Hi,
What is the direct method of removing this pest: CWS MSConfig.
Nothing in Google search can give me the answer.

TIA,

http://us.trendmicro.com/us/products...al/CWShredder/


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

< < Rino > > wrote:

Thank you Gerry -- but it cannot kill that parasite. It always come back when ever I use
Run command and I've to use CWS Shedder to disable the pest. What I wanted is to
remove it from my system and stayed clean forever. YES, I hope some one can direct
me to the infected file and remove or delete it. --Rino


"Gerry" <gerry@nospam.com> wrote in message news:uNa21UoPIHA.4656@TK2MSFTNGP03.phx.gbl...

Install and run HijackThis:
Download HijackThis (Freeware)
http://www.whatthetech.com/hijackthis/

Finally run HijackThis and post the HijackThis log to the HijackThis
forum here:
http://aumha.net/

You will need to register with Aumha to be able to post.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

< < Rino > > wrote:

Thank you Gerry I should follow your suggestion because self-diagnose is not 100% a cure. --Rino


"Gerry" <gerry@nospam.com> wrote in message news:#cbg4hpPIHA.5264@TK2MSFTNGP02.phx.gbl...

cf. http://aumha.net/viewtopic.php?t=30624

Why are you STILL running WinXP without SP2 or any post-SP2 critical
updates installed? You told me in Aug-07 that the machine had been
fully patched: http://aumha.net/viewtopic.php?t=28418

Protect Your PC!
http://www.microsoft.com/athome/secu...r/default.mspx

Learn how to protect your PC by taking three simple steps
http://www.microsoft.com/downloads/d...6-602954130D38

Bear

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
PA Bear wrote:

Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
PA Bear wrote:

Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
PA Bear wrote:

Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
PA Bear wrote:

Bear

I sent him to you lot! Why are you sending him back?

What is this item in the latest log?
O4 - HKLM\..\Run: [ccea8c8b] rundll32.exe
"C:\WINDOWS\System32\mnrfmuxa.dll",b


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
PA Bear wrote:

One reply would have sufficed, Gerry. <eg>

I didn't send Rino anywhere.

That O4 entry and others in the log are most likely indications of a
Zlob/Vundo/RBOT infection...and they probably brought some "friends" along
with them.

Rino is still running an unpatched version of WinXP Gold and a very
undependable anti-virus application. I tried to assist him a few months
ago: He'd assured me that the machine was fully patched at Windows Update
and was working fine. As you can see from his new HJT log, it isn't. If
chooses to not to practice Safe Hex, I have no time for him and I doubt
anyone else will either.

@Rino: Format & reinstall Windows | Get the machine fully patched at Windows
Update | Install a better anti-virus application plus Windows Defender,
SpywareBlaster, and BOClean | Stop going to risky websites/downloading
freeware.
--
~PAB


Gerry wrote:

PA Bear wrote:
True, one only wants to run XP2.













--
http://www.bootdisk.com/

Robear; find my in-line answers:

"PA Bear" <PABearMVP@gmail.com> wrote in message news:7899566e-bd37-4625-9e7f-febbd456a7bc@q77g2000hsh.googlegroups.com...
Even my SP2 CD refused to install.

software. I took many invalid one out and my latest I've post in aumba.net.

CWS MSConfig.exe is hiding. Please do NOT change my topic. TIA.

Robear; find my in-line answers:

"PA Bear" <PABearMVP@gmail.com> wrote in message news:#kUxTI3PIHA.2376@TK2MSFTNGP02.phx.gbl...
Your probably is all wrong!

your last parting words B4 knowing my case. Please do NOT inject unconcluded
human behavior in my thread -- this is all about my PC a victim of malicious invaders.
If you can ONLY blame me then you 're creating 2 victims here.

I guaranteed my PC is running fine now except for this last one intruder which entered
long time ago. I've a good protection software now -- thought we could get rid this
elusive one.

To Format & Reinstall especially with a Sony machine using ME O.S. is very uncon-
vinient. I wish Microsoft didn't produced that ME ;o( & get rich with our $$$?
YES, I can do it BUT not now -- wait until only black screen appears.

Sorry; a little late in replying BUT it is better than NEVER ;o) Been very busy
lately doing 10 movie using MM2 and even a 25 minute project took me over
4 hours of rendering into DV tape.

< < Rino > > wrote:
7899566e-bd37-4625-9e7f-febbd456a7bc...oglegroups.com...
-4DA5-9836-602954130D38
Did you clear your System Restore before using CWShredder to nuke the
pest. If not, it's probably hiding there and replicates itself every
time you nuke it.

Alias

I was replying to Gerry, not you.

Just because you had HijackThis fix the O4 entry et. al. does NOT mean that
the files the entries pointed to have been removed. I'm sure the machine is
still very badly infected, which is why you can't install SP2.

1. Format & reinstall Windows.

2. Take care of *everything* on the following webpage before otherwise
connecting the machine to the internet (e.g., to browse/surf, check email,
or chat):

Before You Connect a New Computer to the Internet
http://www.cert.org/tech_tips/before_you_plug_in.html

Security FAQ & Checklist
http://www.dslreports.com/faq/8463
--
~PA Bear


< < Rino > > wrote:

Thanks for responding - Alias.
Can you PLEASE show me how to clear my System Restore? I'll report if we
finally nailed it ;o)

Actually; the mild pest NEVER did any wrong except it bother me whenever I'm
using Run Command & I've to call-in CWShedder all the time to disabled it since
last year. Can I've this coming 2008 a clean PC?

Everybody knows to Format right-away is an over-killed -- not needing a MVP
to tell me that ;o) Cheers Robear ;o)


"Alias" <alias@aliasmail.com> wrote in message news:fk6en2$6d8$1@aioe.org...

find none and YES, Jerry reported it correctly. I'm now very happy ;o) with my
fully protected PC. I can forget the SP2, surf and get FREE software worry FREE.
If you're curious again, just trace back what I've said before.

Thanks For Everything's! What A Splendid lesson for me ;o)


"PA Bear" <PABearMVP@gmail.com> wrote in message news:#2#r#6NQIHA.5980@TK2MSFTNGP04.phx.gbl...

Your headers (Microsoft Outlook Express 6.00.2600.0000) tell us that you
still do not have SP2 installed: You are NOT "fully protected"!

< < Rino > > wrote: