Autoexec.nt error in XP

02-07-2005

I'm getting the following whenever I try to run certain programs:
C:\windows\system32\autoexec.nt. The system file is not suitable for running
MS-DOS and Microsoft Windows applications.

My OS is Windows XP Home Edition.

I didn't get it until I installed some Windows updates as a preliminary to
installing SP2. I tried using system restore to go back to the point prior
to installing the updates, but I still get this message.

Any clues on a fix?
Thanks.

02-07-2005

AUTOEXEC.NT Fix Method 1:
copy; c:\windows\repair\autoexec.nt
to
c:\windows\system32

AUTOEXEC.NT FIX Method 2:
Go to; Start --> Run
enter; cmd.exe

{ assuming the WinXP CDROM disk is in drive "D:" }
In the Command Prompt enter...
expand D:\i386\autoexec.nt_ %windir%\system32\autoexec.nt

Since there are many forms of malware that can cause a problem with AUTOEXEC.NT, please
perform the following...

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt394.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point

* * * Please report your results ! * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html

"Cyndi C" <> wrote in message
news:B1CB440D-7491-4B71-BA9C-...
| I'm getting the following whenever I try to run certain programs:
| C:\windows\system32\autoexec.nt. The system file is not suitable for running
| MS-DOS and Microsoft Windows applications.
|
| My OS is Windows XP Home Edition.
|
| I didn't get it until I installed some Windows updates as a preliminary to
| installing SP2. I tried using system restore to go back to the point prior
| to installing the updates, but I still get this message.
|
| Any clues on a fix?
| Thanks.

02-07-2005

Method 1 worked perfectly. Thanks.

btw, I've been running TrendMicro's PC-cillin automatically every night,
including checking for updates, then scanning. I also already use Ad-Aware
very often and keep it up to date.

Thanks again.

"David H. Lipman" wrote:

> AUTOEXEC.NT Fix Method 1:
> copy; c:\windows\repair\autoexec.nt
> to
> c:\windows\system32
>
>
> AUTOEXEC.NT FIX Method 2:
>[remainder of post deleted]

02-08-2005

Hi Cyndi - Two things to supplement David's excellent advice. There's a
type of malware that can cause this symptom, and even though you've restored
the files you might want to:

Courtesy of flrman1, here:
http://forums.techguy.org/archive/in.../t-280212.html

"First in safe mode click on My Computer then click Tools > Folder Options.
In Folder options click on the View tab. Under Files and Folders tick "Show
hidden files and folders" then uncheck "Hide file extensions for known file
types" and uncheck "Hide protected operating system files (recommended)".
Now click "Like current folder" then "Apply" and "OK"

Now find and delete these files:

C:\WINNT\system\windupdate.exe (added by JB: note the spelling - the
added 'd')
C:\WINNT\system.css

Delete this folder:

c:\freescan

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp
folder and go to Edit > Select All then Edit > Delete to delete the entire
contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open.
Click Edit > Select All then Edit > Delete to delete the entire contents of
the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under
"Temporary Internet Files" Click "Delete Files". Put a check by "Delete
Offline Content" and click OK. Click on the Programs tab then click the
"Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin"

Of course, if you don't find these, then no harm/no foul.

Also, FYI - since you've chosen to make regular use of SysClean (Way to GO!
I strongly recommend it, also.) you might be interested in the following
from one of my "standard" posts about its use:

"Download sysclean.com , from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp along with the latest pattern
file, here: http://www.trendmicro.com/download/pattern.asp. Be sure to read
the "How-to" info here:
http://www.trendmicro.com/ftp/products/tsc/readme.txt

(You might also want to get Art's updater, SYS-UP.Zip, here for future
updating of these: http://home.epix.net/~artnpeg/ ). The updater files plus
a short tutorial on using them and SysClean are also available in one
package here: http://www.ik-cs.com/Programs/virtoo...%20UTILITY.exe
(If you download and use the updater from the beginning, it will
automatically handle downloading and unziping the other files.)

Place them in a dedicated folder after appropriate unzipping.

If you're using WindowsME or WindowsXP, SysClean (and the other cleaning
tools below) may find infections within Restore Points which it will be
unable to clean. You may choose to disable Restore if you're on XP or ME
(directions here:
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm ) which will
eliminate ALL previous Restore Points, or alternatively, you can wait until
cleaning is completed and then use the procedure within the *********'s
below to delete all older, possibly infected Restore Points and save a new,
clean one. This approach is in the sprit of "keep what you've got" so that
you can recover to an at least operating albeit infected system if you
inadvertently delete something vital, and is the approach I recommend that
you take.

Then boot to Safe mode or a Clean Boot as below (HowTo here:
http://service1.symantec.com/SUPPORT...01052409420406)
Read tscreadme.txt carefully, then do a complete scan of your system
and clean or delete anything it finds. Reboot and re-run SysClean and
continue this procedure until you get a clean scan or nothing further can be
cleaned/removed. Now reboot to normal mode and re-run the scan again.

This scan may take a long time, as Sysclean is VERY extensive and thorough.
For example, one user reported that Sysclean found 69 hits that an
immediately prior Norton AV v. 11.0.2.4 run had missed."

Here's the ************** section:

"
*******
ONLY IF you've successfully eliminated the malware, you can now make a new,
clean Restore Point and delete any previously saved (possibly infected)
ones. The following suggested approach is courtesy of Gary Woodruff: For XP
you can run a Disk Cleanup cycle and then look in the More Options tab. The
System Restore option removes all but the latest Restore Point. If there
hasn't been one made since the system was cleaned you should manually create
one before dumping the old possibly infected ones.
*******
"

How to Clean Boot:

"
#########IMPORTANT#########
Show hidden files and run all of the following removal tools from Safe mode
or a "Clean Boot" when possible. Reboot and test if the malware is fixed
after using each tool.

HOW TO Enable Hidden Files
http://service1.symantec.com/SUPPORT...02092715262339

Clean Boot - General Win2k/XP procedure, but see below for links for other
OS's (This for Win2k w/msconfig - you can obtain msconfig for Win2k here:
http://www.3feetunder.com/files/win2...nfig_setup.exe ):

1. StartRun enter msconfig.

2. On the General tab, click Selective Startup, and then clear the 'Process
System.ini File', 'Process Win.ini File', and 'Load Startup Items' check
boxes. Leave the 'boot.ini' boxes however they are currently set.

3. In the Services tab, check the "Hide All Microsoft Services" checkbox,
and then click the "Disable All" button. If you use a third party firewall
then re-check (enable) it. For example, if you use Zone Alarm, re-check the
True Vector Internet Monitor service (and you may also want to re-check
(enable) the zlclient on the Startup tab.) Equivalent services exist for
other third party firewalls. An alternative to this for XP users is to
enable at this time the XP native firewall (Internet Connection Firewall -
ICF). Be sure to turn it back off when you re-enable your non-MS services
and Startup tab programs and restore your normal msconfig configuration
after cleaning your machine.

4. Click OK and then reboot.

For additional information about how to clean boot your operating system,
click the following article numbers to view the articles in the Microsoft
Knowledge Base:
310353 How to Perform a Clean Boot in Windows XP
http://support.microsoft.com/kb/310353
281770 How to Perform Clean-Boot Troubleshooting for Windows 2000
http://support.microsoft.com/kb/281770/EN-US/
267288 How to Perform a Clean Boot in Windows Millennium Edition
http://support.microsoft.com/kb/267288/EN-US/
192926 How to Perform Clean-Boot Troubleshooting for Windows 98
http://support.microsoft.com/kb/192926/EN-US/
243039 How to Perform a Clean Boot in Windows 95
http://support.microsoft.com/kb/243039/EN-US/
#########IMPORTANT#########

"

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP

In news:61851BE9-E005-46A4-A30B-,
Cyndi C <> typed:
> Method 1 worked perfectly. Thanks.
>
> btw, I've been running TrendMicro's PC-cillin automatically every
> night, including checking for updates, then scanning. I also already
> use Ad-Aware very often and keep it up to date.
>
> Thanks again.
>
>
> "David H. Lipman" wrote:
>
>> AUTOEXEC.NT Fix Method 1:
>> copy; c:\windows\repair\autoexec.nt
>> to
>> c:\windows\system32
>>
>>
>> AUTOEXEC.NT FIX Method 2:
>> [remainder of post deleted]

02-08-2005

Very interesting -- According to McAfee that URL has Exploit code, specifically
"Exploit-MhtRedir.gen".

It is flagged on EVERY access.

--
Dave

"Jim Byrd" <> wrote in message
news:...
| Hi Cyndi - Two things to supplement David's excellent advice. There's a
| type of malware that can cause this symptom, and even though you've restored
| the files you might want to:
|
| Courtesy of flrman1, here:
| http://forums.techguy.org/archive/in.../t-280212.html
|
| "First in safe mode click on My Computer then click Tools > Folder Options.
| In Folder options click on the View tab. Under Files and Folders tick "Show
| hidden files and folders" then uncheck "Hide file extensions for known file
| types" and uncheck "Hide protected operating system files (recommended)".
| Now click "Like current folder" then "Apply" and "OK"
|
| Now find and delete these files:
|
| C:\WINNT\system\windupdate.exe (added by JB: note the spelling - the
| added 'd')
| C:\WINNT\system.css
|
| Delete this folder:
|
| c:\freescan
|
| Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp
| folder and go to Edit > Select All then Edit > Delete to delete the entire
| contents of the Temp folder.
|
| Go to Start > Run and type %temp% in the Run box. The Temp folder will open.
| Click Edit > Select All then Edit > Delete to delete the entire contents of
| the Temp folder.
|
| Finally go to Control Panel > Internet Options. On the General tab under
| "Temporary Internet Files" Click "Delete Files". Put a check by "Delete
| Offline Content" and click OK. Click on the Programs tab then click the
| "Reset Web Settings" button. Click Apply then OK.
|
|
| Empty the Recycle Bin"
|
|
| Of course, if you don't find these, then no harm/no foul.
|
|
| Also, FYI - since you've chosen to make regular use of SysClean (Way to GO!
| I strongly recommend it, also.) you might be interested in the following
| from one of my "standard" posts about its use:
|
| "Download sysclean.com , from Trend Micro, here:
| http://www.trendmicro.com/download/dcs.asp along with the latest pattern
| file, here: http://www.trendmicro.com/download/pattern.asp. Be sure to read
| the "How-to" info here:
| http://www.trendmicro.com/ftp/products/tsc/readme.txt
|
| (You might also want to get Art's updater, SYS-UP.Zip, here for future
| updating of these: http://home.epix.net/~artnpeg/ ). The updater files plus
| a short tutorial on using them and SysClean are also available in one
| package here: http://www.ik-cs.com/Programs/virtoo...%20UTILITY.exe
| (If you download and use the updater from the beginning, it will
| automatically handle downloading and unziping the other files.)
|
| Place them in a dedicated folder after appropriate unzipping.
|
| If you're using WindowsME or WindowsXP, SysClean (and the other cleaning
| tools below) may find infections within Restore Points which it will be
| unable to clean. You may choose to disable Restore if you're on XP or ME
| (directions here:
| http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm ) which will
| eliminate ALL previous Restore Points, or alternatively, you can wait until
| cleaning is completed and then use the procedure within the *********'s
| below to delete all older, possibly infected Restore Points and save a new,
| clean one. This approach is in the sprit of "keep what you've got" so that
| you can recover to an at least operating albeit infected system if you
| inadvertently delete something vital, and is the approach I recommend that
| you take.
|
| Then boot to Safe mode or a Clean Boot as below (HowTo here:
| http://service1.symantec.com/SUPPORT...01052409420406)
| Read tscreadme.txt carefully, then do a complete scan of your system
| and clean or delete anything it finds. Reboot and re-run SysClean and
| continue this procedure until you get a clean scan or nothing further can be
| cleaned/removed. Now reboot to normal mode and re-run the scan again.
|
| This scan may take a long time, as Sysclean is VERY extensive and thorough.
| For example, one user reported that Sysclean found 69 hits that an
| immediately prior Norton AV v. 11.0.2.4 run had missed."
|
|
| Here's the ************** section:
|
| "
| *******
| ONLY IF you've successfully eliminated the malware, you can now make a new,
| clean Restore Point and delete any previously saved (possibly infected)
| ones. The following suggested approach is courtesy of Gary Woodruff: For XP
| you can run a Disk Cleanup cycle and then look in the More Options tab. The
| System Restore option removes all but the latest Restore Point. If there
| hasn't been one made since the system was cleaned you should manually create
| one before dumping the old possibly infected ones.
| *******
| "
|
| How to Clean Boot:
|
| "
| #########IMPORTANT#########
| Show hidden files and run all of the following removal tools from Safe mode
| or a "Clean Boot" when possible. Reboot and test if the malware is fixed
| after using each tool.
|
| HOW TO Enable Hidden Files
| http://service1.symantec.com/SUPPORT...02092715262339
|
| Clean Boot - General Win2k/XP procedure, but see below for links for other
| OS's (This for Win2k w/msconfig - you can obtain msconfig for Win2k here:
| http://www.3feetunder.com/files/win2...nfig_setup.exe ):
|
| 1. StartRun enter msconfig.
|
| 2. On the General tab, click Selective Startup, and then clear the 'Process
| System.ini File', 'Process Win.ini File', and 'Load Startup Items' check
| boxes. Leave the 'boot.ini' boxes however they are currently set.
|
| 3. In the Services tab, check the "Hide All Microsoft Services" checkbox,
| and then click the "Disable All" button. If you use a third party firewall
| then re-check (enable) it. For example, if you use Zone Alarm, re-check the
| True Vector Internet Monitor service (and you may also want to re-check
| (enable) the zlclient on the Startup tab.) Equivalent services exist for
| other third party firewalls. An alternative to this for XP users is to
| enable at this time the XP native firewall (Internet Connection Firewall -
| ICF). Be sure to turn it back off when you re-enable your non-MS services
| and Startup tab programs and restore your normal msconfig configuration
| after cleaning your machine.
|
| 4. Click OK and then reboot.
|
| For additional information about how to clean boot your operating system,
| click the following article numbers to view the articles in the Microsoft
| Knowledge Base:
| 310353 How to Perform a Clean Boot in Windows XP
| http://support.microsoft.com/kb/310353
| 281770 How to Perform Clean-Boot Troubleshooting for Windows 2000
| http://support.microsoft.com/kb/281770/EN-US/
| 267288 How to Perform a Clean Boot in Windows Millennium Edition
| http://support.microsoft.com/kb/267288/EN-US/
| 192926 How to Perform Clean-Boot Troubleshooting for Windows 98
| http://support.microsoft.com/kb/192926/EN-US/
| 243039 How to Perform a Clean Boot in Windows 95
| http://support.microsoft.com/kb/243039/EN-US/
| #########IMPORTANT#########
|
| "
|
| --
| Please respond in the same thread.
| Regards, Jim Byrd, MS-MVP
|
|
|
| In news:61851BE9-E005-46A4-A30B-,
| Cyndi C <> typed:
| > Method 1 worked perfectly. Thanks.
| >
| > btw, I've been running TrendMicro's PC-cillin automatically every
| > night, including checking for updates, then scanning. I also already
| > use Ad-Aware very often and keep it up to date.
| >
| > Thanks again.
| >
| >
| > "David H. Lipman" wrote:
| >
| >> AUTOEXEC.NT Fix Method 1:
| >> copy; c:\windows\repair\autoexec.nt
| >> to
| >> c:\windows\system32
| >>
| >>
| >> AUTOEXEC.NT FIX Method 2:
| >> [remainder of post deleted]
|

