-
Junior Member
Confusing System Startup Tool Entry!
Hello! As the title of the thread indicates, I have a very confusing System Startup tool entry. It's the first one listed and it isn't colored (green, yellow or red). Under the Key column it says HK_LM:Run (Current system). There is nothing under the Value or Command Line columns. When I click on the information bar on the right side of the screen it seems to give me conflicting information. Here is what it says:
Current filename:
Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: system32.exe
Description
Added by the _AGOBOT-KU_ WORM! Note - has a blank entry under the Startup Item/Name field
Source: Paul Collins Startup list
____________________
Current filename:
Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: pathex.exe
Description
Added by the _MKMOOSE-A_ WORM! Note - has a blank entry under the Startup Item/Name field
Source: Paul Collins Startup list
____________________
Current filename:
Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: svchost.exe
Description
Added by the _DELF-UX_ TROJAN! Note - this is not the legitimate _svchost.exe_ process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
Source: Paul Collins Startup list
____________________
Current filename:
Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: MSPF.EXE
Description
Added by a variant of the _SDBOT_ WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
Source: Paul Collins Startup list
____________________
Current filename:
Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: dllvirtual.exe
Description
Added by the _DADOBRA-IW_ TROJAN! Note - has a blank entry under the Startup Item/Name field
Source: Paul Collins Startup list
____________________
Current filename:
Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: dllvirtual.dll
Description
Added by the _DADOBRA-IW_ TROJAN! Note - has a blank entry under the Startup Item/Name field
Source: Paul Collins Startup list
____________________
Current filename:
Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: dllvirtual.js
Description
Added by the _DADOBRA-IW_ TROJAN! Note - has a blank entry under the Startup Item/Name field
Source: Paul Collins Startup list
____________________
Is this entry ALL of these things or could it just be any one in particular? How do I know if this is malicious or just a resource hog? Or is it just a false positive? If I knew the path(s) of the culprit(s) it would be easier to decide if I should get rid of it or not.
I scanned my computer using Norton Antivirus 2005, Ad-Aware 2007, Spybot Search and Destroy 1.5.2.20 and ZoneAlarm Pro's spyware scanner. All came up clean. Except for ZoneAlarm Pro's built-in spyware scanner which detected something called Mozy Filter which I believe is a false positive for my MozyHome backup software. I also use SpywareBlaster 4.0.
I have Windows XP SP2 which is current with all the security updates.
If anyone can help me I will truly appreciate it! If more information is needed, please let me know!
Thanks!
Oh, one more thing. I noticed that my ZoneAlarm Pro firewall seems to be blocking svchost.exe. But based on the source and destination IP addresses it seems like this is the legit svchost.exe.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules