# AVSYNMGR Error Message



## MANGFN (Jun 27, 2002)

Hi, I am new to this, and uncertain as to how this all works. I am having difficulty with my computer as it has an AVSYNMGR error when I boot the system, (this is also causeing other error messages, such as I can't open the Control Panel folder) and I don't know how to correct it. I am a novice, so if someone could give me the step by step, it would be appreciated.


----------



## Rollin' Rog (Dec 9, 2000)

Welcome to TSG MANGFN.

I believe you may have a trojan infection which which is killing your antivirus program, McAfee -- of which avsynmgr is a core component.

Please tell us what operating system (Windows version) you have.

Also do a File search for *winstart.bat*
If you find it, Right Click on it and delete it. Then reboot and try to do a full scan with your antivirus program. The existence of this file is a sure sign you have the infection.

You can also try an online scan at one of the following sites:

http://www.pandasoftware.com/activescan/com/
http://housecall.antivirus.com/

We also need to see a log of your startup programs. Go to the site below, download the Startlog.com file, unzip and run it. If you need an unzipped program, use the ONLY IE link at the bottom of the Reticulated Toys page.

Once you run it you will see a StartUp.log file. Copy/paste the full contents of that (but not the stubpaths.txt file) to a reply.

http://home.earthlink.net/~rmbox/Reticulated/Toys.html

We may also need you to download and run the trial version of moosoft cleaner:

http://www.moosoft.com/thecleaner/


----------



## dinny786 (Aug 2, 2004)

hi i also have the same problem i have jus installed mcafee virus scan and cant open it and my pc is having problems.i am pasteing in my startup log file
can u please check it

---------- C:\WINDOWS\desktop\StartUp.Log

Start-Ups checked at 02/08/2004 11:58:55.24 
__________________________________________________________________________ 
__________________________________________________________________________

StartUp Log for Windows 95/98 - Freeware by rmbox 
__________________________________________________________________________ 
__________________________________________________________________________

Comments:

This is a log of all the programs on your computer that 
are starting automatically every time you start Windows. 
Using this log can be a quick way to spot trojans.

StartUp Log (version 1.58) - Release Date 11/9/2002

__________________________________________________________________________ 
__________________________________________________________________________

StartUp Log Index

1. HKLM Run 
2. HKCU Run 
3. HKLM RunOnce 
4. HKCU RunOnce 
5. HKLM RunServices 
6. HKLM RunServicesOnce 
7. WIN.INI file 
8. SYSTEM.INI file 
9. AUTOEXEC.BAT file 
10. StartUp folder 
11. All Users StartUp 
12. Misc. StartUp Configurations

__________________________________________________________________________ 
__________________________________________________________________________

The following is a list of your current Start-Ups 
__________________________________________________________________________ 
__________________________________________________________________________

1. HKLM Run - Registry

[RegPath] 
"StartUp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"McAfee Guardian"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Guardian\\CMGrdian.exe\" /SU"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

========================================================================== 
__________________________________________________________________________

2. HKCU Run - Registry

[RegPath] 
"StartUp"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\" /WinStart"
"McAfee.InstantUpdate.Monitor"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /STARTMONITOR"
"msnmsgr"="\"C:\\PROGRAM FILES\\MSN MESSENGER\\MSNMSGR.EXE\" /background"

========================================================================== 
__________________________________________________________________________

3. HKLM RunOnce - Registry

[RegPath] 
"StartUp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

========================================================================== 
__________________________________________________________________________

4. HKCU RunOnce - Registry

[RegPath] 
"StartUp"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

========================================================================== 
__________________________________________________________________________

5. HKLM RunServices - Registry

[RegPath] 
"StartUp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"McAfeeVirusScanService"="C:\\Program Files\\McAfee\\McAfee VirusScan\\AVSYNMGR.EXE"

========================================================================== 
__________________________________________________________________________

6. HKLM RunServicesOnce - Registry

[RegPath] 
"StartUp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

========================================================================== 
__________________________________________________________________________

7. WIN.INI File - (c:\windows\win.ini)

Your win.ini run/load lines should look like run= and load= exclusively. 
There should be nothing to the right of the equal signs.