02-08-2005

Hi David - I assume you're talking about the SysCleanUtility.exe? Someone
else mentioned getting something odd with that one time; however, I've
checked it with several AV's (including fully updated McAfee 4.5.1SP1 and
eTrust 7.0.139) both then and again now with your posting and found no
problems. I think these are false positives. It's a self-extracting
compressed archieve containing:

Removing a virus (SYSCLEAN).pdf
SYS-UP.EXE
UNZIP.EXE
WGET.EXE

all of which check clean individually also and are the same sizes and dates
as Art's files.

I've used it, and it does work as advertised just as Art's files do - the
..pdf is useful.

Evidently others have seen this also. The following is from that site:
http://ik-cs.com/

"[27-Jan-2005] THERE IS NO VIRUS ON IK-CS.COM
Contrary to reports in USENET group Microsoft.Public.Security.Virus there is
no virus in the Sysclean Utility available from the 'Remove a Virus' section
of this website! If you are at all uncertain please feel free to send the
package to any antivirus vendor for an independent analysis.

Thanks to DL for pointing this out to the misinformed member of MPSV."

I concluded that it's safe and will continue to recommend it since the .pdf
is very useful to naive users and precludes my having to do a large post to
accomplish the same thing.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP

In news:O84h$,
David H. Lipman <DLipman~nospam~@Verizon.Net> typed:
> Very interesting -- According to McAfee that URL has Exploit code,
> specifically "Exploit-MhtRedir.gen".
>
> It is flagged on EVERY access.
>
>
> "Jim Byrd" <> wrote in message
> news:...
>> Hi Cyndi - Two things to supplement David's excellent advice.
>> There's a type of malware that can cause this symptom, and even
>> though you've restored the files you might want to:
>>
>> Courtesy of flrman1, here:
>> http://forums.techguy.org/archive/in.../t-280212.html
>>
>> "First in safe mode click on My Computer then click Tools > Folder
>> Options. In Folder options click on the View tab. Under Files and
>> Folders tick "Show hidden files and folders" then uncheck "Hide file
>> extensions for known file types" and uncheck "Hide protected
>> operating system files (recommended)". Now click "Like current
>> folder" then "Apply" and "OK"
>>
>> Now find and delete these files:
>>
>> C:\WINNT\system\windupdate.exe (added by JB: note the spelling
>> - the added 'd')
>> C:\WINNT\system.css
>>
>> Delete this folder:
>>
>> c:\freescan
>>
>> Also in safe mode navigate to the C:\Windows\Temp folder. Open the
>> Temp folder and go to Edit > Select All then Edit > Delete to delete
>> the entire contents of the Temp folder.
>>
>> Go to Start > Run and type %temp% in the Run box. The Temp folder
>> will open. Click Edit > Select All then Edit > Delete to delete the
>> entire contents of the Temp folder.
>>
>> Finally go to Control Panel > Internet Options. On the General tab
>> under "Temporary Internet Files" Click "Delete Files". Put a check
>> by "Delete Offline Content" and click OK. Click on the Programs tab
>> then click the "Reset Web Settings" button. Click Apply then OK.
>>
>>
>> Empty the Recycle Bin"
>>
>>
>> Of course, if you don't find these, then no harm/no foul.
>>
>>
>> Also, FYI - since you've chosen to make regular use of SysClean (Way
>> to GO! I strongly recommend it, also.) you might be interested in
>> the following from one of my "standard" posts about its use:
>>
>> "Download sysclean.com , from Trend Micro, here:
>> http://www.trendmicro.com/download/dcs.asp along with the latest
>> pattern file, here: http://www.trendmicro.com/download/pattern.asp.
>> Be sure to read the "How-to" info here:
>> http://www.trendmicro.com/ftp/products/tsc/readme.txt
>>
>> (You might also want to get Art's updater, SYS-UP.Zip, here for
>> future updating of these: http://home.epix.net/~artnpeg/ ). The
>> updater files plus a short tutorial on using them and SysClean are
>> also available in one package here:
>> http://www.ik-cs.com/Programs/virtoo...%20UTILITY.exe (If
>> you download and use the updater from the beginning, it will
>> automatically handle downloading and unziping the other files.)
>>
>> Place them in a dedicated folder after appropriate unzipping.
>>
>> If you're using WindowsME or WindowsXP, SysClean (and the other
>> cleaning tools below) may find infections within Restore Points
>> which it will be unable to clean. You may choose to disable Restore
>> if you're on XP or ME (directions here:
>> http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm ) which
>> will eliminate ALL previous Restore Points, or alternatively, you
>> can wait until cleaning is completed and then use the procedure
>> within the *********'s below to delete all older, possibly infected
>> Restore Points and save a new, clean one. This approach is in the
>> sprit of "keep what you've got" so that you can recover to an at
>> least operating albeit infected system if you inadvertently delete
>> something vital, and is the approach I recommend that you take.
>>
>> Then boot to Safe mode or a Clean Boot as below (HowTo here:
>>
http://service1.symantec.com/SUPPORT...01052409420406)
>> Read tscreadme.txt carefully, then do a complete scan of your
>> system and clean or delete anything it finds. Reboot and re-run
>> SysClean and continue this procedure until you get a clean scan or
>> nothing further can be cleaned/removed. Now reboot to normal mode
>> and re-run the scan again.
>>
>> This scan may take a long time, as Sysclean is VERY extensive and
>> thorough. For example, one user reported that Sysclean found 69 hits
>> that an immediately prior Norton AV v. 11.0.2.4 run had missed."
>>
>>
>> Here's the ************** section:
>>
>> "
>> *******
>> ONLY IF you've successfully eliminated the malware, you can now make
>> a new, clean Restore Point and delete any previously saved (possibly
>> infected) ones. The following suggested approach is courtesy of Gary
>> Woodruff: For XP you can run a Disk Cleanup cycle and then look in
>> the More Options tab. The System Restore option removes all but the
>> latest Restore Point. If there hasn't been one made since the system
>> was cleaned you should manually create one before dumping the old
>> possibly infected ones. *******
>> "
>>
>> How to Clean Boot:
>>
>> "
>> #########IMPORTANT#########
>> Show hidden files and run all of the following removal tools from
>> Safe mode or a "Clean Boot" when possible. Reboot and test if the
>> malware is fixed after using each tool.
>>
>> HOW TO Enable Hidden Files
>> http://service1.symantec.com/SUPPORT...02092715262339
>>
>> Clean Boot - General Win2k/XP procedure, but see below for links for
>> other OS's (This for Win2k w/msconfig - you can obtain msconfig for
>> Win2k here: http://www.3feetunder.com/files/win2...nfig_setup.exe
>> ):
>>
>> 1. StartRun enter msconfig.
>>
>> 2. On the General tab, click Selective Startup, and then clear the
>> 'Process System.ini File', 'Process Win.ini File', and 'Load Startup
>> Items' check boxes. Leave the 'boot.ini' boxes however they are
>> currently set.
>>
>> 3. In the Services tab, check the "Hide All Microsoft Services"
>> checkbox, and then click the "Disable All" button. If you use a
>> third party firewall then re-check (enable) it. For example, if you
>> use Zone Alarm, re-check the True Vector Internet Monitor service
>> (and you may also want to re-check (enable) the zlclient on the
>> Startup tab.) Equivalent services exist for other third party
>> firewalls. An alternative to this for XP users is to enable at this
>> time the XP native firewall (Internet Connection Firewall - ICF). Be
>> sure to turn it back off when you re-enable your non-MS services and
>> Startup tab programs and restore your normal msconfig configuration
>> after cleaning your machine.
>>
>> 4. Click OK and then reboot.
>>
>> For additional information about how to clean boot your operating
>> system, click the following article numbers to view the articles in
>> the Microsoft Knowledge Base:
>> 310353 How to Perform a Clean Boot in Windows XP
>> http://support.microsoft.com/kb/310353
>> 281770 How to Perform Clean-Boot Troubleshooting for Windows 2000
>> http://support.microsoft.com/kb/281770/EN-US/
>> 267288 How to Perform a Clean Boot in Windows Millennium Edition
>> http://support.microsoft.com/kb/267288/EN-US/
>> 192926 How to Perform Clean-Boot Troubleshooting for Windows 98
>> http://support.microsoft.com/kb/192926/EN-US/
>> 243039 How to Perform a Clean Boot in Windows 95
>> http://support.microsoft.com/kb/243039/EN-US/
>> #########IMPORTANT#########
>>
>> "
>>
>> --
>> Please respond in the same thread.
>> Regards, Jim Byrd, MS-MVP
>>
>>
>>
>> In news:61851BE9-E005-46A4-A30B-,
>> Cyndi C <> typed:
>>> Method 1 worked perfectly. Thanks.
>>>
>>> btw, I've been running TrendMicro's PC-cillin automatically every
>>> night, including checking for updates, then scanning. I also
>>> already use Ad-Aware very often and keep it up to date.
>>>
>>> Thanks again.
>>>
>>>
>>> "David H. Lipman" wrote:
>>>
>>>> AUTOEXEC.NT Fix Method 1:
>>>> copy; c:\windows\repair\autoexec.nt
>>>> to
>>>> c:\windows\system32
>>>>
>>>>
>>>> AUTOEXEC.NT FIX Method 2:
>>>> [remainder of post deleted]

02-08-2005

Hi Jim:

No, sorry for the confusion. It is neither Ian Kenefick's web page nor Art Kopps (know them
both) it is the following URL -- http://forums.techguy.org/archive/in.../t-280212.html

Every time I go there McAfee flags it !
2/8/2005 9:03:53 AM Delete failed (Clean failed) DLIPMAN-1\lipman D:\temp\IE6\Temporary
Internet Files\Content.IE5\WCZFECUD\t-280212[1].html Exploit-MhtRedir.gen

--
Dave

"Jim Byrd" <> wrote in message
news:%...
| Hi David - I assume you're talking about the SysCleanUtility.exe? Someone
| else mentioned getting something odd with that one time; however, I've
| checked it with several AV's (including fully updated McAfee 4.5.1SP1 and
| eTrust 7.0.139) both then and again now with your posting and found no
| problems. I think these are false positives. It's a self-extracting
| compressed archieve containing:
|
| Removing a virus (SYSCLEAN).pdf
| SYS-UP.EXE
| UNZIP.EXE
| WGET.EXE
|
| all of which check clean individually also and are the same sizes and dates
| as Art's files.
|
| I've used it, and it does work as advertised just as Art's files do - the
| .pdf is useful.
|
|
| Evidently others have seen this also. The following is from that site:
| http://ik-cs.com/
|
|
| "[27-Jan-2005] THERE IS NO VIRUS ON IK-CS.COM
| Contrary to reports in USENET group Microsoft.Public.Security.Virus there is
| no virus in the Sysclean Utility available from the 'Remove a Virus' section
| of this website! If you are at all uncertain please feel free to send the
| package to any antivirus vendor for an independent analysis.
|
|
|
| Thanks to DL for pointing this out to the misinformed member of MPSV."
|
|
| I concluded that it's safe and will continue to recommend it since the .pdf
| is very useful to naive users and precludes my having to do a large post to
| accomplish the same thing.

02-08-2005

Thanks to both of you. I've saved everything in a file and will get to work.

A few related questions, since I've latched onto some people with a solid
grip on a clue :`)

Possibly unrelated to this, since it occurred several weeks later, PC-cillin
encountered a virus during a nightly scan, which it claimed to quarrantine.
I tried to check the log, but it no longer let me into the program, even
though I continued to get daily scan reports. Not knowing when I bought the
computer that it had PC-cillin installed, I had also purchased Norton
Anti-virus, but it wasn't installed. So I installed it yesterday (before my
first post), ran "update" multiple times until there were no more updates,
and ran a full system scan. The only files it found with a virus in them
were in the quarrantine folder of PC-cillin. I deleted the folder and
emptied the recycle bin. PC-cillin still wouldn't let me open it at all, so
I deleted it, opting to use the Norton software instead. I don't know how
long PC-cillin has been refusing to open, since I haven't tried in a while.
Do you think this might have had something to do with a malware issue, or is
it unrelated?

Also, since you said malware can cause the initial problem I posted, would
it be worth it, in your opinions, to go beyond the free version of Ad-Aware
to a version that runs automatically? I've also heard that it's better to
install both it (free version) *and* Spybot Search and Destroy, as they each
will detect some spyware and malware that the other will not. Any thoughts?

Thanks for sharing your knowledge and time. It really helps.

