godawgs
2009-02-10, 08:39
There are some entries in the system startup list that I have some questions about. I was told in a previous post that the display information for startup entries normally consistes of:
Current filename:
Database status:
Value:
Filename:
Description:
Source:
I couldn't figure out how to get the display information to show up when I right clicked in the startup list window and copied the contents to the clipboard, but I did get the actual startup entries
The first one is from Bellsouth. They were my IP before AT&T bought them out. AT&T required an upgrade and after the upgrade, the entire "C:\Program Files\Support.com folder and all sub folder was removed. The second one appears to be the installation of the AT&T upgrade and the TEMP folder was removed.
These are the two entries:
Located: HK_LM:Run, tgcmd (DISABLED)
command: "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
file: C:\Program Files\Support.com\BellSouth\hcenter.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Download
where: S-1-5-21-2695072642-473866232-3689853989-1006...
command: "C:\DOCUME~1\JC\LOCALS~1\Temp\HC4\SSGet.exe" 120 "http://download.fastaccess.com/download/HC4Installer.exe" "HC4Installer.exe" Log
file: C:\DOCUME~1\JC\LOCALS~1\Temp\HC4\SSGet.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
The next four are the ones I don't understand. I think they refer to Windows Messenger. Messenger has been set in the program not to run at startup.
The files are large,and according to the display information (which I copied) they could be a trojan. These are the entries. The display information that I copied follows them.
Any help would be appreciated.
Located: HK_CU:Run, MSMSGS
where: PE_C_OWNER...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-2695072642-473866232-3689853989-1007...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-2695072642-473866232-3689853989-500...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-2695072642-473866232-3689853989-501...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
This information appears in the information bar area of the system startup page for each entry.
Current Filename: "C\Program Files\Messenger\msmsgs.exe" /background
Database status:Necessity depends on user preferences
Value:MSMSGS
Filename:msmsgs.exe
Description: Windows Messenger- Programs. Go to Windows Messenger >Tools >Options >Preferences and uncheck "Run this program when windows starts" (The box is already unchecked)
Source:Paul Collins Startup List
___________________
Current Filename: "C\Program Files\Messenger\msmsgs.exe" /background
Database status:Not Required-virus,Spyware, maleware or other resource hog.
Value:MSMSGS
Filename:msmsgs.exe
Description: Added by the SMALL-EW TROJAN!
Source:Paul Collins Startup List
Thanks'
JC
Current filename:
Database status:
Value:
Filename:
Description:
Source:
I couldn't figure out how to get the display information to show up when I right clicked in the startup list window and copied the contents to the clipboard, but I did get the actual startup entries
The first one is from Bellsouth. They were my IP before AT&T bought them out. AT&T required an upgrade and after the upgrade, the entire "C:\Program Files\Support.com folder and all sub folder was removed. The second one appears to be the installation of the AT&T upgrade and the TEMP folder was removed.
These are the two entries:
Located: HK_LM:Run, tgcmd (DISABLED)
command: "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
file: C:\Program Files\Support.com\BellSouth\hcenter.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Download
where: S-1-5-21-2695072642-473866232-3689853989-1006...
command: "C:\DOCUME~1\JC\LOCALS~1\Temp\HC4\SSGet.exe" 120 "http://download.fastaccess.com/download/HC4Installer.exe" "HC4Installer.exe" Log
file: C:\DOCUME~1\JC\LOCALS~1\Temp\HC4\SSGet.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
The next four are the ones I don't understand. I think they refer to Windows Messenger. Messenger has been set in the program not to run at startup.
The files are large,and according to the display information (which I copied) they could be a trojan. These are the entries. The display information that I copied follows them.
Any help would be appreciated.
Located: HK_CU:Run, MSMSGS
where: PE_C_OWNER...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-2695072642-473866232-3689853989-1007...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-2695072642-473866232-3689853989-500...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-2695072642-473866232-3689853989-501...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
This information appears in the information bar area of the system startup page for each entry.
Current Filename: "C\Program Files\Messenger\msmsgs.exe" /background
Database status:Necessity depends on user preferences
Value:MSMSGS
Filename:msmsgs.exe
Description: Windows Messenger- Programs. Go to Windows Messenger >Tools >Options >Preferences and uncheck "Run this program when windows starts" (The box is already unchecked)
Source:Paul Collins Startup List
___________________
Current Filename: "C\Program Files\Messenger\msmsgs.exe" /background
Database status:Not Required-virus,Spyware, maleware or other resource hog.
Value:MSMSGS
Filename:msmsgs.exe
Description: Added by the SMALL-EW TROJAN!
Source:Paul Collins Startup List
Thanks'
JC