap Cleaner. My plan is as follows:

1. Install W2K
2. Connect her computer to my cable
3. Download W2K SP4 and 60 hot fixes
4. Try your other suggestions.

It's going to be a long, tedious day today.

Ray
 
Ray said:
... At her home, she's uses DSL. Now that I'm troubleshooting it in my
home, with a cable connection, I have to install in her computer my
Optonline software.

I do not know of any cable internet service that requires one to install
any software. They all seem to offer crap, though, and try to make you
believe you need it. Just don't install it.

Your router, network card, and OS should handle it all.
 
David said:
From: "Ray K" <[email protected]>

| Thanks David, Rube, and Wolf for the excellent suggestions. The problem
| right now is that some of the suggested programs require an internet
| connection to download the latest updates. At her home, she's uses DSL.
| Now that I'm troubleshooting it in my home, with a cable connection, I
| have to install in her computer my Optonline software.

| And to make things more complicated, her computer still uses Windows ME,
| which some of those programs don't work with. I am going to "upgrade"
| her computer to W2K.

| So far, all I have done is run Crap Cleaner. My plan is as follows:

| 1. Install W2K
| 2. Connect her computer to my cable
| 3. Download W2K SP4 and 60 hot fixes
| 4. Try your other suggestions.

| It's going to be a long, tedious day today.

| Ray


Thee is NO upgrade path from WinME to Win2K. You'll have to wipe the PC and install Win2K
from scratch.

It isn't just SP4, there is also the post SP4 RollUp and the subsequent hotfixes.
David,

I'm puzzled. Before you posted the above message, I had already started
the installation of W2000 Pro. Before I got to the point that I had to
enter the product ID code, the program gave me the option of an upgrade
or a clean install. Next to the "Upgrade to Windows 2000 (recommended)"
option, it says: "If you upgrade, your current operating system is
replaced, but your existing setting and installed programs are not
changed."

Next to the "Install a new copy of Windows 2000 (clean install)" it does
warn that "you must specify new settings and reinstall your existing
software."

The problem is that I have to have a working internet connection before
going either way.

Any advice?

Ray
 
Ray said:
David,

I'm puzzled. Before you posted the above message, I had already started
the installation of W2000 Pro. Before I got to the point that I had to
enter the product ID code, the program gave me the option of an upgrade
or a clean install. Next to the "Upgrade to Windows 2000 (recommended)"
option, it says: "If you upgrade, your current operating system is
replaced, but your existing setting and installed programs are not
changed."

Next to the "Install a new copy of Windows 2000 (clean install)" it does
warn that "you must specify new settings and reinstall your existing
software."

The problem is that I have to have a working internet connection before
going either way.

Any advice?

Ray
I have some advice for you.
1.Make sure you have the ME restore disks in hand before going any
further so if you really screw things up you can put her machine back
the way it was when she bought it.
2.Using a flash drive, make copies of all documents,pics,etc. before
installing w2k.
3.You may need drivers for some of the hardware(video/modem/
etc.)-download them before format/install.

max
 
rises said:
I have some advice for you.
1.Make sure you have the ME restore disks in hand before going any
further so if you really screw things up you can put her machine back
the way it was when she bought it.
2.Using a flash drive, make copies of all documents,pics,etc. before
installing w2k.
3.You may need drivers for some of the hardware(video/modem/
etc.)-download them before format/install.

max
Good advice, Max. I don't think she ever had restore disks. The computer
was made at a local mom-and-pop shop; the case doesn't even have a
hard-drive activity light. That's how extreme they were in cutting corners.

I started the install before receiving your message. I installed over
ME; I didn't reformat. While the installation took lots of time (mostly
waiting while W2K seemed to be doing nothing), it was otherwise
uneventful. I'm spending too much time updating drivers, but that's
pretty much behind me now.

Ray
 
From: "Ray K" <[email protected]>

| Thanks David, Rube, and Wolf for the excellent suggestions. The
| problem right now is that some of the suggested programs require an
| internet connection to download the latest updates. At her home,
| she's uses DSL. Now that I'm troubleshooting it in my home, with a
| cable connection, I have to install in her computer my Optonline
| software.

| And to make things more complicated, her computer still uses Windows
| ME, which some of those programs don't work with. I am going to
| "upgrade" her computer to W2K.

| So far, all I have done is run Crap Cleaner. My plan is as follows:

| 1. Install W2K
| 2. Connect her computer to my cable
| 3. Download W2K SP4 and 60 hot fixes
| 4. Try your other suggestions.

| It's going to be a long, tedious day today.

| Ray


Thee is NO upgrade path from WinME to Win2K. You'll have to wipe the
PC and install Win2K from scratch.

I do not believe thats accurate Dave. I have upgraded from WinME oem to
Win2k Oem, sp4 before.

It isn't just SP4, there is also the post SP4 RollUp and the
subsequent hotfixes.

Which can be applied via windows update...

I don't find the reasoning for an upgrade of this nature to necessarily
be a good idea.. but alas, I'm not the OP and don't know his specific
situation or the computer hardware specs.
 
Wouldn't hurt to have read his entire post before you responded with this
article link. The system isn't totally compromised at this point. That
article is for worst case scenario's.


Be careful. D doesn't like criticism. You are teetering on the brink
of racist abuse if you persist with such comments.


Jim :)
 
James said:
Be careful. D doesn't like criticism. You are teetering on the brink
of racist abuse if you persist with such comments.


Jim :)

All Buckweat's concerned about
is selling enough routers to keep chitlins on his plate.
 
How do you know? How do you know what's on that person's machine?

Well, based on the post, I know the machine is still running; and not
entirely crashing out. So, without further information, I would say it's
not completely compromised. I could be wrong, of course. I'd rather have
a look at the machine before one goes ahead and assumes worst possible
case scenario.
 
Back
Top