Cyndi

"David H. Lipman" wrote:

> Hi Jim:
>
> No, sorry for the confusion. It is neither Ian Kenefick's web page nor Art Kopps (know them
> both) it is the following URL -- http://forums.techguy.org/archive/in.../t-280212.html
>
> Every time I go there McAfee flags it !
> 2/8/2005 9:03:53 AM Delete failed (Clean failed) DLIPMAN-1\lipman D:\temp\IE6\Temporary
> Internet Files\Content.IE5\WCZFECUD\t-280212[1].html Exploit-MhtRedir.gen
>
>
> --
> Dave
>
>
>
>
> "Jim Byrd" <> wrote in message
> news:%...
> | Hi David - I assume you're talking about the SysCleanUtility.exe? Someone
> | else mentioned getting something odd with that one time; however, I've
> | checked it with several AV's (including fully updated McAfee 4.5.1SP1 and
> | eTrust 7.0.139) both then and again now with your posting and found no
> | problems. I think these are false positives. It's a self-extracting
> | compressed archieve containing:
> |
> | Removing a virus (SYSCLEAN).pdf
> | SYS-UP.EXE
> | UNZIP.EXE
> | WGET.EXE
> |
> | all of which check clean individually also and are the same sizes and dates
> | as Art's files.
> |
> | I've used it, and it does work as advertised just as Art's files do - the
> | .pdf is useful.
> |
> |
> | Evidently others have seen this also. The following is from that site:
> | http://ik-cs.com/
> |
> |
> | "[27-Jan-2005] THERE IS NO VIRUS ON IK-CS.COM
> | Contrary to reports in USENET group Microsoft.Public.Security.Virus there is
> | no virus in the Sysclean Utility available from the 'Remove a Virus' section
> | of this website! If you are at all uncertain please feel free to send the
> | package to any antivirus vendor for an independent analysis.
> |
> |
> |
> | Thanks to DL for pointing this out to the misinformed member of MPSV."
> |
> |
> | I concluded that it's safe and will continue to recommend it since the .pdf
> | is very useful to naive users and precludes my having to do a large post to
> | accomplish the same thing.

02-09-2005

Hi David - Well, 'tis a puzzlement! I'm running McAfee 4.5.1SP1 using both
Download and Internet Filter and it doesn't show anything when I go there.
This is with the 4.4.00 Scan Engine and the 4.0.4426 definitions dated 3 Feb
2005 and new update checked for just 23 minutes ago.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP

In news:,
David H. Lipman <DLipman~nospam~@Verizon.Net> typed:
> Hi Jim:
>
> No, sorry for the confusion. It is neither Ian Kenefick's web page
> nor Art Kopps (know them both) it is the following URL --
> http://forums.techguy.org/archive/in.../t-280212.html
>
> Every time I go there McAfee flags it !
> 2/8/2005 9:03:53 AM Delete failed (Clean failed) DLIPMAN-1\lipman
> D:\temp\IE6\Temporary Internet
> Files\Content.IE5\WCZFECUD\t-280212[1].html Exploit-MhtRedir.gen
>
>
>
> "Jim Byrd" <> wrote in message
> news:%...
>> Hi David - I assume you're talking about the SysCleanUtility.exe?
>> Someone else mentioned getting something odd with that one time;
>> however, I've checked it with several AV's (including fully updated
>> McAfee 4.5.1SP1 and eTrust 7.0.139) both then and again now with
>> your posting and found no problems. I think these are false
>> positives. It's a self-extracting compressed archieve containing:
>>
>> Removing a virus (SYSCLEAN).pdf
>> SYS-UP.EXE
>> UNZIP.EXE
>> WGET.EXE
>>
>> all of which check clean individually also and are the same sizes
>> and dates as Art's files.
>>
>> I've used it, and it does work as advertised just as Art's files do
>> - the .pdf is useful.
>>
>>
>> Evidently others have seen this also. The following is from that
>> site: http://ik-cs.com/
>>
>>
>> "[27-Jan-2005] THERE IS NO VIRUS ON IK-CS.COM
>> Contrary to reports in USENET group Microsoft.Public.Security.Virus
>> there is no virus in the Sysclean Utility available from the 'Remove
>> a Virus' section of this website! If you are at all uncertain please
>> feel free to send the package to any antivirus vendor for an
>> independent analysis.
>>
>>
>>
>> Thanks to DL for pointing this out to the misinformed member of
>> MPSV."
>>
>>
>> I concluded that it's safe and will continue to recommend it since
>> the .pdf is very useful to naive users and precludes my having to do
>> a large post to accomplish the same thing.

