Casper42
2006-01-10, 21:01
I had some spyware lingering on my laptop and tried to clean it off this past wekend. Well it looked like I got the entries all out, but then when I rebooted my machine, I couldnt logon. When I logged on as my cached domain account, or as the local administrator account, I am immediately logged off and put back to the CTRL+ALT+DEL screen. Same in Safe Mode and Safe Mode with Command prompt. I tried to use Last Known Good and that didnt work
I searched the net and found many articles about rsaupdater.exe or something like that hiding in Winlogon, but I searched my machine and its registry (via BartPE) and found no traces of this program.
I did however find a program and reg entry that concerned me, and have deleted them just now via BartPE but I thought I would post anyway since you all seem to know your stuff.
file was named msconfigs.exe and was in sys32. Reg entry for it was
HKLM\System\ControlSet001/002/003\Services\Windows Internet Provider
Soooooo..... Any ideas for me? keep in mind I can get in via BartPE, but I cannot (well maybe) run most of the common removal tools you all might refer me to.
-Dan
I searched the net and found many articles about rsaupdater.exe or something like that hiding in Winlogon, but I searched my machine and its registry (via BartPE) and found no traces of this program.
I did however find a program and reg entry that concerned me, and have deleted them just now via BartPE but I thought I would post anyway since you all seem to know your stuff.
file was named msconfigs.exe and was in sys32. Reg entry for it was
HKLM\System\ControlSet001/002/003\Services\Windows Internet Provider
Soooooo..... Any ideas for me? keep in mind I can get in via BartPE, but I cannot (well maybe) run most of the common removal tools you all might refer me to.
-Dan