interesting entries in my MSCONFIG listing

[Rick Langston]

I ran msconfig to see what startup items were present. I found
some that were suspicious, plus some I know vaguely what they
are and hope that it's OK to disable them:

startup item command
realsched c:\Program Files\Common Files\Real\Update_OB\realsched.exe

This one shows up twice, and obviously is related to the Real Player in
some form or another. I suspect there's really no need to have it be a
startup. I occasionally get this popups which are in effect advertistements
for the Real site. I suspect this is related.

realplay c:\Program Files\Real\RealOne
Player\realplay.exe/RunUPGToolCommandReBoot

This one also appears related to Real Player and is likely not required for
the player itself to function

dl sc3lth...gac0 Disabled C:\WINDOWS\dl.exe
dlm sc3lth...gac0 Disabled C:\WINDOWS\dlm.exe

Now these two are very suspicious. I've only shown a part of the name here
(startng
with sc3l and ending with gac0), because I'm not sure from what it derives.
When
I see the name DL I think of eacher some kind of dialer or some kind of
download
manager. A dialer might not matter much since my laptop is never connected
to a
phone line, but if it can do anything over VOIP it could wreak havoc. The
fact that
'disabled' appears makes me wonder if it's really disabled.

And the most suspicious of all has a blank name for startup item and a
blank name for command. This one really has me worried....

I've disabled all the ones listed above. But I've not yet rebooted. Any
thoughts
on these items and whether I will have problems when I reboot, or if they
may
be malicious? (I suspect the ones from Real aren't malicious, but more
likely
just bothersome, but I don't want to disable Real Player from working when
it's invoked).

 

[Michael Walraven]

The dl and dlm certainly sound suspicious.
The blank line is a screwup on some uninstallers part which blanked out the
entry rather than deleted it. I have had it and it annoyed my enough that I
went to the registery and reset the entry ...../run back to empty default
(not the run entries the one for the key iteslf).

 

[Guest]

Msconfig is rather conservative. If you want to have a better view and more
free hands use the freeware from MS TechNet.
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx

 

[JS]

Try Autoruns from the new Windows SysInternals (formerly Sysinternals) site:
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx
This will show all apps/etc. that load/run when you first boot and
selectively allow you to stop any that you don't want.

Note: To get additional detail on an item in the list you may need to
highlight the item (right click) and use the Google option to get the
details, especially useful for the more obscure items in the list.

JS

 

[Wesley Vogel]

dl.exe is a file associated with the W32.Bagz@mm worm

What does it do?
W32.Bagz@mm is a mass-mailing worm that uses its own SMTP engine to send
itself to email addresses gathered from the infected computer.

dlm.exe = Adult content dialler

UPDATE your antivirus software and run a full system scan.

UPDATE whatever anti-spyware applications that you have and run a full
system scan with each one.

You might want to start in Safe Mode to run your antivirus and anti-spyware
software.

Running a full system antivirus scan or anti-spyware scan in Safe Mode can
be a good idea. Some viruses and other malware like to conceal themselves
in areas Windows protects while using them. Safe mode will prevent those
applications access and therefore unprotect the viruses or other malware
allowing for easier removal.

How to start Windows in Safe Mode Windows XP
http://www.bleepingcomputer.com/forums/index.php?showtutorial=61#winxo

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

http://www.castlecops.com/StartupList.html
See what important function they serve, if any, or if you should remove or
leave them..
Cheers
j;-j