These are the run and load lines in your WIN.INI file

run=
OldRun=

load=

========================================================================== 
__________________________________________________________________________

8. SYSTEM.INI File - (c:\windows\system.ini)

Your system.ini shell line should look like shell=Explorer.exe exclusively. 
You should only see Explorer.exe following the equal sign.

This is the shell line in your SYSTEM.INI file

;rem TShoot: shell=Explorer.exe
shell=Explorer.exe

========================================================================== 
__________________________________________________________________________

9. AUTOEXEC.BAT File - (c:\autoexec.bat)

(Some trojans have been known to start from this file)

These are your program startups and set paths in your autoexec.bat file

SET BLASTER=A220 I5 D1 T4
mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)
mode con codepage select=850
keyb uk,,C:\WINDOWS\COMMAND\keyboard.sys

rem TShoot: C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scanpm.exe C:\
@IF ERRORLEVEL 1 PAUSE

========================================================================== 
__________________________________________________________________________

10. StartUp Folder - (c:\windows\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.

These are the shortcuts located in your StartUp folder

*(No start-ups found)*

========================================================================== 
__________________________________________________________________________

11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.

These are the shortcuts located in your All Users StartUp folder

*(No start-ups found)*

========================================================================== 
__________________________________________________________________________

12. Miscellaneous StartUp Configurations

-============================- 
Registry StartUp Directories 
-============================-

Should show the Start Menu StartUp and All Users StartUp directories

.....................................................................

[1] HKCU - Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

"Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

.....................................................................

[2] HKCU - User Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

.....................................................................

[3] HKLM - Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

"Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

.....................................................................

[4] HKLM - User Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders

.....................................................................

-=======================- 
Registry Shell Spawning 
-=======================-

Open Commands for Executable File Types

@="\"%1\" %*"
(.exe file - RegPath = HKCR\exefile\shell\open\command)

@="\"%1\" %*"
(.com file - RegPath = HKCR\comfile\shell\open\command)

@="\"%1\" /S"
(.scr file - RegPath = HKCR\scrfile\shell\open\command)

@="\"%1\" %*"
(.bat file - RegPath = HKCR\batfile\shell\open\command)

@="\"%1\" %*"
(.pif file - RegPath = HKCR\piffile\shell\open\command)

@="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
(.hta file - RegPath = HKCR\htafile\shell\open\command)

-=========================- 
HKLM RunOnceEx - Registry 
-=========================-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]

-=========================- 
HKU (.Default) Run - Registry 
-=========================-

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\" /WinStart"
"McAfee.InstantUpdate.Monitor"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /STARTMONITOR"
"msnmsgr"="\"C:\\PROGRAM FILES\\MSN MESSENGER\\MSNMSGR.EXE\" /background"

-==============================- 
HKU (.Default) RunOnce - Registry 
-==============================-

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce]

-================================- 
StubPaths - Registry (Partial Listing) 
-================================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components

"StubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"StubPath"="C:\\WINDOWS\\msnmgsr1.exe"
"StubPath"=""
"StubPath"="C:\\WINDOWS\\COMMAND\\sulfnbk.exe /L"
"StubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"StubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"
"Stubpath"="C:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /uninstall"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /uninstall"
"RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE /U"

-=================- 
DOSSTART.BAT File - (c:\windows\dosstart.bat)
-=================-

C:\WINDOWS\SETUPDS.EXE /S

-=================- 
WININIT.BAK File - (c:\windows\wininit.bak) 
(name) (type) (size)(modified)(time) 
wininit bak 869 02/08/04 10:16
-=================-

[MCAF_Info]
DeleteFile=C:\Program Files\McAfee\VirusScan Wireless\\McPalmInstall.DLL