>>
>> --
>> Please respond in the same thread.
>> Regards, Jim Byrd, MS-MVP
>>
>>
>>
>> In news:O84h$,
>> David H. Lipman <DLipman~nospam~@Verizon.Net> typed:
>>> Very interesting -- According to McAfee that URL has Exploit code,
>>> specifically "Exploit-MhtRedir.gen".
>>>
>>> It is flagged on EVERY access.
>>>
>>>
>>> "Jim Byrd" <> wrote in message
>>> news:...
>>>> Hi Cyndi - Two things to supplement David's excellent advice.
>>>> There's a type of malware that can cause this symptom, and even
>>>> though you've restored the files you might want to:
>>>>
>>>> Courtesy of flrman1, here:
>>>> http://forums.techguy.org/archive/in.../t-280212.html
>>>>
>>>> "First in safe mode click on My Computer then click Tools > Folder
>>>> Options. In Folder options click on the View tab. Under Files and
>>>> Folders tick "Show hidden files and folders" then uncheck "Hide
>>>> file extensions for known file types" and uncheck "Hide protected
>>>> operating system files (recommended)". Now click "Like current
>>>> folder" then "Apply" and "OK"
>>>>
>>>> Now find and delete these files:
>>>>
>>>> C:\WINNT\system\windupdate.exe (added by JB: note the spelling
>>>> - the added 'd')
>>>> C:\WINNT\system.css
>>>>
>>>> Delete this folder:
>>>>
>>>> c:\freescan
>>>>
>>>> Also in safe mode navigate to the C:\Windows\Temp folder. Open the
>>>> Temp folder and go to Edit > Select All then Edit > Delete to
>>>> delete the entire contents of the Temp folder.
>>>>
>>>> Go to Start > Run and type %temp% in the Run box. The Temp folder
>>>> will open. Click Edit > Select All then Edit > Delete to delete the
>>>> entire contents of the Temp folder.
>>>>
>>>> Finally go to Control Panel > Internet Options. On the General tab
>>>> under "Temporary Internet Files" Click "Delete Files". Put a check
>>>> by "Delete Offline Content" and click OK. Click on the Programs tab
>>>> then click the "Reset Web Settings" button. Click Apply then OK.
>>>>
>>>>
>>>> Empty the Recycle Bin"
>>>>
>>>>
>>>> Of course, if you don't find these, then no harm/no foul.
>>>>
>>>>
>>>> Also, FYI - since you've chosen to make regular use of SysClean
>>>> (Way to GO! I strongly recommend it, also.) you might be
>>>> interested in the following from one of my "standard" posts about
>>>> its use:
>>>>
>>>> "Download sysclean.com , from Trend Micro, here:
>>>> http://www.trendmicro.com/download/dcs.asp along with the latest
>>>> pattern file, here: http://www.trendmicro.com/download/pattern.asp.
>>>> Be sure to read the "How-to" info here:
>>>> http://www.trendmicro.com/ftp/products/tsc/readme.txt
>>>>
>>>> (You might also want to get Art's updater, SYS-UP.Zip, here for
>>>> future updating of these: http://home.epix.net/~artnpeg/ ). The
>>>> updater files plus a short tutorial on using them and SysClean are
>>>> also available in one package here:
>>>> http://www.ik-cs.com/Programs/virtoo...%20UTILITY.exe (If
>>>> you download and use the updater from the beginning, it will
>>>> automatically handle downloading and unziping the other files.)
>>>>
>>>> Place them in a dedicated folder after appropriate unzipping.
>>>>
>>>> If you're using WindowsME or WindowsXP, SysClean (and the other
>>>> cleaning tools below) may find infections within Restore Points
>>>> which it will be unable to clean. You may choose to disable
>>>> Restore if you're on XP or ME (directions here:
>>>> http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm ) which
>>>> will eliminate ALL previous Restore Points, or alternatively, you
>>>> can wait until cleaning is completed and then use the procedure
>>>> within the *********'s below to delete all older, possibly infected
>>>> Restore Points and save a new, clean one. This approach is in the
>>>> sprit of "keep what you've got" so that you can recover to an at
>>>> least operating albeit infected system if you inadvertently delete
>>>> something vital, and is the approach I recommend that you take.
>>>>
>>>> Then boot to Safe mode or a Clean Boot as below (HowTo here:
>>>>
>>
http://service1.symantec.com/SUPPORT...01052409420406)
>>>> Read tscreadme.txt carefully, then do a complete scan of your
>>>> system and clean or delete anything it finds. Reboot and re-run
>>>> SysClean and continue this procedure until you get a clean scan or
>>>> nothing further can be cleaned/removed. Now reboot to normal mode
>>>> and re-run the scan again.
>>>>
>>>> This scan may take a long time, as Sysclean is VERY extensive and
>>>> thorough. For example, one user reported that Sysclean found 69
>>>> hits that an immediately prior Norton AV v. 11.0.2.4 run had
>>>> missed."
>>>>
>>>>
>>>> Here's the ************** section:
>>>>
>>>> "
>>>> *******
>>>> ONLY IF you've successfully eliminated the malware, you can now
>>>> make a new, clean Restore Point and delete any previously saved
>>>> (possibly infected) ones. The following suggested approach is
>>>> courtesy of Gary Woodruff: For XP you can run a Disk Cleanup
>>>> cycle and then look in the More Options tab. The System Restore
>>>> option removes all but the latest Restore Point. If there hasn't
>>>> been one made since the system was cleaned you should manually
>>>> create one before dumping the old possibly infected ones. *******
>>>> "
>>>>
>>>> How to Clean Boot:
>>>>
>>>> "
>>>> #########IMPORTANT#########
>>>> Show hidden files and run all of the following removal tools from
>>>> Safe mode or a "Clean Boot" when possible. Reboot and test if the
>>>> malware is fixed after using each tool.
>>>>
>>>> HOW TO Enable Hidden Files
>>>>
http://service1.symantec.com/SUPPORT...02092715262339
>>>>
>>>> Clean Boot - General Win2k/XP procedure, but see below for links
>>>> for other OS's (This for Win2k w/msconfig - you can obtain
>>>> msconfig for Win2k here:
>>>> http://www.3feetunder.com/files/win2...nfig_setup.exe ):
>>>>
>>>> 1. StartRun enter msconfig.
>>>>
>>>> 2. On the General tab, click Selective Startup, and then clear the
>>>> 'Process System.ini File', 'Process Win.ini File', and 'Load
>>>> Startup Items' check boxes. Leave the 'boot.ini' boxes however
>>>> they are currently set.
>>>>
>>>> 3. In the Services tab, check the "Hide All Microsoft Services"
>>>> checkbox, and then click the "Disable All" button. If you use a
>>>> third party firewall then re-check (enable) it. For example, if you
>>>> use Zone Alarm, re-check the True Vector Internet Monitor service
>>>> (and you may also want to re-check (enable) the zlclient on the
>>>> Startup tab.) Equivalent services exist for other third party
>>>> firewalls. An alternative to this for XP users is to enable at
>>>> this time the XP native firewall (Internet Connection Firewall -
>>>> ICF). Be sure to turn it back off when you re-enable your non-MS
>>>> services and Startup tab programs and restore your normal msconfig
>>>> configuration after cleaning your machine.
>>>>
>>>> 4. Click OK and then reboot.
>>>>
>>>> For additional information about how to clean boot your operating
>>>> system, click the following article numbers to view the articles in
>>>> the Microsoft Knowledge Base:
>>>> 310353 How to Perform a Clean Boot in Windows XP
>>>> http://support.microsoft.com/kb/310353
>>>> 281770 How to Perform Clean-Boot Troubleshooting for Windows 2000
>>>> http://support.microsoft.com/kb/281770/EN-US/
>>>> 267288 How to Perform a Clean Boot in Windows Millennium Edition
>>>> http://support.microsoft.com/kb/267288/EN-US/
>>>> 192926 How to Perform Clean-Boot Troubleshooting for Windows 98
>>>> http://support.microsoft.com/kb/192926/EN-US/
>>>> 243039 How to Perform a Clean Boot in Windows 95
>>>> http://support.microsoft.com/kb/243039/EN-US/
>>>> #########IMPORTANT#########
>>>>
>>>> "
>>>>
>>>> --
>>>> Please respond in the same thread.
>>>> Regards, Jim Byrd, MS-MVP
>>>>
>>>>
>>>>
>>>> In news:61851BE9-E005-46A4-A30B-,
>>>> Cyndi C <> typed:
>>>>> Method 1 worked perfectly. Thanks.
>>>>>
>>>>> btw, I've been running TrendMicro's PC-cillin automatically every
>>>>> night, including checking for updates, then scanning. I also
>>>>> already use Ad-Aware very often and keep it up to date.
>>>>>
>>>>> Thanks again.
>>>>>
>>>>>
>>>>> "David H. Lipman" wrote:
>>>>>
>>>>>> AUTOEXEC.NT Fix Method 1:
>>>>>> copy; c:\windows\repair\autoexec.nt
>>>>>> to
>>>>>> c:\windows\system32
>>>>>>
>>>>>>
>>>>>> AUTOEXEC.NT FIX Method 2:
>>>>>> [remainder of post deleted]

02-09-2005

Hi Cyndi - Well, I don't use PC-cillin so I can't be of much help to you
there. Do you remember the name of what it says it found? As for Norton
AV - I don't recommend ANY non-commercial Norton/Symantec products to my
clients because they are famous for causing problems with other software,
especially systems software. I strongly recommend that you turn off ALL
Norton products on your machine before doing any program installs (or FTM
any uninstalls either). IMO, the free version of AdAware is fine - just
remember to update and run it (it will ask you to update when you fire it
up) at least once a week. And yes, you should run both it and SpyBot S&D,
preferably in Safe mode or from a Clean Boot. You might want to take a look
at my Blog about Defending Your Machine, here:
http://defendingyourmachine.blogspot.com/ which outlines some steps to take
and some useful resources to help you with this.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP

