msconfig question

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

When I do msconfig/start menu, I see a file 'kalvybw32.exe' and yet when
I do a search for it, it doesn't show up.Does anyone know what this file
is/does and how does one go about deleting it from the start menu. If I
just uncheck it, I have to do the restart process.
TIA
Norvin
 
Hi

If the name of the file is spelt correctly:

Have you virus checked your system with the latest definitions for your Anti
Virus program?

Also please try these programs to check for any spyware that may be on your
system:

Ad-Aware - www.lavasoftusa.com
Spybot - http://www.safer-networking.org/
CWShredder - http://forum.aumha.org/downloads/cwshredder.zip
Spy Sweeper - www.webroot.com

Try SpyWareBlaster to stop intrusions:

http://www.javacoolsoftware.com/spywareblaster.html

Also see the following links:

http://aumha.org/a/parasite.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.microsoft.com/security/articles/spyware.asp

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups
 
Download Ad-aware SE and scan your PC for the presence of spyware:
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Microsoft Windows AntiSpyware
http://www.microsoft.com/athome/security/spyware/software/default.mspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

----------------------------------------------------------------------------

"Norvin" wrote:

| When I do msconfig/start menu, I see a file 'kalvybw32.exe' and yet when
| I do a search for it, it doesn't show up.Does anyone know what this file
| is/does and how does one go about deleting it from the start menu. If I
| just uncheck it, I have to do the restart process.
| TIA
| Norvin
 
Hi Norvin,

It's a trojan (virus) file. Follow these "relatively" simple removal steps:

Restart in Safe mode by hitting F8 as Windows first begins to load on boot.
Logon as administrator. As this can be tricky, you will find help in doing
this here:
http://www.rickrogers.org/fixes.htm#Safe mode

Start/search/files and folders, look for <filename> and delete it wherever
it is found (hopefully it is not found if your antivirus software is doing
its job).

Click start/run, type regedit and click ok. Expand the plus (+) signs to
look under these keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

Look in the right hand pane for the string or strings that load that file.
Delete just those strings that contain the reference. Do not delete other
strings or the keys from the left pane. Close the registry editor when
completed, make sure you check all strings.

Go to the Control Panel/System/System Restore tab. Check the box to "Turn
off system restore on all drives". Click apply/ok. This will remove all
restore points, however you don't want them back as some or all of them will
contain the virus depending upon how recently you got infected.

Restart the system normally. Go back to the Control Panel/System and restart
System Restore.

Update your antivirus software, run a full system scan.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org
 
Rick said:
Hi Norvin,

It's a trojan (virus) file. Follow these "relatively" simple removal steps:

Restart in Safe mode by hitting F8 as Windows first begins to load on boot.
Logon as administrator. As this can be tricky, you will find help in doing
this here:
http://www.rickrogers.org/fixes.htm#Safe mode

Start/search/files and folders, look for <filename> and delete it wherever
it is found (hopefully it is not found if your antivirus software is doing
its job).

Click start/run, type regedit and click ok. Expand the plus (+) signs to
look under these keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

Look in the right hand pane for the string or strings that load that file.
Delete just those strings that contain the reference. Do not delete other
strings or the keys from the left pane. Close the registry editor when
completed, make sure you check all strings.

Go to the Control Panel/System/System Restore tab. Check the box to "Turn
off system restore on all drives". Click apply/ok. This will remove all
restore points, however you don't want them back as some or all of them will
contain the virus depending upon how recently you got infected.

Restart the system normally. Go back to the Control Panel/System and restart
System Restore.

Update your antivirus software, run a full system scan.
Click to expand...
Rick, thanks for the help and as long as I got you, perhaps you can
help me with another problem I have been having. Somewhere along the
line I seemed to have picked up some kind of program that whenever I am
on the internet, I keep getting ads from MS for this and that. I checked
with task mgr and it shows that Iexplore.exe is running. Since I am
using Mozilla browser and SBCYahoo service, I don't know where this is
coming from. I have deleted it from task mgr repeatedly and it just pops
up again. Not sure where it is coming from and I guess my question is...
is there someway that I can trace back to see what program is requesting
that Iexplore.exe to start. If you have any ideas, I am glad to hear
them. TIA
Norvin,
 
Hi,

I hope you don't mind me jumping in here but, I have had some big
problems with viruses lately. The only way I could get the system
running again was to run a system resotre from acouple of months ago.


I've tried running antivirus programs and have not been impressed..
ran McAfee, Trend PCIllin and Norton... Norton appeared to be the best
but couldn't delete certain viruses and I couldn't locate the files it
claimed I needed to delete using Regedit..

Are there any other top notch antivirus programs??? Panda,?.
SOPHOS? Avast?

Hackers just seem to want to cause big problems... We just
added Black Ice and we had Spysweeper running when we were
invaded.

YOur Help is APpreciated....

Drowning in a pool of viruses, Josh :)
 
Rick said:
Hi Norvin,

Check for spyware, these can help:

Adaware www.lavasoft.de
Spybot www.safer-networking.org

This one can help you avoid these programs from being installed in the first
place:
Spyware Blaster: www.javacoolsoftware.com/spywareblaster.html
Click to expand...
I update these two spyware along with AVG7 and NAV 04 weekly and run at
least twice a week. These are not random spam but very specific to MS. I
get popups warning me that my system may have viruses/spyware and I
should download the new 'spybloc' and give it a try. I also get a lot of
little popups telling me something about a site not being able to be
seen offline and I should sign on, again from MS.
This is getting to be a real mystery, hopefully I can resolve.
Thanks again for the help.
Norvin
 
Hi,

My usual recommendation is to run full system scans with several different
antivirus programs. However, you should update them, then restart in Safe
mode before running them. An active virus in Normal mode usually will avoid
or block detection, and removal is difficult at best.

How to start in Safe mode:
http://www.rickrogers.org/fixes.htm#Safe mode

Free virus removal tools:

http://vil.nai.com/vil/stinger/
http://www.emsisoft.com/en/
http://free.grisoft.com/doc/8/lng/us/tpl/v5/nid/3001#3001
http://www.f-secure.com/download-purchase/tools.shtml

Also, you may use this free on-line scanner:
http://housecall.trendmicro.com/

Symantec also distributes many free removal tools that are virus-specific:
http://securityresponse.symantec.com/avcenter/tools.list.html

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org
 
Hi,

They are not from Microsoft, they are disguised to look like they are coming
from Microsoft. These are nothing more than blatant advertisements.
Evidentally your internet security settings are allowing these, recheck tehm
in Internet Options, and disallow most sites from running controls. Also, if
SP2 is installed, check the allowed sites in the popups blocker.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org
 
Rick said:
Hi,

They are not from Microsoft, they are disguised to look like they are coming
from Microsoft. These are nothing more than blatant advertisements.
Evidentally your internet security settings are allowing these, recheck tehm
in Internet Options, and disallow most sites from running controls. Also, if
SP2 is installed, check the allowed sites in the popups blocker.
Click to expand...
After doing the safe power up and regedit routine, I happened to do
another search for 'kalv' and a 'kalvuks32.exe' came and I was wondering
if this is another version of the 'kalvybw32.exe' virus. Is there a
place to go and check this out. I did a google on 'kalvuks32.exe' and
nothing came back. Also the kalvybw32.exe still shows in msconfig and
not sure if I can remove it or just ignore it. You have helped a great
deal and I am starting to feel better about my pc. I ordered a SP2 CD
and now have to do the research to see if I should install or not. Never
a dull moment with this machine.
Thanks again
Norvin
 
Back
Top