[rename]
NUL=C:\PROGRA~1\MCAFEE\VIRUSS~1\MCWCEI~1.DLL
NUL=C:\PROGRA~1\MCAFEE\VIRUSS~1\MCPALM~1.DLL
NUL=C:\PROGRA~1\MCAFEE\VIRUSS~1\MCEPOC~1.DLL
NUL=C:\PROGRA~1\MCAFEE\VIRUSS~1\MCWCEI~1.DLL
NUL=C:\PROGRA~1\MCAFEE\MCAFEE~1\AVSMCPA.CPL
NUL=C:\PROGRA~1\MCAFEE\MCAFEE~1\VScanGen.mmf
NUL=C:\PROGRA~1\MCAFEE\MCAFEE~1\VScanOas.mmf
NUL=C:\PROGRA~1\MCAFEE\MCAFEE~1\dVS_Excl.mmf
NUL=C:\PROGRA~1\MCAFEE\MCAFEE~1\AVConsol.mmf
NUL=C:\PROGRA~1\MCAFEE\MCAFEE~1\dAV_Excl.mmf
NUL=C:\PROGRA~1\MCAFEE\MCAFEE~1\dAV_Scan.mmf
NUL=C:\PROGRA~1\MCAFEE\MCAFEE~1\dAV_Cons.mmf
NUL=C:\PROGRA~1\MCAFEE\MCAFEE~1\VScanOds.mmf
NUL=C:\PROGRA~1\MCAFEE\MCAFEE~1\dExclDef.mmf
NUL=C:\PROGRA~1\MCAFEE\MCAFEE~1\dScanDef.mmf
NUL=C:\PROGRA~1\MCAFEE\MCAFEE~1\Sync_map.mmf
NUL=C:\WINDOWS\SYSTEM\SPORDER.DLL
-=====================- 
Screen Saver Settings (Possible system.ini start-up) 
-=====================-

========================================================================== 
__________________________________________________________________________

- Supplemental Environment Information -

TMP=C:\WINDOWS\TEMP
TEMP=C:\WINDOWS\TEMP
winbootdir=C:\WINDOWS
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
COMSPEC=C:\WINDOWS\COMMAND.COM
windir=C:\WINDOWS

File - c:\windows\Wininit.bak 
File - c:\windows\deletefi.ini

========================================================================== 
__________________________________________________________________________

- End -


----------



## dinny786 (Aug 2, 2004)

and this is my hijack this log
Logfile of HijackThis v1.97.7
Scan saved at 12:34:37, on 02/08/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\REAL\REALONE PLAYER\REALPLAY.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Use as &Display Picture - \IEDP2\IEDP.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38057.3910185185
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4382/mcfscan.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab


----------



## Rollin' Rog (Dec 9, 2000)

Hi Dinny, I don't see anything in the startuplist or Scanlog which should cause that problem, though the Scanlog does show some symptoms of a past or present search Hijack.

Besides the McAfee problem (have you tried removing and reinstalling it?) what other symptoms are you experiencing?

Check and fix these two items in the Scanlog:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

Then post a new Scanlog using the more recent version here:

http://computercops.biz/downloads-file-328.html

Does the McAfee problem occur if you start in Safe Mode?


----------



## Lutsen (Apr 14, 2005)

i have the same problem.
as you said in your first post rog, "delete winstart.bat"
but i cant find winstart.bat.
i run win2k. just formattated my hard disc, and this is one of the first sides i've been. (besides some sites that are legal, and i trust bad ***. i mean what can be wrong with nvidia?.)

so what now?


----------



## Rollin' Rog (Dec 9, 2000)

Lutsen, this thread originated so long ago I can't even remember why I focussed on "winstart.bat" given the information provided. Yes it could be used to hide a malicious startup -- but so can a lot of other locations.

In any case if you have Win2k, you don't have that file.

You really need to post in the XP/2k forum or in the Security forum if you are addressing a "security" issue. Please be specific about the symptoms you are experiencing and the problem you are trying to resolve.

You may want to include a Hijackthis Scanlog to enable others to see what is running:

Download and install HijackThis using the "self extractor". Run it and select "do a system scan and save the log file". Then copy/paste the contents of the log to a reply

http://www.thespykiller.co.uk/files/hijackthis_sfx.exe


----------