In news:2AF3AD06-C38B-469C-8580-,
Cyndi C <> typed:
> Thanks to both of you. I've saved everything in a file and will get
> to work.
>
> A few related questions, since I've latched onto some people with a
> solid grip on a clue :`)
>
> Possibly unrelated to this, since it occurred several weeks later,
> PC-cillin encountered a virus during a nightly scan, which it claimed
> to quarrantine. I tried to check the log, but it no longer let me
> into the program, even though I continued to get daily scan reports.
> Not knowing when I bought the computer that it had PC-cillin
> installed, I had also purchased Norton Anti-virus, but it wasn't
> installed. So I installed it yesterday (before my first post), ran
> "update" multiple times until there were no more updates, and ran a
> full system scan. The only files it found with a virus in them were
> in the quarrantine folder of PC-cillin. I deleted the folder and
> emptied the recycle bin. PC-cillin still wouldn't let me open it at
> all, so I deleted it, opting to use the Norton software instead. I
> don't know how long PC-cillin has been refusing to open, since I
> haven't tried in a while. Do you think this might have had something
> to do with a malware issue, or is it unrelated?
>
> Also, since you said malware can cause the initial problem I posted,
> would it be worth it, in your opinions, to go beyond the free version
> of Ad-Aware to a version that runs automatically? I've also heard
> that it's better to install both it (free version) *and* Spybot
> Search and Destroy, as they each will detect some spyware and malware
> that the other will not. Any thoughts?
>
> Thanks for sharing your knowledge and time. It really helps.
>
> Cyndi
>
> "David H. Lipman" wrote:
>
>> Hi Jim:
>>
>> No, sorry for the confusion. It is neither Ian Kenefick's web page
>> nor Art Kopps (know them both) it is the following URL --
>> http://forums.techguy.org/archive/in.../t-280212.html
>>
>> Every time I go there McAfee flags it !
>> 2/8/2005 9:03:53 AM Delete failed (Clean failed) DLIPMAN-1\lipman
>> D:\temp\IE6\Temporary Internet
>> Files\Content.IE5\WCZFECUD\t-280212[1].html Exploit-MhtRedir.gen
>>
>>
>> --
>> Dave
>>
>>
>>
>>
>> "Jim Byrd" <> wrote in message
>> news:%...
>>> Hi David - I assume you're talking about the SysCleanUtility.exe?
>>> Someone else mentioned getting something odd with that one time;
>>> however, I've checked it with several AV's (including fully updated
>>> McAfee 4.5.1SP1 and eTrust 7.0.139) both then and again now with
>>> your posting and found no problems. I think these are false
>>> positives. It's a self-extracting compressed archieve containing:
>>>
>>> Removing a virus (SYSCLEAN).pdf
>>> SYS-UP.EXE
>>> UNZIP.EXE
>>> WGET.EXE
>>>
>>> all of which check clean individually also and are the same sizes
>>> and dates as Art's files.
>>>
>>> I've used it, and it does work as advertised just as Art's files do
>>> - the .pdf is useful.
>>>
>>>
>>> Evidently others have seen this also. The following is from that
>>> site: http://ik-cs.com/
>>>
>>>
>>> "[27-Jan-2005] THERE IS NO VIRUS ON IK-CS.COM
>>> Contrary to reports in USENET group Microsoft.Public.Security.Virus
>>> there is no virus in the Sysclean Utility available from the
>>> 'Remove a Virus' section of this website! If you are at all
>>> uncertain please feel free to send the package to any antivirus
>>> vendor for an independent analysis.
>>>
>>>
>>>
>>> Thanks to DL for pointing this out to the misinformed member of
>>> MPSV."
>>>
>>>
>>> I concluded that it's safe and will continue to recommend it since
>>> the .pdf is very useful to naive users and precludes my having to
>>> do a large post to accomplish the same thing.

