Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   Other Products
   Autostart Explorer (Moderators: Helena, Gavin_Coe, Magnus)
   Normal Folder or Not Version 2		 « No topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Normal Folder or Not Version 2  (Read 859 times)
lutherjt
Newbie
*




We Are Watching You.  -1984- Never Say Anything.

   


Posts: 28
Normal Folder or Not Version 2
« on: Mar 6th, 2009, 11:10am »		 Quote Quote  Modify Modify
This post includes the same problem/inquiry with the "Normal Folder or Not" post, but also includes additional questions. I would like to e-mail Magnus or someone at TH four (4) screenshots I took of the Autostart Explorer contents that are in question.
 
#1 Under the Registry section, HKCU Load, a blank folder is shown in the display window. When I try to double-click on it, nothing happens. Nor do any options appear when I right-click the folder. What the heck is it and should I be concerned?
 
#2 Under the Registry section, Native Applications, besides what looks to be the normal " autocheck autochk * " another item with a blank square box and/or the letter " r " followed by the blank box appears. What the heck is it and should I be concerned with either any of these anomalies?
 
#3 Under the Bat Files section, autoexec.nt, the following three entries are present:
 
A. lh %SystemRoot%\system32\dosx
B. lh %SystemRoot%\system32\mscdexnt.exe
C. lh %SystemRoot%\system32\redir
 
Should I be concerned with any of the three (3) entries?
 
#4 Under the Services section, Service Applications, numerous files are listed. I recognized most of them and feel they are either normal system processes or application processes. Due to the sensitive nature of the files listed, I do not want to share this information with "the world". But I am willing to send you the scanned tiff file (I can PDF or MS Word the scan also, if needed) of all four pages in question and would like to know if anything is out of the ordinary and needs to be fixed.
 
Thank you in advance for any help you can provide!
 
IP Logged
President
Brotherhood of Forceful Intelligence
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Normal Folder or Not Version 2
« Reply #1 on: Mar 6th, 2009, 11:50am »		 Quote Quote  Modify Modify
What Windows OS are you running (with service pack number)?
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
lutherjt
Newbie
*




We Are Watching You.  -1984- Never Say Anything.

   


Posts: 28
Re: Normal Folder or Not Version 2
« Reply #2 on: Mar 6th, 2009, 12:49pm »		 Quote Quote  Modify Modify
Duh, sorry, Windows XP Pro SP2. I hear that SP3 is just fluff associated withe the Windows Live care help, so I was advised to skip it and install the "don't bother me about SP3 for 1-year" program provided by Microsoft.
IP Logged
President
Brotherhood of Forceful Intelligence
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Normal Folder or Not Version 2
« Reply #3 on: Mar 6th, 2009, 1:33pm »		 Quote Quote  Modify Modify
I sent you a Private Message with my email address so that you can send the screenshots for me to examine.
« Last Edit: Mar 6th, 2009, 1:33pm by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
lutherjt
Newbie
*




We Are Watching You.  -1984- Never Say Anything.

   


Posts: 28
Re: Normal Folder or Not Version 2
« Reply #4 on: Mar 6th, 2009, 1:51pm »		 Quote Quote  Modify Modify
Done. Thanks again!
IP Logged
President
Brotherhood of Forceful Intelligence
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Normal Folder or Not Version 2
« Reply #5 on: Mar 6th, 2009, 2:40pm »		 Quote Quote  Modify Modify
I responded via email concerning your questions and attached pic.  All is okay.   Cheesy
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
lutherjt
Newbie
*




We Are Watching You.  -1984- Never Say Anything.

   


Posts: 28
Re: Normal Folder or Not Version 2
« Reply #6 on: Mar 6th, 2009, 2:53pm »		 Quote Quote  Modify Modify
Thanks for the speedy response, you rock! Should we post that information here for other users to read?
 
If you would, please also read and make suggestions to my post in the "Ten Forward" area.
 
Lastly, regarding my post in the Suggestion area, is their a way to scan for rootkits at the MBR level when the computer is first turned on, or did I miss read something?
IP Logged
President
Brotherhood of Forceful Intelligence
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Normal Folder or Not Version 2
« Reply #7 on: Mar 6th, 2009, 10:09pm »		 Quote Quote  Modify Modify
Quote:
Thanks for the speedy response, you rock! Should we post that information here for other users to read?  

 
Hmmm, I didn't save the email I sent to you.  If you still have it, please copy/paste my response here.  Obviously, please do not post my email addy info.   Wink
 
Quote:
Lastly, regarding my post in the Suggestion area, is their a way to scan for rootkits at the MBR level when the computer is first turned on, or did I miss read something?

 
Currently, TH does not have an early load feature to scan the MBR.  As to whether Magnus is adding this feature in a later version, I do not know.  
 
Quote:
If you would, please also read and make suggestions to my post in the "Ten Forward" area.

 
I have read your post.  You inquire about many important issues in the world of security.  To respond to all of the issues you raise...well, that would take a lot of research, analysis and googling.  There are varying opinions/directions by the security gurus on much of it.  I think I will let other forum users delve into your post and provide their input.   Smiley
« Last Edit: Mar 6th, 2009, 10:26pm by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
lutherjt
Newbie
*




We Are Watching You.  -1984- Never Say Anything.

   


Posts: 28
Re: Normal Folder or Not Version 2
« Reply #8 on: Mar 9th, 2009, 7:27am »		 Quote Quote  Modify Modify
Here's what silconman01 had to say regarding my post:
 
Item 1:  Registry>HKCU Load
 
This registry key is found at HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load on an XP system.  There is no value set on the Default of this key which is normal for an XP system.  Thus you cannot display its properties via AutoStart Explorer because there is nothing to display.  Your system is okay on this item.
 
Item 2: Registry>Native Applications
 
The autocheck autochk* is normal for Windows XP.  This forces Windows to check the file system during the very beginning of the boot process.  Other items can be added to this string to force specific events to occur during the initial part of the boot process.  For example, if you specify that you want a CHKDSK /f performed on your C: drive, Windows will add CHKDSK /f to this string so that your disk is checked for errors at the beginning of the next reboot.  The string would be autocheck autochk* CHKDSK /f for the next boot process.  On your system the r followed by a box after it is a bit of a format problem within TH’s AutoStart Explorer.  The * is causing AutoStart Explorer to display this r and box.  It is nothing erroneous or malicious on your system.
 
Item 3:  Bat Files>autoexec.nt
 
The three items shown are normal for Windows XP.  You have no reason to be concerned about these entries.
 
lh %SystemRoot%\system32\dosx
lh %SystemRoot%\system32\mscdexnt.exe
lh %SystemRoot%\system32\redir
 
Item 4:  Services>Service Applications
 
All of the services shown are valid services for Windows and for Symantec, McAfee, and PCTools software on your system.  I see nothing to be concerned about on any of these items.  
 
Summary:
 
There is nothing shown/displayed by TH’s AutoStart Explorer that is a security risk or indication that your system is compromised.
 
Hope that helps anyone with similar Autostart explorer concerns!
IP Logged
President
Brotherhood of Forceful Intelligence
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« No topic | Next topic »