>>>
>>> --
>>> Please respond in the same thread.
>>> Regards, Jim Byrd, MS-MVP
>>>
>>>
>>>
>>> In news:O84h$,
>>> David H. Lipman <DLipman~nospam~@Verizon.Net> typed:
>>>> Very interesting -- According to McAfee that URL has Exploit code,
>>>> specifically "Exploit-MhtRedir.gen".
>>>>
>>>> It is flagged on EVERY access.
>>>>
>>>>
>>>> "Jim Byrd" <> wrote in message
>>>> news:...
>>>>> Hi Cyndi - Two things to supplement David's excellent advice.
>>>>> There's a type of malware that can cause this symptom, and even
>>>>> though you've restored the files you might want to:
>>>>>
>>>>> Courtesy of flrman1, here:
>>>>> http://forums.techguy.org/archive/in.../t-280212.html
>>>>>
>>>>> "First in safe mode click on My Computer then click Tools > Folder
>>>>> Options. In Folder options click on the View tab. Under Files and
>>>>> Folders tick "Show hidden files and folders" then uncheck "Hide
>>>>> file extensions for known file types" and uncheck "Hide protected
>>>>> operating system files (recommended)". Now click "Like current
>>>>> folder" then "Apply" and "OK"
>>>>>
>>>>> Now find and delete these files:
>>>>>
>>>>> C:\WINNT\system\windupdate.exe (added by JB: note the
>>>>> spelling - the added 'd')
>>>>> C:\WINNT\system.css
>>>>>
>>>>> Delete this folder:
>>>>>
>>>>> c:\freescan
>>>>>
>>>>> Also in safe mode navigate to the C:\Windows\Temp folder. Open the
>>>>> Temp folder and go to Edit > Select All then Edit > Delete to
>>>>> delete the entire contents of the Temp folder.
>>>>>
>>>>> Go to Start > Run and type %temp% in the Run box. The Temp folder
>>>>> will open. Click Edit > Select All then Edit > Delete to delete
>>>>> the entire contents of the Temp folder.
>>>>>
>>>>> Finally go to Control Panel > Internet Options. On the General tab
>>>>> under "Temporary Internet Files" Click "Delete Files". Put a check
>>>>> by "Delete Offline Content" and click OK. Click on the Programs
>>>>> tab then click the "Reset Web Settings" button. Click Apply then
>>>>> OK.
>>>>>
>>>>>
>>>>> Empty the Recycle Bin"
>>>>>
>>>>>
>>>>> Of course, if you don't find these, then no harm/no foul.
>>>>>
>>>>>
>>>>> Also, FYI - since you've chosen to make regular use of SysClean
>>>>> (Way to GO! I strongly recommend it, also.) you might be
>>>>> interested in the following from one of my "standard" posts about
>>>>> its use:
>>>>>
>>>>> "Download sysclean.com , from Trend Micro, here:
>>>>> http://www.trendmicro.com/download/dcs.asp along with the latest
>>>>> pattern file, here:
>>>>> http://www.trendmicro.com/download/pattern.asp. Be sure to read
>>>>> the "How-to" info here:
>>>>> http://www.trendmicro.com/ftp/products/tsc/readme.txt
>>>>>
>>>>> (You might also want to get Art's updater, SYS-UP.Zip, here for
>>>>> future updating of these: http://home.epix.net/~artnpeg/ ). The
>>>>> updater files plus a short tutorial on using them and SysClean are
>>>>> also available in one package here:
>>>>> http://www.ik-cs.com/Programs/virtoo...%20UTILITY.exe (If
>>>>> you download and use the updater from the beginning, it will
>>>>> automatically handle downloading and unziping the other files.)
>>>>>
>>>>> Place them in a dedicated folder after appropriate unzipping.
>>>>>
>>>>> If you're using WindowsME or WindowsXP, SysClean (and the other
>>>>> cleaning tools below) may find infections within Restore Points
>>>>> which it will be unable to clean. You may choose to disable
>>>>> Restore if you're on XP or ME (directions here:
>>>>> http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm )
>>>>> which will eliminate ALL previous Restore Points, or
>>>>> alternatively, you can wait until cleaning is completed and then
>>>>> use the procedure within the *********'s below to delete all
>>>>> older, possibly infected Restore Points and save a new, clean
>>>>> one. This approach is in the sprit of "keep what you've got" so
>>>>> that you can recover to an at least operating albeit infected
>>>>> system if you inadvertently delete something vital, and is the
>>>>> approach I recommend that you take.
>>>>>
>>>>> Then boot to Safe mode or a Clean Boot as below (HowTo here:
>>>>>
>>>
http://service1.symantec.com/SUPPORT...01052409420406)
>>>>> Read tscreadme.txt carefully, then do a complete scan of
>>>>> your system and clean or delete anything it finds. Reboot and
>>>>> re-run SysClean and continue this procedure until you get a clean
>>>>> scan or nothing further can be cleaned/removed. Now reboot to
>>>>> normal mode and re-run the scan again.
>>>>>
>>>>> This scan may take a long time, as Sysclean is VERY extensive and
>>>>> thorough. For example, one user reported that Sysclean found 69
>>>>> hits that an immediately prior Norton AV v. 11.0.2.4 run had
>>>>> missed."
>>>>>
>>>>>
>>>>> Here's the ************** section:
>>>>>
>>>>> "
>>>>> *******
>>>>> ONLY IF you've successfully eliminated the malware, you can now
>>>>> make a new, clean Restore Point and delete any previously saved
>>>>> (possibly infected) ones. The following suggested approach is
>>>>> courtesy of Gary Woodruff: For XP you can run a Disk Cleanup
>>>>> cycle and then look in the More Options tab. The System Restore
>>>>> option removes all but the latest Restore Point. If there hasn't
>>>>> been one made since the system was cleaned you should manually
>>>>> create one before dumping the old possibly infected ones. *******
>>>>> "
>>>>>
>>>>> How to Clean Boot:
>>>>>
>>>>> "
>>>>> #########IMPORTANT#########
>>>>> Show hidden files and run all of the following removal tools from
>>>>> Safe mode or a "Clean Boot" when possible. Reboot and test if the
>>>>> malware is fixed after using each tool.
>>>>>
>>>>> HOW TO Enable Hidden Files
>>>>>
http://service1.symantec.com/SUPPORT...02092715262339
>>>>>
>>>>> Clean Boot - General Win2k/XP procedure, but see below for links
>>>>> for other OS's (This for Win2k w/msconfig - you can obtain
>>>>> msconfig for Win2k here:
>>>>> http://www.3feetunder.com/files/win2...nfig_setup.exe ):
>>>>>
>>>>> 1. StartRun enter msconfig.
>>>>>
>>>>> 2. On the General tab, click Selective Startup, and then clear the
>>>>> 'Process System.ini File', 'Process Win.ini File', and 'Load
>>>>> Startup Items' check boxes. Leave the 'boot.ini' boxes however
>>>>> they are currently set.
>>>>>
>>>>> 3. In the Services tab, check the "Hide All Microsoft Services"
>>>>> checkbox, and then click the "Disable All" button. If you use a
>>>>> third party firewall then re-check (enable) it. For example, if
>>>>> you use Zone Alarm, re-check the True Vector Internet Monitor
>>>>> service (and you may also want to re-check (enable) the zlclient
>>>>> on the Startup tab.) Equivalent services exist for other third
>>>>> party firewalls. An alternative to this for XP users is to
>>>>> enable at this time the XP native firewall (Internet Connection
>>>>> Firewall - ICF). Be sure to turn it back off when you re-enable
>>>>> your non-MS services and Startup tab programs and restore your
>>>>> normal msconfig configuration after cleaning your machine.
>>>>>
>>>>> 4. Click OK and then reboot.
>>>>>
>>>>> For additional information about how to clean boot your operating
>>>>> system, click the following article numbers to view the articles
>>>>> in the Microsoft Knowledge Base:
>>>>> 310353 How to Perform a Clean Boot in Windows XP
>>>>> http://support.microsoft.com/kb/310353
>>>>> 281770 How to Perform Clean-Boot Troubleshooting for Windows 2000
>>>>> http://support.microsoft.com/kb/281770/EN-US/
>>>>> 267288 How to Perform a Clean Boot in Windows Millennium Edition
>>>>> http://support.microsoft.com/kb/267288/EN-US/
>>>>> 192926 How to Perform Clean-Boot Troubleshooting for Windows 98
>>>>> http://support.microsoft.com/kb/192926/EN-US/
>>>>> 243039 How to Perform a Clean Boot in Windows 95
>>>>> http://support.microsoft.com/kb/243039/EN-US/
>>>>> #########IMPORTANT#########
>>>>>
>>>>> "
>>>>>
>>>>> --
>>>>> Please respond in the same thread.
>>>>> Regards, Jim Byrd, MS-MVP
>>>>>
>>>>>
>>>>>
>>>>> In news:61851BE9-E005-46A4-A30B-,
>>>>> Cyndi C <> typed:
>>>>>> Method 1 worked perfectly. Thanks.
>>>>>>
>>>>>> btw, I've been running TrendMicro's PC-cillin automatically every
>>>>>> night, including checking for updates, then scanning. I also
>>>>>> already use Ad-Aware very often and keep it up to date.
>>>>>>
>>>>>> Thanks again.
>>>>>>
>>>>>>
>>>>>> "David H. Lipman" wrote:
>>>>>>
>>>>>>> AUTOEXEC.NT Fix Method 1:
>>>>>>> copy; c:\windows\repair\autoexec.nt
>>>>>>> to
>>>>>>> c:\windows\system32
>>>>>>>
>>>>>>>
>>>>>>> AUTOEXEC.NT FIX Method 2:
>>>>>>> [remainder of post deleted]

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Autoexec.bat file	scooterman	Windows Vista Performance	1	05-30-2009 07:04 PM
autoexec.bat Help!!!!	Santiago	Windows Vista Administration	6	09-28-2007 05:52 PM
Autoexec.bat not working at restart	DJ	Windows Vista General Discussion	7	07-15-2007 04:07 AM
Vista and autoexec.bat	a@aol.com	Windows Vista General Discussion	3	04-05-2007 06:36 PM
AUTOEXEC.NT	Jopkins	Windows Update	2	01-13-2005 09:47 PM